--- moodle-1.8.2.orig/admin/index.php
+++ moodle-1.8.2/admin/index.php
@@ -1,7 +1,7 @@
 <?php // $Id: index.php,v 1.265.2.7 2007/07/06 17:39:55 stronk7 Exp $
 
-/// Check that config.php exists, if not then call the install script
-    if (!file_exists('../config.php')) {
+/// Check that index.php exists, if not then call the install script
+    if (!file_exists('../index.php')) {
         header('Location: ../install.php');
         die;
     }
--- moodle-1.8.2.orig/lib/adodb/adodb-pager.inc.php
+++ moodle-1.8.2/lib/adodb/adodb-pager.inc.php
@@ -287,4 +287,4 @@
 }
 
 
-?>
\ No newline at end of file
+?>
--- moodle-1.8.2.orig/mod/forum/discuss.php
+++ moodle-1.8.2/mod/forum/discuss.php
@@ -107,7 +107,6 @@
         if (abs($displaymode) == 1) {  // If flat AND parent, then force nested display this time
             $displaymode = 3;
         }
-        $navtail = '';
     } else {
         $parent = $discussion->firstpost;
         $navtail = '-> '.format_string($discussion->name);
--- moodle-1.8.2.orig/debian/NEWS
+++ moodle-1.8.2/debian/NEWS
@@ -0,0 +1,11 @@
+moodle (1.6-1) unstable; urgency=low
+
+ Since the upgrade from Moodle 1.5.x to Moodle 1.6 is a bit more complicated
+ than usual, you should definitely read the following page before doing the
+ real upgrade: http://docs.moodle.org/en/Upgrading_to_Moodle_1.6
+
+ Note that this package can be installed safely and will not mess with your
+ database by itself. The process to update the database must be manually
+ started.
+
+ -- Isaac Clerencia <isaac@debian.org>  Mon, 19 Jun 2006 18:36:20 +0200
--- moodle-1.8.2.orig/debian/cron.d
+++ moodle-1.8.2/debian/cron.d
@@ -0,0 +1,2 @@
+# Regular cron jobs for the moodle package
+*/5 * * * * www-data [ -f /usr/share/moodle/admin/cron.php ] && /usr/bin/php -f /usr/share/moodle/admin/cron.php > /dev/null
--- moodle-1.8.2.orig/debian/prerem
+++ moodle-1.8.2/debian/prerem
@@ -0,0 +1,9 @@
+#!/bin/sh -e
+
+if [ "$1" = "remove" ] || [ "$1" = "deconfigure" ] ; then
+    rm -f /var/lib/update-notifier/user.d/moodle-reconfigure-required
+fi
+
+#DEBHELPER#
+
+exit 0
--- moodle-1.8.2.orig/debian/patches/mdl12079_essayquestions.dpatch
+++ moodle-1.8.2/debian/patches/mdl12079_essayquestions.dpatch
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## mdl12079_essayquestions.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Insufficient cleaning of essay questions (MDL-12079).
+## DP: Thanks to Dan Poltawski.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/question/type/essay/questiontype.php moodle-1.8.2.dfsg/question/type/essay/questiontype.php
+--- moodle-1.8.2/question/type/essay/questiontype.php	2007-02-18 18:20:38.000000000 -0800
++++ moodle-1.8.2.dfsg/question/type/essay/questiontype.php	2009-02-12 11:09:06.000000000 -0800
+@@ -107,7 +107,7 @@
+     function grade_responses(&$question, &$state, $cmoptions) {
+         // All grading takes place in Manual Grading
+ 
+-        clean_param($state->responses[''], PARAM_CLEANHTML);
++        $state->responses[''] = clean_param($state->responses[''], PARAM_CLEAN);
+         
+         $state->raw_grade = 0;
+         $state->penalty = 0;
--- moodle-1.8.2.orig/debian/patches/msa080023_message-csrf.dpatch
+++ moodle-1.8.2/debian/patches/msa080023_message-csrf.dpatch
@@ -0,0 +1,30 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa080023_message-csrf.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix CSRF in messaging settings (MSA-08-0023).
+## DP: Thanks to Dan Poltawski.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/message/lib.php moodle-1.8.2.dfsg/message/lib.php
+--- moodle-1.8.2/message/lib.php	2007-01-12 18:03:15.000000000 -0800
++++ moodle-1.8.2.dfsg/message/lib.php	2009-02-12 11:09:06.000000000 -0800
+@@ -263,7 +263,7 @@
+ function message_print_settings() {
+     global $USER;
+ 
+-    if ($frm = data_submitted()) {
++    if ($frm = data_submitted() and confirm_sesskey()) {
+ 
+         $pref = array();
+         $pref['message_showmessagewindow'] = (isset($frm->showmessagewindow)) ? '1' : '0';
+diff -Nru moodle-1.8.2/message/settings.html moodle-1.8.2.dfsg/message/settings.html
+--- moodle-1.8.2/message/settings.html	2007-01-04 18:02:45.000000000 -0800
++++ moodle-1.8.2.dfsg/message/settings.html	2009-02-12 11:09:06.000000000 -0800
+@@ -1,5 +1,6 @@
+ <form id="message_settings" action="index.php" method="post">
+ <input type="hidden" name="tab" value="settings" />
++<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
+ 
+ 
+ <table cellpadding="5" align="center" class="message_form">
--- moodle-1.8.2.orig/debian/patches/fixdiscuss.dpatch
+++ moodle-1.8.2/debian/patches/fixdiscuss.dpatch
@@ -0,0 +1,18 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## fixdiscuss.dpatch by Isaac Clerencia <isaac@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad moodle-1.6.3~/mod/forum/discuss.php moodle-1.6.3/mod/forum/discuss.php
+--- moodle-1.6.3~/mod/forum/discuss.php	2006-10-03 04:13:13.000000000 +0200
++++ moodle-1.6.3/mod/forum/discuss.php	2006-12-14 14:13:32.000000000 +0100
+@@ -112,6 +112,7 @@
+         if (abs($displaymode) == 1) {  // If flat AND parent, then force nested display this time
+             $displaymode = 3;
+         }
++        $navtail = '';
+     } else {
+         $parent = $discussion->firstpost;
+         $navtail = format_string($discussion->name);
--- moodle-1.8.2.orig/debian/patches/msa090004.dpatch
+++ moodle-1.8.2/debian/patches/msa090004.dpatch
@@ -0,0 +1,62 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa090004.dpatch by Francois Marier <francois@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: html block: proper cleanup of html
+
+@DPATCH@
+diff --git a/blocks/html/block_html.php b/blocks/html/block_html.php
+index ff53961..7099a43 100755
+--- a/blocks/html/block_html.php
++++ b/blocks/html/block_html.php
+@@ -12,7 +12,7 @@ class block_html extends block_base {
+     }
+ 
+     function specialization() {
+-        $this->title = isset($this->config->title) ? $this->config->title : get_string('newhtmlblock', 'block_html');
++        $this->title = isset($this->config->title) ? format_string($this->config->title) : get_string('newhtmlblock', 'block_html');
+     }
+ 
+     function instance_allow_multiple() {
+@@ -24,8 +24,13 @@ class block_html extends block_base {
+             return $this->content;
+         }
+ 
+-        $filteropt = new stdClass;
+-        $filteropt->noclean = true;
++        if (!empty($this->instance->pinned) or $this->instance->pagetype === 'course-view') {
++            // fancy html allowed only on course page and in pinned blocks for security reasons
++            $filteropt = new stdClass;
++            $filteropt->noclean = true;
++        } else {
++            $filteropt = null;
++        }
+ 
+         $this->content = new stdClass;
+         $this->content->text = isset($this->config->text) ? format_text($this->config->text, FORMAT_HTML, $filteropt) : '';
+diff --git a/blocks/html/config_instance.html b/blocks/html/config_instance.html
+index 8138488..ae2d460 100755
+--- a/blocks/html/config_instance.html
++++ b/blocks/html/config_instance.html
+@@ -1,4 +1,11 @@
+-<?php $usehtmleditor = can_use_html_editor(); ?>
++<?php
++    $usehtmleditor = can_use_html_editor();
++
++    $text = isset($this->config->text) ? $this->config->text : '';
++    if (empty($this->instance->pinned) and $this->instance->pagetype !== 'course-view') {
++        $text = clean_text($text, FORMAT_HTML);
++    }
++?>
+ <table cellpadding="9" cellspacing="0">
+ <tr valign="top">
+     <td align="right"><?php print_string('configtitle', 'block_html'); ?>:</td>
+@@ -6,7 +13,7 @@
+ </tr>
+ <tr valign="top">
+     <td align="right"><?php print_string('configcontent', 'block_html'); ?>:</td>
+-    <td><?php print_textarea($usehtmleditor, 25, 50, 0, 0, 'text', isset($this->config->text)?$this->config->text:'') ?></td>
++    <td><?php print_textarea($usehtmleditor, 25, 50, 0, 0, 'text', $text) ?></td>
+ </tr>
+ <tr>
+     <td colspan="3" align="center">
--- moodle-1.8.2.orig/debian/patches/msa080015_deleted-user-profiles.dpatch
+++ moodle-1.8.2/debian/patches/msa080015_deleted-user-profiles.dpatch
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa080015_deleted-user-profiles.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Profiles of deleted users were accessible allowing for spam (MSA-08-0015).
