Index: /trunk/themes/default/template/identification.tpl
===================================================================
--- /trunk/themes/default/template/identification.tpl	(revision 6429)
+++ /trunk/themes/default/template/identification.tpl	(revision 6437)
@@ -49,5 +49,5 @@
 
   <p>
-    <input type="hidden" name="redirect" value="{$U_REDIRECT|urlencode}">
+    <input type="hidden" name="redirect" value="{$U_REDIRECT|@urlencode}">
     <input class="submit" tabindex="4" type="submit" name="login" value="{'Submit'|@translate}">
   </p>
Index: /trunk/themes/default/template/menubar_identification.tpl
===================================================================
--- /trunk/themes/default/template/menubar_identification.tpl	(revision 5990)
+++ /trunk/themes/default/template/menubar_identification.tpl	(revision 6437)
@@ -29,5 +29,5 @@
 	{if isset($U_LOGIN)}
 	<form method="post" action="{$U_LOGIN}" id="quickconnect">
-        <input type="hidden" name="redirect" value="{$smarty.server.REQUEST_URI|urlencode}">
+        <input type="hidden" name="redirect" value="{$smarty.server.REQUEST_URI|@urlencode}">
 	<fieldset>
 	<legend>{'Quick connect'|@translate}</legend>
Index: /trunk/include/functions_comment.inc.php
===================================================================
--- /trunk/include/functions_comment.inc.php	(revision 6423)
+++ /trunk/include/functions_comment.inc.php	(revision 6437)
@@ -159,5 +159,5 @@
     "'.$comm['author'].'",
     '.$comm['author_id'].',
-    "'.pwg_db_real_escape_string($comm['content']).'",
+    "'.$comm['content'].'",
     NOW(),
     "'.($comment_action=='validate' ? 'true':'false').'",
@@ -258,19 +258,4 @@
   }
 
-/* ? this is a MySql Error - author_id is not defined
-  if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
-  { // anti-flood system
-    $reference_date = time() - $conf['anti-flood_time'];
-    $query = '
-SELECT id FROM '.COMMENTS_TABLE.'
-  WHERE date > FROM_UNIXTIME('.$reference_date.')
-    AND author_id = '.$comm['author_id'];
-    if ( pwg_db_num_rows( pwg_query( $query ) ) > 0 )
-    {
-      //?? array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
-      $comment_action='reject';
-    }
-  }
-*/
   // perform more spam check
   $comment_action =
Index: /trunk/include/ws_functions.inc.php
===================================================================
--- /trunk/include/ws_functions.inc.php	(revision 6363)
+++ /trunk/include/ws_functions.inc.php	(revision 6437)
@@ -549,6 +549,6 @@
 
   $comm = array(
-    'author' => trim( stripslashes($params['author']) ),
-    'content' => trim( stripslashes($params['content']) ),
+    'author' => trim( $params['author'] ),
+    'content' => trim( $params['content'] ),
     'image_id' => $params['image_id'],
    );
@@ -1357,5 +1357,5 @@
   $res = array();
   $res['username'] = is_a_guest() ? 'guest' : stripslashes($user['username']);
-  foreach ( array('status', 'template', 'theme', 'language') as $k )
+  foreach ( array('status', 'theme', 'language') as $k )
   {
     $res[$k] = $user[$k];
Index: /trunk/include/picture_comment.inc.php
===================================================================
--- /trunk/include/picture_comment.inc.php	(revision 6363)
+++ /trunk/include/picture_comment.inc.php	(revision 6437)
@@ -47,6 +47,6 @@
 
   $comm = array(
-    'author' => trim( stripslashes(@$_POST['author']) ),
-    'content' => trim( stripslashes($_POST['content']) ),
+    'author' => trim( @$_POST['author'] ),
+    'content' => trim( $_POST['content'] ),
     'image_id' => $page['image_id'],
    );
@@ -238,5 +238,5 @@
     if ('reject'===@$comment_action)
     {
-      $content = htmlspecialchars($comm['content']);
+      $content = htmlspecialchars( stripslashes($comm['content']) );
     }
     $template->assign('comment_add',