diff -u mahara-1.0.9/debian/rules mahara-1.0.9/debian/rules
--- mahara-1.0.9/debian/rules
+++ mahara-1.0.9/debian/rules
@@ -3,6 +3,8 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
+include /usr/share/dpatch/dpatch.make
+
 # This has to be exported to make some magic below work.
 export DH_OPTIONS
 
@@ -13,7 +15,7 @@
 
 build: configure-stamp
 
-install: configure-stamp
+install: configure-stamp patch-stamp
 	dh_testdir
 	dh_testroot
 	dh_installdirs
@@ -51,7 +53,8 @@
 	cp $(CURDIR)/htdocs/.htaccess $(CURDIR)/debian/mahara-apache2/usr/share/mahara
 	cp $(CURDIR)/debian/apache.conf $(CURDIR)/debian/mahara-apache2/etc/mahara/apache.conf
 
-clean:
+clean: clean1 unpatch
+clean1:
 	dh_testdir
 	dh_testroot
 	rm -f configure-stamp
@@ -84 +87 @@
-.PHONY: build clean binary-indep binary-arch install configure
+.PHONY: build clean binary-indep binary-arch install patch unpatch configure
diff -u mahara-1.0.9/debian/changelog mahara-1.0.9/debian/changelog
--- mahara-1.0.9/debian/changelog
+++ mahara-1.0.9/debian/changelog
@@ -1,3 +1,14 @@
+mahara (1.0.9-2ubuntu0.1) jaunty-security; urgency=low
+
+  * SECURITY UPDATE: multiple cross-site scripting vulnerabilities in user
+    profile data and blogs (LP: #340863)
+    - debian/patches/CVE-2009-0660.dpatch: fixes from upstream advisory
+    - http://mahara.org/interaction/forum/topic.php?id=350
+    - CVE-2009-0660
+  * Add dpatch support
+
+ -- Francois Marier <francois@debian.org>  Fri, 13 Mar 2009 09:16:06 +1300
+
 mahara (1.0.9-2) unstable; urgency=low
 
   * debian/mahara.postrm: delete the snoopy symlink
diff -u mahara-1.0.9/debian/control mahara-1.0.9/debian/control
--- mahara-1.0.9/debian/control
+++ mahara-1.0.9/debian/control
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Mahara Debian Packaging Team <pkg-debian@mahara.org>
 Uploaders: Nigel McNie <nigel@catalyst.net.nz>, Penny Leach <penny@mjollnir.org>, Francois Marier <francois@debian.org>
-Build-Depends: debhelper (>= 7), po-debconf
+Build-Depends: debhelper (>= 7), po-debconf, dpatch
 Standards-Version: 3.8.0
 Homepage: http://www.mahara.org
 Vcs-Git: git://git.debian.org/git/collab-maint/mahara.git
only in patch2:
unchanged:
--- mahara-1.0.9.orig/debian/patches/00list
+++ mahara-1.0.9/debian/patches/00list
@@ -0,0 +1 @@
+CVE-2009-0660.dpatch
only in patch2:
unchanged:
--- mahara-1.0.9.orig/debian/patches/CVE-2009-0660.dpatch
+++ mahara-1.0.9/debian/patches/CVE-2009-0660.dpatch
@@ -0,0 +1,287 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2009-0660.dpatch by Francois Marier <francois@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Multiple XSS vulnerabilities
+
+@DPATCH@
+diff --git a/htdocs/admin/users/edit.php b/htdocs/admin/users/edit.php
+index 7f791d9..fa0a143 100644
+--- a/htdocs/admin/users/edit.php
++++ b/htdocs/admin/users/edit.php
+@@ -431,7 +431,7 @@ $smarty->assign('institutions', count($allinstitutions) > 1);
+ $smarty->assign('institutionform', $institutionform);
+ 
+ if ($id != $USER->get('id') && is_null($USER->get('parentuser'))) {
+-    $loginas = get_string('loginasuser', 'admin', $user->username);
++    $loginas = get_string('loginasuser', 'admin', hsc($user->username));
+ } else {
+     $loginas = null;
+ }
+diff --git a/htdocs/artefact/blog/lib.php b/htdocs/artefact/blog/lib.php
+index e10a66e..8cf8d4b 100644
+--- a/htdocs/artefact/blog/lib.php
++++ b/htdocs/artefact/blog/lib.php
+@@ -210,10 +210,10 @@ class ArtefactTypeBlog extends ArtefactType {
+         if (isset($options['viewid'])) {