+## DP: Thanks to Dan Poltawski.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/user/view.php moodle-1.8.2.dfsg/user/view.php
+--- moodle-1.8.2/user/view.php	2007-05-06 20:16:29.000000000 -0700
++++ moodle-1.8.2.dfsg/user/view.php	2009-02-12 11:09:06.000000000 -0800
+@@ -146,6 +146,8 @@
+ 
+     if ($user->deleted) {
+         print_heading(get_string('userdeleted'));
++        print_footer($course);
++        die;
+     }
+ 
+ /// OK, security out the way, now we are showing the user
--- moodle-1.8.2.orig/debian/patches/CVE-2009-1171.dpatch
+++ moodle-1.8.2/debian/patches/CVE-2009-1171.dpatch
@@ -0,0 +1,191 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2009-1171.dpatch by Nico Golde <nion@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad moodle-1.8.2.dfsg~/filter/algebra/algebradebug.php moodle-1.8.2.dfsg/filter/algebra/algebradebug.php
+--- moodle-1.8.2.dfsg~/filter/algebra/algebradebug.php	2007-03-15 03:29:15.000000000 +0100
++++ moodle-1.8.2.dfsg/filter/algebra/algebradebug.php	2009-04-01 13:45:45.000000000 +0200
+@@ -16,6 +16,8 @@
+         }
+     }
+ 
++    require_once($CFG->dirroot.'/filter/tex/lib.php');
++
+     $CFG->texfilterdir = "filter/tex";
+     $CFG->algebrafilterdir = "filter/algebra";
+     $CFG->algebraimagedir = "filter/algebra";
+@@ -233,6 +235,7 @@
+         } 
+         $commandpath = "";
+         $cmd = "";
++        $texexp = tex_sanitize_formula($texexp);
+         $texexp = escapeshellarg($texexp);
+         switch (PHP_OS) {
+             case "Linux":
+diff -urNad moodle-1.8.2.dfsg~/filter/algebra/pix.php moodle-1.8.2.dfsg/filter/algebra/pix.php
+--- moodle-1.8.2.dfsg~/filter/algebra/pix.php	2007-03-15 03:29:15.000000000 +0100
++++ moodle-1.8.2.dfsg/filter/algebra/pix.php	2009-04-01 13:46:09.000000000 +0200
+@@ -18,6 +18,7 @@
+ 
+     // disable moodle specific debug messages
+     disable_debugging();
++    require_once($CFG->dirroot.'/filter/tex/lib.php');
+ 
+     require_once($CFG->libdir.'/filelib.php');
+ 
+@@ -54,6 +55,7 @@
+             $texexp = str_replace('&gt;','>',$texexp);
+             $texexp = preg_replace('!\r\n?!',' ',$texexp);
+             $texexp = '\Large ' . $texexp;
++            $texexp = tex_sanitize_formula($texexp);
+             $texexp = escapeshellarg($texexp);
+ 
+             if ((PHP_OS == "WINNT") || (PHP_OS == "WIN32") || (PHP_OS == "Windows")) {
+diff -urNad moodle-1.8.2.dfsg~/filter/tex/latex.php moodle-1.8.2.dfsg/filter/tex/latex.php
+--- moodle-1.8.2.dfsg~/filter/tex/latex.php	2006-05-22 04:00:42.000000000 +0200
++++ moodle-1.8.2.dfsg/filter/tex/latex.php	2009-04-01 13:46:57.000000000 +0200
+@@ -44,9 +44,10 @@
+          * @return string the latex document
+          */
+         function construct_latex_document( $formula, $fontsize=12 ) {
+-            // $fontsize don't affects to formula's size. $density can change size
+ 
+             global $CFG;
++
++            $formula = tex_sanitize_formula($formula);
+             $doc =  "\\documentclass[{$fontsize}pt]{article}\n"; 
+             $doc .=  $CFG->filter_tex_latexpreamble;
+             $doc .= "\\pagestyle{empty}\n";
+diff -urNad moodle-1.8.2.dfsg~/filter/tex/lib.php moodle-1.8.2.dfsg/filter/tex/lib.php
+--- moodle-1.8.2.dfsg~/filter/tex/lib.php	1970-01-01 01:00:00.000000000 +0100
++++ moodle-1.8.2.dfsg/filter/tex/lib.php	2009-04-01 13:48:13.000000000 +0200
+@@ -0,0 +1,37 @@
++<?php  //$Id$
++
++function tex_sanitize_formula($texexp) {
++    /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain)
++    $tex_blacklist = array(
++        'include','def','command','loop','repeat','open','toks','output',
++        'input','catcode','name','^^',
++        '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode',
++        '\batchmode','\read','\write','csname','\newhelp','\uppercase',
++        '\lowercase','\relax','\aftergroup',
++        '\afterassignment','\expandafter','\noexpand','\special'
++    );
++
++    return  str_ireplace($tex_blacklist, 'forbiddenkeyword', $texexp);
++}
++
++/**
++ * Purge all caches when settings changed.
++ */
++function filter_tex_updatedcallback($name) {
++    global $CFG;
++
++    if (file_exists("$CFG->dataroot/filter/tex")) {
++        remove_dir("$CFG->dataroot/filter/tex");
++    }
++    if (file_exists("$CFG->dataroot/filter/algebra")) {
++        remove_dir("$CFG->dataroot/filter/algebra");
++    }
++    if (file_exists("$CFG->dataroot/temp/latex")) {
++        remove_dir("$CFG->dataroot/temp/latex");
++    }
++
++    delete_records('cache_filters', 'filter', 'tex');
++    delete_records('cache_filters', 'filter', 'algebra');
++}
++
++?>
+diff -urNad moodle-1.8.2.dfsg~/filter/tex/pix.php moodle-1.8.2.dfsg/filter/tex/pix.php
+--- moodle-1.8.2.dfsg~/filter/tex/pix.php	2007-03-15 03:29:16.000000000 +0100
++++ moodle-1.8.2.dfsg/filter/tex/pix.php	2009-04-01 13:49:11.000000000 +0200
+@@ -20,8 +20,9 @@
+     disable_debugging();
+ 
+     require_once($CFG->libdir.'/filelib.php');
++    require_once($CFG->dirroot.'/filter/tex/lib.php');
++    require_once($CFG->dirroot.'/filter/tex/latex.php');
+     require_once('defaultsettings.php' );
+-    require_once('latex.php');
+ 
+     $CFG->texfilterdir = 'filter/tex';
+     $CFG->teximagedir  = 'filter/tex';
+@@ -68,6 +69,7 @@
+                 $texexp = str_replace('&gt;','>',$texexp);
+                 $texexp = preg_replace('!\r\n?!',' ',$texexp);
+                 $texexp = '\Large ' . $texexp;
++                $texexp = tex_sanitize_formula($texexp);
+                 $texexp = escapeshellarg($texexp);
+ 
+                 if ((PHP_OS == "WINNT") || (PHP_OS == "WIN32") || (PHP_OS == "Windows")) {
+diff -urNad moodle-1.8.2.dfsg~/filter/tex/texdebug.php moodle-1.8.2.dfsg/filter/tex/texdebug.php
+--- moodle-1.8.2.dfsg~/filter/tex/texdebug.php	2007-03-15 03:29:16.000000000 +0100
++++ moodle-1.8.2.dfsg/filter/tex/texdebug.php	2009-04-01 13:52:03.000000000 +0200
+@@ -16,6 +16,9 @@
+         }
+     }
+ 
++    require_once($CFG->dirroot.'/filter/tex/lib.php');
++    require_once($CFG->dirroot.'/filter/tex/latex.php');
++
+     $CFG->texfilterdir = "filter/tex";
+     $CFG->teximagedir = "filter/tex";
+ 
+@@ -111,6 +114,7 @@
+             }
+             $commandpath = "";
+             $cmd = "";
++            $texexp = tex_sanitize_formula($texexp);
+             $texexp = escapeshellarg($texexp);
+             switch (PHP_OS) {
+                 case "Linux":
+diff -urNad moodle-1.8.2.dfsg~/filter/tex/texed.php moodle-1.8.2.dfsg/filter/tex/texed.php
+--- moodle-1.8.2.dfsg~/filter/tex/texed.php	2007-03-15 03:29:16.000000000 +0100
++++ moodle-1.8.2.dfsg/filter/tex/texed.php	2009-04-01 13:52:26.000000000 +0200
+@@ -6,6 +6,7 @@
+     $nomoodlecookie = true;     // Because it interferes with caching
+ 
+     require_once("../../config.php");
++    require_once($CFG->dirroot.'/filter/tex/lib.php');
+ 
+     if (empty($CFG->textfilters)) {
+         error ('Filter not enabled!');
+@@ -32,6 +33,7 @@
+             make_upload_directory($CFG->teximagedir);
+         }
+         $pathname = "$CFG->dataroot/$CFG->teximagedir/$image";
++        $texexp = tex_sanitize_formula($texexp);
+         $texexp = escapeshellarg($texexp);
+ 
+         switch (PHP_OS) {
+diff -urNad moodle-1.8.2.dfsg~/lib/db/upgrade.php moodle-1.8.2.dfsg/lib/db/upgrade.php
+--- moodle-1.8.2.dfsg~/lib/db/upgrade.php	2007-07-07 05:36:35.000000000 +0200
++++ moodle-1.8.2.dfsg/lib/db/upgrade.php	2009-04-01 13:56:40.000000000 +0200
+@@ -697,6 +697,11 @@
+         set_field('user', 'mnethostid', $CFG->mnet_localhost_id, 'username', 'guest');
+     }
+ 
++    if ($result && $oldversion < 2007021581) {
++        require_once("$CFG->dirroot/filter/tex/lib.php");
++        filter_tex_updatedcallback(null);
++    }
++
+     return $result;
+ 
+ }
+diff -urNad moodle-1.8.2.dfsg~/version.php moodle-1.8.2.dfsg/version.php
+--- moodle-1.8.2.dfsg~/version.php	2007-07-08 15:51:07.000000000 +0200
++++ moodle-1.8.2.dfsg/version.php	2009-04-01 13:57:06.000000000 +0200
+@@ -6,7 +6,7 @@
+ // This is compared against the values stored in the database to determine
+ // whether upgrades should be performed (see lib/db/*.php)
+ 
+-   $version = 2007021520;   // YYYYMMDD   = date of the 1.8 branch (don't change)
++   $version = 2007021581;   // YYYYMMDD   = date of the 1.8 branch (don't change)
+                             //         X  = release number 1.8.[0,1,2,3...]
+                             //          Y = micro-increments between releases
+ 
--- moodle-1.8.2.orig/debian/patches/mdl14806_wiki-params.dpatch
+++ moodle-1.8.2/debian/patches/mdl14806_wiki-params.dpatch
@@ -0,0 +1,67 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## mdl14806_wiki-params.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix uncleaned params in wiki (MDL-14806).
+## DP: Thanks to Dan Poltawski.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/mod/wiki/view.php moodle-1.8.2.dfsg/mod/wiki/view.php
+--- moodle-1.8.2/mod/wiki/view.php	2007-03-01 18:34:23.000000000 -0800
++++ moodle-1.8.2.dfsg/mod/wiki/view.php	2009-02-12 11:09:06.000000000 -0800
+@@ -14,7 +14,7 @@
+     $id           = optional_param('id', 0, PARAM_INT);                  // Course Module ID, or
+     $wid          = optional_param('wid', 0, PARAM_INT);                 // Wiki ID
+     $page         = optional_param('page', false);       // Wiki Page Name
+-    $q            = optional_param('q',"");              // Search Context
++    $q            = optional_param('q',"", PARAM_PATH);                  // Search Context
+     $userid       = optional_param('userid', 0, PARAM_INT);              // User wiki.
+     $groupid      = optional_param('groupid', 0, PARAM_INT);             // Group wiki.
+     $canceledit   = optional_param('canceledit','', PARAM_ALPHA);          // Editing has been cancelled
+@@ -59,8 +59,6 @@
+         if (! $cm = get_coursemodule_from_instance("wiki", $wiki->id, $course->id)) {
+             error("Course Module ID was incorrect");
+         }
+-        $id = $cm->id;
+-        $_REQUEST["id"] = $id;
+     }
+ 
+     require_course_login($course, true, $cm);
+@@ -71,9 +69,6 @@
+     /// Default format:
+     $moodle_format=FORMAT_MOODLE;
+ 
+-    ### SAVE ID from Moodle
+-    $moodleID=@$_REQUEST["id"];
+-
+ /// Globally disable CamelCase, if the option is selected for this wiki.
+     $moodle_disable_camel_case = ($wiki->disablecamelcase == 1);
+     
+@@ -138,7 +133,7 @@
+ 
+         /// Build the ewsiki script constant
+         /// ewbase will also be needed by EWIKI_SCRIPT_BINARY
+-        $ewbase = 'view.php?id='.$moodleID;
++        $ewbase = 'view.php?id='.$cm->id;
+         if (isset($userid) && $userid!=0) $ewbase .= '&amp;userid='.$userid;
+         if (isset($groupid) && $groupid!=0) $ewbase .= '&amp;groupid='.$groupid;
+         $ewscript = $ewbase.'&amp;page=';
+@@ -247,9 +242,6 @@
+         $content=ewiki_page($page);
+         $content2='';
+ 
+-        ### RESTORE ID from Moodle
+-        $_REQUEST["id"]=$moodleID;
+-        $id=$moodleID;
+ ///     ################# EWIKI Part ###########################
+     }
+     else {
+@@ -377,7 +369,7 @@
+         $currenttab = '';
+         foreach ($tabs as $tab) {
+             $tabname = get_string("tab$tab", 'wiki');
+-            $row[] = new tabobject($tabname, $ewbase.'&amp;page='.$tab.'/'.$ewiki_id, $tabname);
++            $row[] = new tabobject($tabname, $ewbase.'&amp;page='.$tab.'/'.s($ewiki_id), $tabname);
+             if ($ewiki_action == "$tab" or in_array($page, $specialpages)) {
+                 $currenttab = $tabname;
+             }
--- moodle-1.8.2.orig/debian/patches/smarty_dollar_sign.dpatch
+++ moodle-1.8.2/debian/patches/smarty_dollar_sign.dpatch
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2008-4810_smarty-templates.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: Smarty template compiler update (CVE-2008-4810).
+## DP: Patch: http://code.google.com/p/smarty-php/source/diff?spec=svn2797&r=2797&format=side&path=/trunk/libs/Smarty_Compiler.class.php
+
+@DPATCH@
+diff -urNad moodle-1.8.2~/lib/smarty/Smarty_Compiler.class.php moodle-1.8.2/lib/smarty/Smarty_Compiler.class.php
+--- moodle-1.8.2~/lib/smarty/Smarty_Compiler.class.php	2005-04-19 02:52:15.000000000 -0700
++++ moodle-1.8.2/lib/smarty/Smarty_Compiler.class.php	2009-06-19 17:03:20.000000000 -0700
+@@ -1670,6 +1670,8 @@
+         }
+         // replace double quoted literal string with single quotes
+         $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
++        // escape dollar sign if not printing a var
++        $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return);
+         return $_return;
+     }
+ 
--- moodle-1.8.2.orig/debian/patches/msa090007_cleanup-prep.dpatch
+++ moodle-1.8.2/debian/patches/msa090007_cleanup-prep.dpatch
@@ -0,0 +1,29 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa090007_cleanup-prep.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Improve the fix for log URL filtering as suggested by Steffen Joeris
+## DP: (MSA-09-0007 / CVE-2009-0500).  Thanks to Francois Marier.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/course/lib.php moodle-1.8.2.dfsg/course/lib.php
+--- moodle-1.8.2/course/lib.php	2007-06-19 23:33:16.000000000 -0700
++++ moodle-1.8.2.dfsg/course/lib.php	2009-02-12 11:09:06.000000000 -0800
+@@ -503,7 +503,7 @@
+ 
+         $log->url  = strip_tags(urldecode($log->url));   // Some XSS protection
+         $log->info = strip_tags(urldecode($log->info));  // Some XSS protection
+-        $log->url  = str_replace('&', '&amp;', $log->url); /// XHTML compatibility
++        $log->url  = s($log->url); /// XSS protection and XHTML compatibility - should be in link_to_popup_window() instead!!
+ 
+         echo '<tr class="r'.$row.'">';
+         if ($course->id == SITEID) {
+@@ -610,7 +610,7 @@
+ 
+         $log->url  = strip_tags(urldecode($log->url));   // Some XSS protection
+         $log->info = strip_tags(urldecode($log->info));  // Some XSS protection
+-        $log->url  = str_replace('&', '&amp;', $log->url); /// XHTML compatibility
++        $log->url  = s($log->url); /// XSS protection and XHTML compatibility - should be in link_to_popup_window() instead!!
+ 
+         echo '<tr class="r'.$row.'">';
+         if ($course->id == SITEID) {
--- moodle-1.8.2.orig/debian/patches/CVE-2008-1502.dpatch
+++ moodle-1.8.2/debian/patches/CVE-2008-1502.dpatch
@@ -0,0 +1,41 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2008-1502.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Upstream: http://tracker.moodle.org/browse/MDL-13705
+## DP: http://cvs.moodle.org/moodle/lib/kses.php?r1=1.3.8.2&r2=1.3.8.3
+## DP: http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.812.2.99&r2=1.812.2.100
+## DP: Thanks to Nico Golde.
+
+@DPATCH@
+diff -urNad moodle-1.8.2~/lib/kses.php moodle-1.8.2/lib/kses.php
+--- moodle-1.8.2~/lib/kses.php	2006-03-02 18:01:53.000000000 -0800
++++ moodle-1.8.2/lib/kses.php	2008-10-22 13:46:01.000000000 -0700
+@@ -469,10 +469,12 @@
+ # handling whitespace and HTML entities.
+ ###############################################################################
+ {
+-  return preg_replace('/^((&[^;]*;|[\sA-Za-z0-9])*)'.