+             $smarty->assign('artefacttitle', '<a href="' . get_config('wwwroot') . 'view/artefact.php?artefact='
+                                              . $this->get('id') . '&view=' . $options['viewid']
+-                                             . '">' . $this->get('title') . '</a>');
++                                             . '">' . hsc($this->get('title')) . '</a>');
+         }
+         else {
+-            $smarty->assign('artefacttitle', $this->get('title'));
++            $smarty->assign('artefacttitle', hsc($this->get('title')));
+         }
+ 
+         $smarty->assign('blockid', $blockid);
+@@ -221,7 +221,7 @@ class ArtefactTypeBlog extends ArtefactType {
+         $smarty->assign('enc_id', json_encode($this->id));
+         $smarty->assign('limit', self::pagination);
+         $smarty->assign('loading_img', theme_get_url('images/loading.gif'));
+-        $smarty->assign('description', $this->get('description'));
++        $smarty->assign('description', clean_text($this->get('description')));
+ 
+         // Remove unnecessary options for blog posts
+         unset($options['hidetitle']);
+@@ -415,15 +415,15 @@ class ArtefactTypeBlogPost extends ArtefactType {
+             if (isset($options['viewid'])) {
+                 $smarty->assign('artefacttitle', '<a href="' . get_config('wwwroot') . 'view/artefact.php?artefact='
+                      . $this->get('id') . '&view=' . $options['viewid']
+-                     . '">' . $this->get('title') . '</a>');
++                     . '">' . hsc($this->get('title')) . '</a>');
+             }
+             else {
+-                $smarty->assign('artefacttitle', $this->get('title'));
++                $smarty->assign('artefacttitle', hsc($this->get('title')));
+             }
+         }
+ 
+         // We need to make sure that the images in the post have the right viewid associated with them
+-        $postcontent = $this->get('description');
++        $postcontent = clean_text($this->get('description'));
+         if (isset($options['viewid'])) {
+             safe_require('artefact', 'file');
+             $postcontent = ArtefactTypeFolder::append_view_url($postcontent, $options['viewid']);
+@@ -553,6 +553,9 @@ class ArtefactTypeBlogPost extends ArtefactType {
+                     $result[$file->blogpost]->files[] = $file;
+                 }
+             }
++            foreach ($result as &$post) {
++                $post->description = clean_text($post->description);
++            }
+         }
+ 
+         return array($count, array_values($result));
+diff --git a/htdocs/artefact/blog/theme/default/editpost.tpl b/htdocs/artefact/blog/theme/default/editpost.tpl
+index 9b1120e..dec5ec5 100644
+--- a/htdocs/artefact/blog/theme/default/editpost.tpl
++++ b/htdocs/artefact/blog/theme/default/editpost.tpl
+@@ -9,7 +9,7 @@
+ {include file="sidebar.tpl"}
+ 
+ {include file="columnleftstart.tpl"}
+-        <h2>{$pagetitle}</h2>
++        <h2>{$pagetitle|escape}</h2>
+         {$textinputform}
+         <div id='uploader'></div>
+         <div id='browsebuttonstuff'>
+diff --git a/htdocs/artefact/blog/theme/default/render/blogpost_renderfull.tpl b/htdocs/artefact/blog/theme/default/render/blogpost_renderfull.tpl
+index bc2f23d..1754212 100644
+--- a/htdocs/artefact/blog/theme/default/render/blogpost_renderfull.tpl
++++ b/htdocs/artefact/blog/theme/default/render/blogpost_renderfull.tpl
+@@ -11,7 +11,7 @@
+   {foreach from=$attachments item=item}
+       <tr class="r{cycle values=1,0}">