+-                      '(:|&#0*58;|&#[Xx]3[Aa];)\s*/e',
+-                      'kses_bad_protocol_once2("\\1", $allowed_protocols)',
+-                      $string);
++  $string2 = preg_split('/:|&#58;|&#x3a;/i', $string, 2);
++  if(isset($string2[1]) && !preg_match('%/\?%',$string2[0]))
++  {
++    $string = kses_bad_protocol_once2($string2[0],$allowed_protocols).trim($string2[1]);
++  }
++  return $string;
+ } # function kses_bad_protocol_once
+ 
+ 
+diff -urNad moodle-1.8.2~/lib/weblib.php moodle-1.8.2/lib/weblib.php
+--- moodle-1.8.2~/lib/weblib.php	2007-07-03 19:55:40.000000000 -0700
++++ moodle-1.8.2/lib/weblib.php	2008-10-22 13:46:01.000000000 -0700
+@@ -1758,6 +1758,7 @@
+             }
+             $arreach['value'] = preg_replace("/j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t/i", "Xjavascript", $arreach['value']);
+             $arreach['value'] = preg_replace("/e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n/i", "Xexpression", $arreach['value']);
++            $arreach['value'] = preg_replace("/b\s*i\s*n\s*d\s*i\s*n\s*g/i", "Xbinding", $arreach['value']);
+         } else if ($arreach['name'] == 'href') {
+             //Adobe Acrobat Reader XSS protection
+             $arreach['value'] = preg_replace('/(\.(pdf|fdf|xfdf|xdp|xfd))[^a-z0-9_\.\-].*$/i', '$1', $arreach['value']);
--- moodle-1.8.2.orig/debian/patches/msa090002.dpatch
+++ moodle-1.8.2/debian/patches/msa090002.dpatch
@@ -0,0 +1,29 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa090002.dpatch by Francois Marier <francois@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: protect user profile images if $CFG->forcelogin enabled
+
+@DPATCH@
+diff --git a/user/pix.php b/user/pix.php
+index b3509ef..d37d18b 100644
+--- a/user/pix.php
++++ b/user/pix.php
+@@ -3,11 +3,15 @@
+       // Syntax:   pix.php/userid/f1.jpg or pix.php/userid/f2.jpg
+       //     OR:   ?file=userid/f1.jpg or ?file=userid/f2.jpg
+ 
+-    $nomoodlecookie = true;     // Because it interferes with caching
+-
+     require_once('../config.php');
+     require_once($CFG->libdir.'/filelib.php');
+ 
++    if (!empty($CFG->forcelogin) and !isloggedin()) {
++        // protect images if login required and not logged in;
++        // do not use require_login() because it is expensive and not suitable here anyway
++        redirect($CFG->pixpath.'/u/f1.png');
++    }
++
+     // disable moodle specific debug messages
+     disable_debugging();
+ 
--- moodle-1.8.2.orig/debian/patches/msa08003_login-as.dpatch
+++ moodle-1.8.2/debian/patches/msa08003_login-as.dpatch
@@ -0,0 +1,22 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa08003_login-as.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix insufficient access control in "Login as" feature (MSA-08-0003).
+## DP: Thanks to Dan Poltawski.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/course/loginas.php moodle-1.8.2.dfsg/course/loginas.php
+--- moodle-1.8.2/course/loginas.php	2007-03-19 19:28:12.000000000 -0700
++++ moodle-1.8.2.dfsg/course/loginas.php	2009-02-12 11:09:06.000000000 -0800
+@@ -57,8 +57,9 @@
+             print_error('nologinas');
+         }
+         $context = $systemcontext;
+-    } else if (has_capability('moodle/user:loginas', $coursecontext)) {
++    } else {
+         require_login($course);
++        require_capability('moodle/user:loginas', $coursecontext);
+         if (!has_capability('moodle/course:view', $coursecontext, $userid, false)) {
+             error('This user is not in this course!');
+         }
--- moodle-1.8.2.orig/debian/patches/MDL-11857_restore.dpatch
+++ moodle-1.8.2/debian/patches/MDL-11857_restore.dpatch
@@ -0,0 +1,40 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## MDL-11857_restore.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix SQL injection bug in restore (MDL-11857).
+## DP: Thanks to Dan Poltawski.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/backup/restorelib.php moodle-1.8.2.dfsg/backup/restorelib.php
+--- moodle-1.8.2/backup/restorelib.php	2007-06-14 19:40:00.000000000 -0700
++++ moodle-1.8.2.dfsg/backup/restorelib.php	2009-02-12 11:09:06.000000000 -0800
+@@ -1576,17 +1576,8 @@
+                 if ($create_user) {
+                     //Unset the id because it's going to be inserted with a new one
+                     unset ($user->id);
+-                    //We addslashes to necessary fields
+-                    $user->username = addslashes($user->username);
+-                    $user->firstname = addslashes($user->firstname);
+-                    $user->lastname = addslashes($user->lastname);
+-                    $user->email = addslashes($user->email);
+-                    $user->institution = addslashes($user->institution);
+-                    $user->department = addslashes($user->department);
+-                    $user->address = addslashes($user->address);
+-                    $user->city = addslashes($user->city);
+-                    $user->url = addslashes($user->url);
+-                    $user->description = restore_decode_absolute_links(addslashes($user->description));
++                    // relink the descriptions
++                    $user->description = restore_decode_absolute_links($user->description);
+ 
+                     //We need to analyse the AUTH field to recode it:
+                     //   - if the field isn't set, we are in a pre 1.4 backup and we'll 
+@@ -1618,7 +1609,7 @@
+ 
+                     //We are going to create the user
+                     //The structure is exactly as we need
+-                    $newid = insert_record ("user",$user);
++                    $newid = insert_record ("user", addslashes_recursive($user));
+                     //Put the new id
+                     $status = backup_putid($restore->backup_unique_code,"user",$userid,$newid,"new");
+                 }
--- moodle-1.8.2.orig/debian/patches/msa080010_hotpot.dpatch
+++ moodle-1.8.2/debian/patches/msa080010_hotpot.dpatch
@@ -0,0 +1,30 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa080010_hotpot.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Patch SQL injection bug in hotpot module (MSA-08-0010).
+## DP: Thanks to Dan Poltawski.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/mod/hotpot/report.php moodle-1.8.2.dfsg/mod/hotpot/report.php
+--- moodle-1.8.2/mod/hotpot/report.php	2007-05-15 19:47:39.000000000 -0700
++++ moodle-1.8.2.dfsg/mod/hotpot/report.php	2009-02-12 11:09:06.000000000 -0800
+@@ -366,10 +366,14 @@
+             $select = "hotpot='$hotpot->id' AND status=".HOTPOT_STATUS_ABANDONED;
+             break;
+         case 'selection':
+-            $ids = (array)data_submitted();
+-            unset($ids['del']);
+-            unset($ids['id']);
+-            if (!empty($ids)) {
++            $ids = array();
++            $data = (array)data_submitted();
++            foreach ($data as $name => $value) {
++                if (preg_match('/^box\d+$/', $name)) {
++                    $ids[] = intval($value);
++                }
++            }
++            if (count($ids)) {
+                 $select = "hotpot='$hotpot->id' AND clickreportid IN (".implode(',', $ids).")";
+             }
+             break;
--- moodle-1.8.2.orig/debian/patches/msa090001.dpatch
+++ moodle-1.8.2/debian/patches/msa090001.dpatch
@@ -0,0 +1,29 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa090001.dpatch by Francois Marier <francois@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: user: profile images of deleted users are not accessible anymore
+
+@DPATCH@
+diff --git a/user/pix.php b/user/pix.php
+index 8eb3c09..b3509ef 100644
+--- a/user/pix.php
++++ b/user/pix.php
+@@ -17,10 +17,13 @@
+ 
+     if (count($args) == 2) {
+         $userid   = (integer)$args[0];
+-        $image    = $args[1];
+-        $pathname = $CFG->dataroot.'/users/'.$userid.'/'.$image;
+-        if (file_exists($pathname) and !is_dir($pathname)) {
+-            send_file($pathname, $image);
++        // do not serve images of deleted users
++        if ($user = get_record('user', 'id', $userid, 'deleted', 0, 'picture', 1)) {
++            $image    = $args[1];
++            $pathname = $CFG->dataroot.'/users/'.$userid.'/'.$image;
++            if (file_exists($pathname) and !is_dir($pathname)) {
++                send_file($pathname, $image);
++            }
+         }
+     }
+ 
--- moodle-1.8.2.orig/debian/patches/msa090007.dpatch
+++ moodle-1.8.2/debian/patches/msa090007.dpatch
@@ -0,0 +1,100 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa090007.dpatch by Francois Marier <francois@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: proper log url sanitisation
+
+@DPATCH@
+diff --git a/course/lib.php b/course/lib.php
+index c8c36d2..031d39f 100644
+--- a/course/lib.php
++++ b/course/lib.php
+@@ -244,21 +244,50 @@ function make_log_url($module, $url) {
+         case 'message':
+         case 'calendar':
+         case 'blog':
+-            return "/$module/$url";
++            if (strpos($url, '../') === 0) {
++                $url = ltrim($url, '.');
++            } else {
++                $url = "/course/$url";
++            }
+             break;
+         case 'upload':
+-            return $url;
++            $url = $url;
+             break;
+         case 'library':
+         case '':
+-            return '/';
++            $url = '/';
+             break;
+         default:
+-            return "/mod/$module/$url";
++            $url = "/mod/$module/$url";
+             break;
+     }
+-}
+ 
++    //now let's sanitise urls - there might be some ugly nasties:-(
++    $parts = explode('?', $url);
++    $script = array_shift($parts);
++    if (strpos($script, 'http') === 0) {
++        $script = clean_param($script, PARAM_URL);
++    } else {
++        $script = clean_param($script, PARAM_PATH);
++    }
++    $script = htmlspecialchars($script);
++
++    $query = '';
++    if ($parts) {
++        $query = implode('', $parts);
++        $query = str_replace('&amp;', '&', $query); // both & and &amp; are stored in db :-|
++        $parts = explode('&', $query);
++        $eq = urlencode('=');
++        foreach ($parts as $key=>$part) {
++            $part = urlencode(urldecode($part));
++            $part = str_replace($eq, '=', $part);
++            $parts[$key] = $part;
++        }
++        $query = '?'.implode('&amp;', $parts);
++    }
++
++    return $script.$query;
++}
+ 
+ function build_mnet_logs_array($hostid, $course, $user=0, $date=0, $order="l.time ASC", $limitfrom='', $limitnum='',
+                    $modname="", $modid=0, $modaction="", $groupid=0) {
+@@ -504,10 +532,6 @@ function print_log($course, $user=0, $date=0, $order="l.time ASC", $page=0, $per
+         //Filter log->info
+         $log->info = format_string($log->info);
+ 
+-        $log->url  = strip_tags(urldecode($log->url));   // Some XSS protection
+-        $log->info = strip_tags(urldecode($log->info));  // Some XSS protection
+-        $log->url  = s($log->url); /// XSS protection and XHTML compatibility - should be in link_to_popup_window() instead!!
+-
+         echo '<tr class="r'.$row.'">';
+         if ($course->id == SITEID) {
+             echo "<td class=\"cell c0\">\n";
+@@ -615,10 +639,6 @@ function print_mnet_log($hostid, $course, $user=0, $date=0, $order="l.time ASC",
+         //Filter log->info 
+         $log->info = format_string($log->info);
+ 
+-        $log->url  = strip_tags(urldecode($log->url));   // Some XSS protection
+-        $log->info = strip_tags(urldecode($log->info));  // Some XSS protection
+-        $log->url  = s($log->url); /// XSS protection and XHTML compatibility - should be in link_to_popup_window() instead!!
+-
+         echo '<tr class="r'.$row.'">';
+         if ($course->id == SITEID) {
+             echo "<td class=\"r$row c0\" >\n";
+@@ -710,10 +730,7 @@ function print_log_csv($course, $user, $date, $order='l.time DESC', $modname,
+ 
+         //Filter log->info
+         $log->info = format_string($log->info);
+-
+-        $log->url  = strip_tags(urldecode($log->url));     // Some XSS protection
+         $log->info = strip_tags(urldecode($log->info));    // Some XSS protection
+-        $log->url  = str_replace('&', '&amp;', $log->url); // XHTML compatibility
+ 
+         $firstField = $courses[$log->course];
+         $fullname = fullname($log, has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE, $course->id)));
--- moodle-1.8.2.orig/debian/patches/smarty_math_backticks.dpatch
+++ moodle-1.8.2/debian/patches/smarty_math_backticks.dpatch
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## smarty_math_backticks.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: patches CVE-2009-1669
+## DP: Patch: http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
+
+@DPATCH@
+diff -urNad moodle-1.8.2~/lib/smarty/plugins/function.math.php moodle-1.8.2/lib/smarty/plugins/function.math.php
+--- moodle-1.8.2~/lib/smarty/plugins/function.math.php	2005-04-19 02:52:16.000000000 -0700
++++ moodle-1.8.2/lib/smarty/plugins/function.math.php	2009-06-19 17:31:51.000000000 -0700
+@@ -27,6 +27,8 @@
+     }
+ 
+     $equation = $params['equation'];
++    // strip out backticks, not necessary for math
++    $equation = str_replace('`','',$params['equation']);
+ 
+     // make sure parenthesis are balanced
+     if (substr_count($equation,"(") != substr_count($equation,")")) {
--- moodle-1.8.2.orig/debian/patches/msa080004_install.dpatch
+++ moodle-1.8.2/debian/patches/msa080004_install.dpatch
@@ -0,0 +1,65 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa080004_install.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix XSS bug in install script (MSA-08-0004).
+## DP: Thanks to Dan Poltawski.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/install.php moodle-1.8.2.dfsg/install.php
+--- moodle-1.8.2/install.php	2007-06-20 19:26:23.000000000 -0700
++++ moodle-1.8.2.dfsg/install.php	2009-02-12 11:09:06.000000000 -0800
+@@ -103,6 +103,7 @@
+         $nextstage = $_POST['stage'];
+     }
+ 
++    $nextstage = (int)$nextstage;
+ 
+     if ($nextstage < 0) {
+         $nextstage = WELCOME;
+@@ -804,31 +805,31 @@
+             <tr>
+                 <td class="td_left"><p><?php print_string('dbhost', 'install') ?></p></td>
+                 <td class="td_right">
+-                    <input type="text" size="40" name="dbhost" value="<?php echo $INSTALL['dbhost'] ?>" />
++                    <input type="text" size="40" name="dbhost" value="<?php p($INSTALL['dbhost']) ?>" />
+                 </td>
+             </tr>
+             <tr>
+                 <td class="td_left"><p><?php print_string('database', 'install') ?></p></td>
+                 <td class="td_right">
+-                    <input type="text" size="40" name="dbname" value="<?php echo $INSTALL['dbname'] ?>" />
++                    <input type="text" size="40" name="dbname" value="<?php p($INSTALL['dbname']) ?>" />
+                 </td>
+             </tr>
+             <tr>
+                 <td class="td_left"><p><?php print_string('user') ?></p></td>
+                 <td class="td_right">
+-                    <input type="text" size="40" name="dbuser" value="<?php echo $INSTALL['dbuser'] ?>" />
++                    <input type="text" size="40" name="dbuser" value="<?php p($INSTALL['dbuser']) ?>" />
+                 </td>
+             </tr>
+             <tr>
+                 <td class="td_left"><p><?php print_string('password') ?></p></td>
+                 <td class="td_right">
+-                    <input type="password" size="40" name="dbpass" value="<?php echo $INSTALL['dbpass'] ?>" />
++                    <input type="password" size="40" name="dbpass" value="<?php p($INSTALL['dbpass']) ?>" />
+                 </td>
+             </tr>
+             <tr>
+                 <td class="td_left"><p><?php print_string('dbprefix', 'install') ?></p></td>
+                 <td class="td_right">
+-                    <input type="text" size="40" name="prefix" value="<?php echo $INSTALL['prefix'] ?>" />
++                    <input type="text" size="40" name="prefix" value="<?php p($INSTALL['prefix']) ?>" />
+                 </td>
+             </tr>
+ 
+@@ -840,7 +841,7 @@
+             <tr>
+                 <td class="td_left"><p><?php print_string('admindirname', 'install') ?></p></td>
+                 <td class="td_right">
+-                    <input type="text" size="40" name="admindirname" value="<?php echo $INSTALL['admindirname'] ?>" />
++                    <input type="text" size="40" name="admindirname" value="<?php p($INSTALL['admindirname']) ?>" />
+                 </td>
+             </tr>
+ 
--- moodle-1.8.2.orig/debian/patches/CVE-2008-4796_snoopy.dpatch
+++ moodle-1.8.2/debian/patches/CVE-2008-4796_snoopy.dpatch
@@ -0,0 +1,21 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2008-4796_snoopy.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Patch snoopy input sanitising (CVE-2008-4796).
+## DP: Thanks to Francois Marier.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/lib/snoopy/Snoopy.class.inc moodle-1.8.2.dfsg/lib/snoopy/Snoopy.class.inc
+--- moodle-1.8.2/lib/snoopy/Snoopy.class.inc	2006-03-21 18:02:00.000000000 -0800
++++ moodle-1.8.2.dfsg/lib/snoopy/Snoopy.class.inc	2009-02-12 11:09:06.000000000 -0800
+@@ -1013,8 +1013,7 @@
+         
+         $headerfile = tempnam($temp_dir, "sno");
+ 
+-        $safer_URI = strtr( $URI, "\"", " " ); // strip quotes from the URI to avoid shell access
+-        exec($this->curl_path." -D \"$headerfile\"".$cmdline_params." \"".$safer_URI."\"",$results,$return);
++        exec($this->curl_path." -k -D \"$headerfile\"".$cmdline_params." \"".escapeshellcmd($URI)."\"",$results,$return);
+         
+         if($return)
+         {
--- moodle-1.8.2.orig/debian/patches/msa090006_CVE-2009-0501_calendar.dpatch
+++ moodle-1.8.2/debian/patches/msa090006_CVE-2009-0501_calendar.dpatch
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa090006_CVE-2009-0501_calendar.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Backport upstream fix for calendar export leakage.
+## DP: MSA-09-0006 / CVE-2009-0501, Thanks to Francois Marier.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/calendar/export_execute.php moodle-1.8.2.dfsg/calendar/export_execute.php
+--- moodle-1.8.2/calendar/export_execute.php	2007-06-19 23:33:11.000000000 -0700
++++ moodle-1.8.2.dfsg/calendar/export_execute.php	2009-02-12 11:09:06.000000000 -0800
+@@ -11,12 +11,12 @@
+ //Fetch user information
+ if (!$user = get_complete_user_data('username', $username)) {
+    //No such user
+-   die("No such user '$username'");
++    die('Invalid authentication');
+ }
+ 
+ //Check authentication token
+ if ($authtoken != sha1($username . $user->password)) {
+-    die('Invalid authentication token');
++    die('Invalid authentication');
+ }
+ 
+ $what = optional_param('preset_what', 'all', PARAM_ALPHA);
--- moodle-1.8.2.orig/debian/patches/html2text-update.dpatch
+++ moodle-1.8.2/debian/patches/html2text-update.dpatch
@@ -0,0 +1,772 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## html2text-update.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Update html2text to prevent code execution attacks.
+## DP: Thanks to Francois Marier.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/lib/html2text.php moodle-1.8.2.dfsg/lib/html2text.php
+--- moodle-1.8.2/lib/html2text.php	2005-03-26 21:50:21.000000000 -0800
++++ moodle-1.8.2.dfsg/lib/html2text.php	2009-02-12 11:09:06.000000000 -0800
+@@ -1,169 +1,595 @@
+ <?php
+ 
+-/***************************************************************
+- * Library to convert HTML into an approximate text equivalent *
+- ***************************************************************
+-
+-  Version: 1.0.3  (with modifications)
+-  Copyright 2003 Mark Wilton-Jones
+-  License: HowToCreate script license with written permission
+-  URL: http://www.howtocreate.co.uk/php/
+-
+-  For full details about the script and to get the latest version,
+-  please see the HowToCreate web site above.
+-
+-  This version contains modifications for Moodle.  In each case the
+-  lines are marked with "Moodle", so you can  see what has changed.