+         <td style="width: 22px;"><img src="{$item->iconpath|escape}" alt=""></td>
+-        <td><a href="{$item->viewpath|escape}">{$item->title}</a> ({$item->size}) - <strong><a href="{$item->downloadpath|escape}">{str tag=Download section=artefact.file}</a></strong>
++        <td><a href="{$item->viewpath|escape}">{$item->title|escape}</a> ({$item->size}) - <strong><a href="{$item->downloadpath|escape}">{str tag=Download section=artefact.file}</a></strong>
+         <br><strong>{$item->description|escape}</strong></td>
+       </tr>
+   {/foreach}
+diff --git a/htdocs/artefact/file/blocktype/image/lib.php b/htdocs/artefact/file/blocktype/image/lib.php
+index f5baa53..108feb8 100644
+--- a/htdocs/artefact/file/blocktype/image/lib.php
++++ b/htdocs/artefact/file/blocktype/image/lib.php
+@@ -71,7 +71,7 @@ class PluginBlocktypeImage extends PluginBlocktype {
+ 
+             $description = (is_a($image, 'ArtefacttypeImage')) ? $image->get('description') : $image->get('title');
+             if (!empty($configdata['showdescription']) && $description) {
+-                $result .= '<p>' . $description . '</p>';
++                $result .= '<p>' . hsc($description) . '</p>';
+             }
+             $result .= '</div>';
+         }
+diff --git a/htdocs/artefact/file/theme/default/file_render_self.tpl b/htdocs/artefact/file/theme/default/file_render_self.tpl
+index 1ea07c8..86d27e6 100644
+--- a/htdocs/artefact/file/theme/default/file_render_self.tpl
++++ b/htdocs/artefact/file/theme/default/file_render_self.tpl
+@@ -6,7 +6,7 @@
+ <table class="filedata">
+     <tr><th>{str tag=Type section=artefact.file}:</th><td>{$filetype}</td></tr>
+     <tr><th>{str tag=Description section=artefact.file}:</th><td>{$description|escape}</td></tr>
+-    <tr><th>{str tag=Owner section=artefact.file}:</th><td>{$owner}</td></tr>
++    <tr><th>{str tag=Owner section=artefact.file}:</th><td>{$owner|escape}</td></tr>
+     <tr><th>{str tag=Created section=artefact.file}:</th><td>{$created}</td></tr>
+     <tr><th>{str tag=lastmodified section=artefact.file}:</th><td>{$modified}</td></tr>
+     <tr><th>{str tag=Size section=artefact.file}:</th><td>{$size|escape}</td></tr>
+diff --git a/htdocs/artefact/file/theme/default/folder_render_self.tpl b/htdocs/artefact/file/theme/default/folder_render_self.tpl
+index 3e9427a..1a5cfbc 100644
+--- a/htdocs/artefact/file/theme/default/folder_render_self.tpl
++++ b/htdocs/artefact/file/theme/default/folder_render_self.tpl
+@@ -20,7 +20,7 @@
+       <tr class="{cycle values=r1,r0}">
+         <td><img src="{$child->iconsrc}" border="0" alt="{$child->artefacttype|escape}"></td>
+         <td><a href="{$WWWROOT}view/artefact.php?artefact={$child->id|escape}&amp;view={$viewid|escape}" title="{$child->hovertitle}">{$child->title}</a></td>
+-        <td>{$child->description}</td>
++        <td>{$child->description|escape}</td>
+         {if !$simpledisplay}<td>{$child->date}</td>{/if}
+       </tr>
+     {/foreach}
+diff --git a/htdocs/artefact/resume/theme/default/fragments/personalinformation.tpl b/htdocs/artefact/resume/theme/default/fragments/personalinformation.tpl
+index 1953c21..8f56c78 100644
+--- a/htdocs/artefact/resume/theme/default/fragments/personalinformation.tpl
++++ b/htdocs/artefact/resume/theme/default/fragments/personalinformation.tpl
+@@ -1,8 +1,8 @@
+ <table>
+ {foreach from=$fields key='field' item='value'}
+     <tr>
+-        <td>{$field}</td>
+-        <td>{$value}</td>
++        <td>{$field|escape}</td>
++        <td>{$value|escape}</td>
+     </tr>
+ {/foreach}