+-
+-  ********************************************************************/
+-
+-function html2text( $badStr ) {
+-
+-    $is_open_tb = false;
+-    $is_open_dq = false;
+-    $is_open_sq = false;
+-
+-    //remove comments
+-
+-    while (substr_count($badStr, '<!--') && 
+-           substr_count($badStr, '-->') && 
+-           strpos($badStr, '-->', strpos($badStr, '<!--' ) ) > strpos( $badStr, '<!--' ) ) {
+-           $badStr = substr( $badStr, 0, strpos( $badStr, '<!--' ) ) . 
+-                     substr( $badStr, strpos( $badStr, '-->', 
+-                     strpos( $badStr, '<!--' ) ) + 3 );
+-    }
+-
+-    //now make sure all HTML tags are correctly written (> not in between quotes)
+-
+-    $len = strlen($badStr); // Moodle
+-    $chr = $badStr{0}; // Moodle
+-    $goodStr = ''; // Moodle
+-
+-    if ($len > 0) { // Moodle
+-        for ($x=0; $x < $len; $x++ ) { // Moodle
+-            $chr = $badStr{$x}; //take each letter in turn and check if that character is permitted there
+-            switch ( $chr ) {
+-                case '<':
+-                    if ( !$is_open_tb && strtolower( substr( $badStr, $x + 1, 5 ) ) == 'style' ) {
+-                        $badStr = substr( $badStr, 0, $x ) . 
+-                                  substr( $badStr, strpos( strtolower( $badStr ), '</style>', $x ) + 7 ); 
+-                        $chr = '';
+-                    } else if ( !$is_open_tb && strtolower( substr( $badStr, $x + 1, 6 ) ) == 'script' ) {
+-                        $badStr = substr( $badStr, 0, $x ) . 
+-                                  substr( $badStr, strpos( strtolower( $badStr ), '</script>', $x ) + 8 ); 
+-                        $chr = '';
+-                    } else if (!$is_open_tb) { 
+-                        $is_open_tb = true; 
+-                    } else { 
+-                        $chr = '&lt;'; 
+-                    }
+-                    break;
+-
+-                case '>':
+-                    if ( !$is_open_tb || $is_open_dq || $is_open_sq ) { 
+-                        $chr = '&gt;'; 
+-                    } else { 
+-                        $is_open_tb = false; 
+-                    }
+-                    break;
+-
+-                case '"':
+-                    if ( $is_open_tb && !$is_open_dq && !$is_open_sq ) { 
+-                        $is_open_dq = true; 
+-                    } else if ( $is_open_tb && $is_open_dq && !$is_open_sq ) { 
+-                        $is_open_dq = false; 
+-                    } else { 
+-                        $chr = '&quot;'; 
+-                    }
+-                    break;
+-
+-                case "'":
+-                    if ( $is_open_tb && !$is_open_dq && !$is_open_sq ) { 
+-                        $is_open_sq = true; 
+-                    } else if ( $is_open_tb && !$is_open_dq && $is_open_sq ) { 
+-                        $is_open_sq = false; 
+-                    }
+-                    break;
+-            }
+-            $goodStr .= $chr;
+-        }
+-    } // Moodle
+-
+-    //now that the page is valid (I hope) for strip_tags, strip all unwanted tags
+-
+-    $goodStr = strip_tags( $goodStr, '<title><hr><h1><h2><h3><h4><h5><h6><div><p><pre><sup><ul><ol><br><dl><dt><table><caption><tr><li><dd><th><td><a><area><img><form><input><textarea><button><select><option>' );
+-
+-    //strip extra whitespace except between <pre> and <textarea> tags
+-
+-    $badStr = preg_split( "/<\/?pre[^>]*>/i", $goodStr );
+-
+-    for ( $x = 0; isset($badStr[$x]) && is_string( $badStr[$x] ); $x++ ) { // Moodle: added isset() test
+-        if ( $x % 2 ) { $badStr[$x] = '<pre>'.$badStr[$x].'</pre>'; } else {
+-            $goodStr = preg_split( "/<\/?textarea[^>]*>/i", $badStr[$x] );
+-            for ( $z = 0; isset($goodStr[$z]) && is_string( $goodStr[$z] ); $z++ ) { // Moodle: added isset() test
+-                if ( $z % 2 ) { $goodStr[$z] = '<textarea>'.$goodStr[$z].'</textarea>'; } else {
+-                    $goodStr[$z] = str_replace('  ', ' ', $goodStr[$z] );
+-                }
+-            }
+-            $badStr[$x] = implode('',$goodStr);
++/*************************************************************************
++ *                                                                       *
++ * class.html2text.inc                                                   *
++ *                                                                       *
++ *************************************************************************
++ *                                                                       *
++ * Converts HTML to formatted plain text                                 *
++ *                                                                       *
++ * Copyright (c) 2005-2007 Jon Abernathy <jon@chuggnutt.com>             *
++ * All rights reserved.                                                  *
++ *                                                                       *
++ * This script is free software; you can redistribute it and/or modify   *
++ * it under the terms of the GNU General Public License as published by  *
++ * the Free Software Foundation; either version 2 of the License, or     *
++ * (at your option) any later version.                                   *
++ *                                                                       *
++ * The GNU General Public License can be found at                        *
++ * http://www.gnu.org/copyleft/gpl.html.                                 *
++ *                                                                       *
++ * This script is distributed in the hope that it will be useful,        *
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the          *
++ * GNU General Public License for more details.                          *
++ *                                                                       *
++ * Author(s): Jon Abernathy <jon@chuggnutt.com>                          *
++ *                                                                       *
++ * Last modified: 08/08/07                                               *
++ *                                                                       *
++ *************************************************************************/
++
++
++/**
++ *  Takes HTML and converts it to formatted, plain text.
++ *
++ *  Thanks to Alexander Krug (http://www.krugar.de/) to pointing out and
++ *  correcting an error in the regexp search array. Fixed 7/30/03.
++ *
++ *  Updated set_html() function's file reading mechanism, 9/25/03.
++ *
++ *  Thanks to Joss Sanglier (http://www.dancingbear.co.uk/) for adding
++ *  several more HTML entity codes to the $search and $replace arrays.
++ *  Updated 11/7/03.
++ *
++ *  Thanks to Darius Kasperavicius (http://www.dar.dar.lt/) for
++ *  suggesting the addition of $allowed_tags and its supporting function
++ *  (which I slightly modified). Updated 3/12/04.
++ *
++ *  Thanks to Justin Dearing for pointing out that a replacement for the
++ *  <TH> tag was missing, and suggesting an appropriate fix.
++ *  Updated 8/25/04.
++ *
++ *  Thanks to Mathieu Collas (http://www.myefarm.com/) for finding a
++ *  display/formatting bug in the _build_link_list() function: email
++ *  readers would show the left bracket and number ("[1") as part of the
++ *  rendered email address.
++ *  Updated 12/16/04.
++ *
++ *  Thanks to Wojciech Bajon (http://histeria.pl/) for submitting code
++ *  to handle relative links, which I hadn't considered. I modified his
++ *  code a bit to handle normal HTTP links and MAILTO links. Also for
++ *  suggesting three additional HTML entity codes to search for.
++ *  Updated 03/02/05.
++ *
++ *  Thanks to Jacob Chandler for pointing out another link condition
++ *  for the _build_link_list() function: "https".
++ *  Updated 04/06/05.
++ *
++ *  Thanks to Marc Bertrand (http://www.dresdensky.com/) for
++ *  suggesting a revision to the word wrapping functionality; if you
++ *  specify a $width of 0 or less, word wrapping will be ignored.
++ *  Updated 11/02/06.
++ *
++ *  *** Big housecleaning updates below:
++ *
++ *  Thanks to Colin Brown (http://www.sparkdriver.co.uk/) for
++ *  suggesting the fix to handle </li> and blank lines (whitespace).
++ *  Christian Basedau (http://www.movetheweb.de/) also suggested the
++ *  blank lines fix.
++ *
++ *  Special thanks to Marcus Bointon (http://www.synchromedia.co.uk/),
++ *  Christian Basedau, Norbert Laposa (http://ln5.co.uk/),
++ *  Bas van de Weijer, and Marijn van Butselaar
++ *  for pointing out my glaring error in the <th> handling. Marcus also
++ *  supplied a host of fixes.
++ *
++ *  Thanks to Jeffrey Silverman (http://www.newtnotes.com/) for pointing
++ *  out that extra spaces should be compressed--a problem addressed with
++ *  Marcus Bointon's fixes but that I had not yet incorporated.
++ *
++ *	Thanks to Daniel Schledermann (http://www.typoconsult.dk/) for
++ *  suggesting a valuable fix with <a> tag handling.
++ *
++ *  Thanks to Wojciech Bajon (again!) for suggesting fixes and additions,
++ *  including the <a> tag handling that Daniel Schledermann pointed
++ *  out but that I had not yet incorporated. I haven't (yet)
++ *  incorporated all of Wojciech's changes, though I may at some
++ *  future time.
++ *
++ *  *** End of the housecleaning updates. Updated 08/08/07.
++ *
++ *  @author Jon Abernathy <jon@chuggnutt.com>
++ *  @version 1.0.0
++ *  @since PHP 4.0.2
++ */
++class html2text
++{
++
++    /**
++     *  Contains the HTML content to convert.
++     *
++     *  @var string $html
++     *  @access public
++     */
++    var $html;
++
++    /**
++     *  Contains the converted, formatted text.
++     *
++     *  @var string $text
++     *  @access public
++     */
++    var $text;
++
++    /**
++     *  Maximum width of the formatted text, in columns.
++     *
++     *  Set this value to 0 (or less) to ignore word wrapping
++     *  and not constrain text to a fixed-width column.