+ </table>
+diff --git a/htdocs/lib/web.php b/htdocs/lib/web.php
+index 430e908..f9456b2 100644
+--- a/htdocs/lib/web.php
++++ b/htdocs/lib/web.php
+@@ -440,7 +440,7 @@ EOF;
+ 
+         if ($USER->get('parentuser')) {
+             $smarty->assign('USERMASQUERADING', true);
+-            $smarty->assign('masqueradedetails', get_string('youaremasqueradingas', 'mahara', display_name($USER)));
++            $smarty->assign('masqueradedetails', get_string('youaremasqueradingas', 'mahara', hsc(display_name($USER))));
+             $smarty->assign('becomeyouagain',
+                 ' <a href="' . hsc($wwwroot) . 'admin/users/changeuser.php?restore=1">'
+                 . get_string('becomeadminagain', 'admin', $USER->get('parentuser')->name)
+diff --git a/htdocs/theme/default/templates/admin/users/edit.tpl b/htdocs/theme/default/templates/admin/users/edit.tpl
+index 028f753..aef9ed5 100644
+--- a/htdocs/theme/default/templates/admin/users/edit.tpl
++++ b/htdocs/theme/default/templates/admin/users/edit.tpl
+@@ -2,7 +2,7 @@
+ 
+ {include file="columnfullstart.tpl"}
+ <div id="edituser">
+-    <h2><a href="{$WWWROOT}user/view.php?id={$user->id}">{$user->firstname} {$user->lastname} ({$user->username})</a></h2>
++    <h2><a href="{$WWWROOT}user/view.php?id={$user->id}">{$user|display_name|escape}</a></h2>
+     {if !empty($loginas)}
+       <div><a href="{$WWWROOT}admin/users/changeuser.php?id={$user->id}">{$loginas}</a></div>
+     {/if}
+diff --git a/htdocs/theme/default/templates/searchresulttable.tpl b/htdocs/theme/default/templates/searchresulttable.tpl
+index 1031502..a836dc9 100644
+--- a/htdocs/theme/default/templates/searchresulttable.tpl
++++ b/htdocs/theme/default/templates/searchresulttable.tpl
+@@ -26,7 +26,7 @@
+         {foreach from=$results.data item=r}
+           <tr class="{cycle values="r0,r1"}">
+           {foreach from=$cols key=f item=c}
+-            <td{if (!empty($c.class))} class="{$c.class}"{/if}>{if empty($c.template)}{$r[$f]}{else}{eval var=$c.template}{/if}</td> 
++            <td{if (!empty($c.class))} class="{$c.class}"{/if}>{if empty($c.template)}{$r[$f]|escape}{else}{eval var=$c.template}{/if}</td>
+           {/foreach}
+           </tr>
+         {/foreach}
+diff --git a/htdocs/theme/default/templates/user/view.tpl b/htdocs/theme/default/templates/user/view.tpl
+index 0c3093c..e025d84 100644
+--- a/htdocs/theme/default/templates/user/view.tpl
++++ b/htdocs/theme/default/templates/user/view.tpl
+@@ -10,7 +10,7 @@
+             {/if}
+             </h2>
+             <div>
+-                {$introduction}
++                {$introduction|clean_text}
+                 <div class="fr user-icon">
+                     <img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxwidth=100&amp;maxheight=100&amp;id={$USERID}" alt="">
+                     <div>
+@@ -39,12 +39,12 @@
+                 </div>
+ 				<ul id="user-info">
+                 {foreach from=$USERFIELDS name=userfields key=key item=item}
+-                    <li><label>{str section=artefact.internal tag=$key}:</label> {$item}</li>
++                    <li><label>{str section=artefact.internal tag=$key|escape}:</label> {$item|escape}</li>
+                 {/foreach}
+ 				</ul>
+                 {if $relationship == 'pending'}
+                     <div class="message">
+-                        {str tag='whymakemeyourfriend' section='group'} {$message}
++                        {str tag='whymakemeyourfriend' section='group'} {$message|escape}
+                         {$requestform}