++     *
++     *  @var integer $width
++     *  @access public
++     */
++    var $width = 70;
++
++    /**
++     *  List of preg* regular expression patterns to search for,
++     *  used in conjunction with $replace.
++     *
++     *  @var array $search
++     *  @access public
++     *  @see $replace
++     */
++    var $search = array(
++        "/\r/",                                  // Non-legal carriage return
++        "/[\n\t]+/",                             // Newlines and tabs
++        '/[ ]{2,}/',                             // Runs of spaces, pre-handling
++        '/<script[^>]*>.*?<\/script>/i',         // <script>s -- which strip_tags supposedly has problems with
++        '/<style[^>]*>.*?<\/style>/i',           // <style>s -- which strip_tags supposedly has problems with
++        //'/<!-- .* -->/',                         // Comments -- which strip_tags might have problem a with
++        '/<p[^>]*>/i',                           // <P>
++        '/<br[^>]*>/i',                          // <br>
++        '/<i[^>]*>(.*?)<\/i>/i',                 // <i>
++        '/<em[^>]*>(.*?)<\/em>/i',               // <em>
++        '/(<ul[^>]*>|<\/ul>)/i',                 // <ul> and </ul>
++        '/(<ol[^>]*>|<\/ol>)/i',                 // <ol> and </ol>
++        '/<li[^>]*>(.*?)<\/li>/i',               // <li> and </li>
++        '/<li[^>]*>/i',                          // <li>
++        '/<hr[^>]*>/i',                          // <hr>
++        '/(<table[^>]*>|<\/table>)/i',           // <table> and </table>
++        '/(<tr[^>]*>|<\/tr>)/i',                 // <tr> and </tr>
++        '/<td[^>]*>(.*?)<\/td>/i',               // <td> and </td>
++        '/&(nbsp|#160);/i',                      // Non-breaking space
++        '/&(quot|rdquo|ldquo|#8220|#8221|#147|#148);/i',
++		                                         // Double quotes
++        '/&(apos|rsquo|lsquo|#8216|#8217);/i',   // Single quotes
++        '/&gt;/i',                               // Greater-than
++        '/&lt;/i',                               // Less-than
++        '/&(amp|#38);/i',                        // Ampersand
++        '/&(copy|#169);/i',                      // Copyright
++        '/&(trade|#8482|#153);/i',               // Trademark
++        '/&(reg|#174);/i',                       // Registered
++        '/&(mdash|#151|#8212);/i',               // mdash
++        '/&(ndash|minus|#8211|#8722);/i',        // ndash
++        '/&(bull|#149|#8226);/i',                // Bullet
++        '/&(pound|#163);/i',                     // Pound sign
++        '/&(euro|#8364);/i',                     // Euro sign
++        '/&[^&;]+;/i',                           // Unknown/unhandled entities
++        '/[ ]{2,}/'                              // Runs of spaces, post-handling
++    );
++
++    /**
++     *  List of pattern replacements corresponding to patterns searched.
++     *
++     *  @var array $replace
++     *  @access public
++     *  @see $search
++     */
++    var $replace = array(
++        '',                                     // Non-legal carriage return
++        ' ',                                    // Newlines and tabs
++        ' ',                                    // Runs of spaces, pre-handling
++        '',                                     // <script>s -- which strip_tags supposedly has problems with
++        '',                                     // <style>s -- which strip_tags supposedly has problems with
++        //'',                                     // Comments -- which strip_tags might have problem a with
++        "\n\n",                               // <P>
++        "\n",                                   // <br>
++        '_\\1_',                                // <i>
++        '_\\1_',                                // <em>
++        "\n\n",                                 // <ul> and </ul>
++        "\n\n",                                 // <ol> and </ol>
++        "\t* \\1\n",                            // <li> and </li>
++        "\n\t* ",                               // <li>
++    	"\n-------------------------\n",        // <hr>
++    	"\n\n",                                 // <table> and </table>
++        "\n",                                   // <tr> and </tr>
++        "\t\t\\1\n",                            // <td> and </td>
++        ' ',                                    // Non-breaking space
++        '"',                                    // Double quotes
++        "'",                                    // Single quotes
++        '>',
++        '<',
++        '&',
++        '(c)',
++        '(tm)',
++        '(R)',
++        '--',
++        '-',
++        '*',
++        '£',
++        'EUR',                                  // Euro sign. � ?
++        '',                                     // Unknown/unhandled entities
++        ' '                                     // Runs of spaces, post-handling
++    );
++
++    /**
++     *  List of preg* regular expression patterns to search for
++     *  and replace using callback function.
++     *
++     *  @var array $callback_search
++     *  @access public
++     */
++    var $callback_search = array(
++        '/<(h)[123456][^>]*>(.*?)<\/h[123456]>/i', // H1 - H3
++        '/<(b)[^>]*>(.*?)<\/b>/i',                 // <b>
++        '/<(strong)[^>]*>(.*?)<\/strong>/i',       // <strong>
++        '/<(a) [^>]*href=("|\')([^"\']+)\2[^>]*>(.*?)<\/a>/i',
++                                                   // <a href="">
++        '/<(th)[^>]*>(.*?)<\/th>/i',               // <th> and </th>
++    );
++
++   /**
++    *  List of preg* regular expression patterns to search for in PRE body,
++    *  used in conjunction with $pre_replace.
++    *
++    *  @var array $pre_search
++    *  @access public
++    *  @see $pre_replace
++    */
++    var $pre_search = array(
++	"/\n/",
++	"/\t/",
++	'/ /',
++	'/<pre[^>]*>/',
++	'/<\/pre>/'
++    );
++
++    /**
++     *  List of pattern replacements corresponding to patterns searched for PRE body.
++     *
++     *  @var array $pre_replace
++     *  @access public
++     *  @see $pre_search
++     */
++    var $pre_replace = array(
++	'<br>',
++	'&nbsp;&nbsp;&nbsp;&nbsp;',
++	'&nbsp;',
++	'',
++	''
++    );
++
++    /**
++     *  Contains a list of HTML tags to allow in the resulting text.
++     *
++     *  @var string $allowed_tags
++     *  @access public
++     *  @see set_allowed_tags()
++     */
++    var $allowed_tags = '';
++
++    /**
++     *  Contains the base URL that relative links should resolve to.
++     *
++     *  @var string $url
++     *  @access public
++     */
++    var $url;
++
++    /**
++     *  Indicates whether content in the $html variable has been converted yet.
++     *
++     *  @var boolean $_converted
++     *  @access private
++     *  @see $html, $text
++     */
++    var $_converted = false;
++
++    /**
++     *  Contains URL addresses from links to be rendered in plain text.
++     *
++     *  @var string $_link_list
++     *  @access private
++     *  @see _build_link_list()
++     */
++    var $_link_list = '';
++    
++    /**
++     *  Number of valid links detected in the text, used for plain text
++     *  display (rendered similar to footnotes).
++     *
++     *  @var integer $_link_count
++     *  @access private
++     *  @see _build_link_list()
++     */
++    var $_link_count = 0;
++
++    /** 
++     * Boolean flag, true if a table of link URLs should be listed after the text. 
++     *  
++     * @var boolean $_do_links 
++     * @access private 
++     * @see html2text() 
++     */
++    var $_do_links = true;
++ 
++    /**
++     *  Constructor.
++     *
++     *  If the HTML source string (or file) is supplied, the class
++     *  will instantiate with that source propagated, all that has
++     *  to be done it to call get_text().
++     *
++     *  @param string $source HTML content
++     *  @param boolean $from_file Indicates $source is a file to pull content from
++     *  @param boolean $do_links Indicate whether a table of link URLs is desired
++     *  @param integer $width Maximum width of the formatted text, 0 for no limit
++     *  @access public
++     *  @return void
++     */
++    function html2text( $source = '', $from_file = false, $do_links = true, $width = 75 )
++    {
++        if ( !empty($source) ) {
++            $this->set_html($source, $from_file);
+         }
++	
++        $this->set_base_url();
++	$this->_do_links = $do_links;
++	$this->width = $width;
+     }
+ 
+-    $goodStr = implode('',$badStr);
+-
+-    //remove all options from select inputs
+-
+-    $goodStr = preg_replace( "/<option[^>]*>[^<]*/i", '', $goodStr );
+-
+-    //replace all tags with their text equivalents
+-
+-    $goodStr = preg_replace( "/<(\/title|hr)[^>]*>/i", "\n          --------------------\n", $goodStr );
+-
+-    $goodStr = preg_replace( "/<(h|div|p)[^>]*>/i", "\n\n", $goodStr );
+-
+-    $goodStr = preg_replace( "/<sup[^>]*>/i", '^', $goodStr );
+-
+-    $goodStr = preg_replace( "/<(ul|ol|br|dl|dt|table|caption|\/textarea|tr[^>]*>\s*<(td|th))[^>]*>/i", "\n", $goodStr );
+-
+-    $goodStr = preg_replace( "/<li[^>]*>/i", "\n� ", $goodStr );
+-
+-    $goodStr = preg_replace( "/<dd[^>]*>/i", "\n\t", $goodStr );
+-
+-    $goodStr = preg_replace( "/<(th|td)[^>]*>/i", "\t", $goodStr );
++    /**
++     *  Loads source HTML into memory, either from $source string or a file.