+                     </div>
+                 {/if}
+@@ -57,7 +57,7 @@
+                                 <h4><a href="{$WWWROOT}view/view.php?id={$item->id}">{$item->title|escape}</a></h4>
+                                 <span>
+                                 {if $item->description}
+-                                    {$item->description}
++                                    {$item->description|clean_text}
+                                 {/if}
+                                 {if $item->description && $item->artefacts}<br>{/if}
+                                 {if $item->artefacts}
+@@ -80,7 +80,7 @@
+                         <td class="r{cycle values=0,1}">
+                             <h4><a href="{$WWWROOT}group/view.php?id={$item->id}">{$item->name|escape}</a> - {str tag=$item->type section=group}</h4>
+                             {if $item->description}
+-                                {$item->description}
++                                {$item->description|clean_text}
+                             {/if}
+                         </td>
+                     </tr>
+diff --git a/htdocs/user/view.php b/htdocs/user/view.php
+index ed72e98..f128e36 100644
+--- a/htdocs/user/view.php
++++ b/htdocs/user/view.php
+@@ -332,7 +332,7 @@ if ($loggedinid != $userid) {
+ }
+ 
+ if ($userid != $USER->get('id') && $USER->is_admin_for_user($user) && is_null($USER->get('parentuser'))) {
+-    $loginas = get_string('loginasuser', 'admin', $user->username);
++    $loginas = get_string('loginasuser', 'admin', hsc($user->username));
+ } else {
+     $loginas = null;
+ }
+diff --git a/htdocs/view/artefact.php b/htdocs/view/artefact.php
+index 9094632..8559742 100644
+--- a/htdocs/view/artefact.php
++++ b/htdocs/view/artefact.php
+@@ -87,13 +87,13 @@ $artefactpath[] = array(
+     'title' => $artefact->display_title(),
+ );
+ 
+-$heading = '<a href="' . get_config('wwwroot') . 'view/view.php?id=' . $view->get('id') .'">' . hsc($view->get('title')) . '</a> ' . get_string('by', 'view') . ' <a href="' . get_config('wwwroot') .'user/view.php?id=' . $view->get('owner'). '">' . $view->formatted_owner() . '</a>';
++$heading = '<a href="' . get_config('wwwroot') . 'view/view.php?id=' . $view->get('id') .'">' . hsc($view->get('title')) . '</a> ' . get_string('by', 'view') . ' <a href="' . get_config('wwwroot') .'user/view.php?id=' . $view->get('owner'). '">' . hsc($view->formatted_owner()) . '</a>';
+ foreach ($artefactpath as $item) {
+ 	if (empty($item['url'])) {
+-	    $heading .= ': ' . $item['title'];
++            $heading .= ': ' . hsc($item['title']);
+ 	}
+ 	else {
+-        $heading .= ': <a href="' . $item['url'] . '">' . $item['title'] . '</a>';
++            $heading .= ': <a href="' . $item['url'] . '">' . hsc($item['title']) . '</a>';
+ 	}
+ }
+ 
+diff --git a/htdocs/view/view.php b/htdocs/view/view.php
+index ebe6fde..4113f28 100644
+--- a/htdocs/view/view.php
++++ b/htdocs/view/view.php
+@@ -49,7 +49,7 @@ if ($new) {
+ else {
+     $heading = '<a href="' . get_config('wwwroot') . 'view/view.php?id=' . $view->get('id') .'">' . hsc($view->get('title')) . '</a>';
+ }
+-$heading .= ' ' . get_string('by', 'view') . ' <a href="' . get_config('wwwroot') .'user/view.php?id=' . $view->get('owner'). '">' . $view->formatted_owner() . '</a>';
++$heading .= ' ' . get_string('by', 'view') . ' <a href="' . get_config('wwwroot') .'user/view.php?id=' . $view->get('owner'). '">' . hsc($view->formatted_owner()) . '</a>';
+ 
+ 
+ $tutorfilefeedbackformrow = '';