++     *
++     *  @param string $source HTML content
++     *  @param boolean $from_file Indicates $source is a file to pull content from
++     *  @access public
++     *  @return void
++     */
++    function set_html( $source, $from_file = false )
++    {
++        if ( $from_file && file_exists($source) ) {
++	    $this->html = file_get_contents($source); 
++        }
++        else
++	    $this->html = $source;
+ 
+- // $goodStr = preg_replace( "/<a[^>]* href=(\"((?!\"|#|javascript:)[^\"#]*)(\"|#)|'((?!'|#|javascript:)[^'#]*)('|#)|((?!'|\"|>|#|javascript:)[^#\"'> ]*))[^>]*>/i", "[LINK: $2$4$6] ", $goodStr );   // Moodle
+-    $goodStr = preg_replace( "/<a[^>]* href=(\"((?!\"|#|javascript:)[^\"#]*)(\"|#)|'((?!'|#|javascript:)[^'#]*)('|#)|((?!'|\"|>|#|javascript:)[^#\"'> ]*))[^>]*>([^<]*)<\/a>/i", "$7 [$2$4$6]", $goodStr );
++        $this->_converted = false;
++    }
+ 
+-    // $goodStr = preg_replace( "/<img[^>]* alt=(\"([^\"]+)\"|'([^']+)'|([^\"'> ]+))[^>]*>/i", "[IMAGE: $2$3$4] ", $goodStr );   // Moodle
+-    $goodStr = preg_replace( "/<img[^>]* alt=(\"([^\"]+)\"|'([^']+)'|([^\"'> ]+))[^>]*>/i", "[$2$3$4] ", $goodStr );
++    /**
++     *  Returns the text, converted from HTML.
++     *
++     *  @access public
++     *  @return string
++     */
++    function get_text()
++    {
++        if ( !$this->_converted ) {
++            $this->_convert();
++        }
+ 
+-    $goodStr = preg_replace( "/<form[^>]* action=(\"([^\"]+)\"|'([^']+)'|([^\"'> ]+))[^>]*>/i", "\n[FORM: $2$3$4] ", $goodStr );
++        return $this->text;
++    }
+ 
+-    $goodStr = preg_replace( "/<(input|textarea|button|select)[^>]*>/i", "[INPUT] ", $goodStr );
++    /**
++     *  Prints the text, converted from HTML.
++     *
++     *  @access public
++     *  @return void
++     */
++    function print_text()
++    {
++        print $this->get_text();
++    }
+ 
+-    //strip all remaining tags (mostly closing tags)
++    /**
++     *  Alias to print_text(), operates identically.
++     *
++     *  @access public
++     *  @return void
++     *  @see print_text()
++     */
++    function p()
++    {
++        print $this->get_text();
++    }
+ 
+-    $goodStr = strip_tags( $goodStr );
++    /**
++     *  Sets the allowed HTML tags to pass through to the resulting text.
++     *
++     *  Tags should be in the form "<p>", with no corresponding closing tag.
++     *
++     *  @access public
++     *  @return void
++     */
++    function set_allowed_tags( $allowed_tags = '' )
++    {
++        if ( !empty($allowed_tags) ) {
++            $this->allowed_tags = $allowed_tags;
++        }
++    }
+ 
+-    //convert HTML entities
++    /**
++     *  Sets a base URL to handle relative links.
++     *
++     *  @access public
++     *  @return void
++     */
++    function set_base_url( $url = '' )
++    {
++        if ( empty($url) ) {
++        	if ( !empty($_SERVER['HTTP_HOST']) ) {
++	            $this->url = 'http://' . $_SERVER['HTTP_HOST'];
++        	} else {
++	            $this->url = '';
++	        }
++        } else {
++            // Strip any trailing slashes for consistency (relative
++            // URLs may already start with a slash like "/file.html")
++            if ( substr($url, -1) == '/' ) {
++                $url = substr($url, 0, -1);
++            }
++            $this->url = $url;
++        }
++    }
+ 
+-    $goodStr = strtr( $goodStr, array_flip( get_html_translation_table( HTML_ENTITIES ) ) );
++    /**
++     *  Workhorse function that does actual conversion.
++     *
++     *  First performs custom tag replacement specified by $search and
++     *  $replace arrays. Then strips any remaining HTML tags, reduces whitespace
++     *  and newlines to a readable format, and word wraps the text to
++     *  $width characters.
++     *
++     *  @access private
++     *  @return void
++     */
++    function _convert()
++    {
++        // Variables used for building the link list
++        $this->_link_count = 0;
++        $this->_link_list = '';
++
++        $text = trim(stripslashes($this->html));
++
++	// Convert <PRE>
++        $this->_convert_pre($text);
++
++	// Replace known html entities
++	$text = html_entity_decode($text, ENT_COMPAT, 'UTF-8');
++
++        // Run our defined search-and-replace
++        $text = preg_replace($this->search, $this->replace, $text);
++        $text = preg_replace_callback($this->callback_search, array('html2text', '_preg_callback'), $text);
++
++        // Strip any other HTML tags
++        $text = strip_tags($text, $this->allowed_tags);
++
++        // Bring down number of empty lines to 2 max
++        $text = preg_replace("/\n\s+\n/", "\n\n", $text);
++        $text = preg_replace("/[\n]{3,}/", "\n\n", $text);
++
++        // Add link list
++        if ( !empty($this->_link_list) ) {
++            $text .= "\n\nLinks:\n------\n" . $this->_link_list;
++        }
+ 
+-    preg_replace( "/&#(\d+);/me", "chr('$1')", $goodStr );
++        // Wrap the text to a readable format
++        // for PHP versions >= 4.0.2. Default width is 75
++        // If width is 0 or less, don't wrap the text.
++        if ( $this->width > 0 ) {
++        	$text = wordwrap($text, $this->width);
++        }
+ 
+-    //wordwrap
++        $this->text = $text;
+ 
+-    // $goodStr = wordwrap( $goodStr );   // Moodle
+-    $goodStr = wordwrap( $goodStr, 78 );
++        $this->_converted = true;
++    }
+ 
+-    //make sure there are no more than 3 linebreaks in a row and trim whitespace
+-    $goodStr = preg_replace("/\r\n?|\f/", "\n", $goodStr);
+-    $goodStr = preg_replace("/\n(\s*\n){2}/", "\n\n\n", $goodStr);
+-    $goodStr = preg_replace("/[ \t]+(\n|$)/", "$1", $goodStr);
+-    $goodStr = preg_replace("/^\n*|\n*$/", '', $goodStr);
++    /**
++     *  Helper function called by preg_replace() on link replacement.
++     *
++     *  Maintains an internal list of links to be displayed at the end of the
++     *  text, with numeric indices to the original point in the text they
++     *  appeared. Also makes an effort at identifying and handling absolute
++     *  and relative links.
++     *
++     *  @param string $link URL of the link
++     *  @param string $display Part of the text to associate number with
++     *  @access private
++     *  @return string
++     */
++    function _build_link_list( $link, $display )
++    {
++	if ( !$this->_do_links ) return $display;
++	
++	if ( substr($link, 0, 7) == 'http://' || substr($link, 0, 8) == 'https://' ||
++             substr($link, 0, 7) == 'mailto:' ) {
++            $this->_link_count++;
++            $this->_link_list .= "[" . $this->_link_count . "] $link\n";
++            $additional = ' [' . $this->_link_count . ']';
++		} elseif ( substr($link, 0, 11) == 'javascript:' ) {
++			// Don't count the link; ignore it
++			$additional = '';
++		// what about href="#anchor" ?
++        } else {
++            $this->_link_count++;
++            $this->_link_list .= "[" . $this->_link_count . "] " . $this->url;
++            if ( substr($link, 0, 1) != '/' ) {
++                $this->_link_list .= '/';
++            }
++            $this->_link_list .= "$link\n";
++            $additional = ' [' . $this->_link_count . ']';
++        }
+ 
+-    return $goodStr;
++        return $display . $additional;
++    }
++    
++    /**
++     *  Helper function for PRE body conversion.
++     *
++     *  @param string HTML content
++     *  @access private
++     */
++    function _convert_pre(&$text)
++    {
++	while(preg_match('/<pre[^>]*>(.*)<\/pre>/ismU', $text, $matches))
++	{
++	    $result = preg_replace($this->pre_search, $this->pre_replace, $matches[1]);
++	    $text = preg_replace('/<pre[^>]*>.*<\/pre>/ismU', '<div><br>' . $result . '<br></div>', $text, 1);
++	}
++    }
+ 
++    /**
++     *  Callback function for preg_replace_callback use.
++     *
++     *  @param  array PREG matches
++     *  @return string
++     *  @access private
++     */
++    function _preg_callback($matches)
++    {
++	switch($matches[1])
++	{
++	    case 'b':
++	    case 'strong':
++		return $this->_strtoupper($matches[2]);
++	    case 'hr':
++		return $this->_strtoupper("\t\t". $matches[2] ."\n");
++	    case 'h':
++		return $this->_strtoupper("\n\n". $matches[2] ."\n\n");
++	    case 'a':
++    	        return $this->_build_link_list($matches[3], $matches[4]);
++	}
++    }
++    
++    /**
++     *  Strtoupper multibyte wrapper function
++     *
++     *  @param  string
++     *  @return string
++     *  @access private
++     */
++    function _strtoupper($str)
++    {
++	if (function_exists('mb_strtoupper'))
++    	    return mb_strtoupper($str);
++    	else
++	    return strtoupper($str);
++    }
+ }
+ 
+ ?>
+diff -Nru moodle-1.8.2/lib/weblib.php moodle-1.8.2.dfsg/lib/weblib.php
+--- moodle-1.8.2/lib/weblib.php	2007-07-03 19:55:40.000000000 -0700
++++ moodle-1.8.2.dfsg/lib/weblib.php	2009-02-12 11:09:06.000000000 -0800
+@@ -1928,7 +1931,13 @@
+ 
+     require_once($CFG->libdir .'/html2text.php');
+ 
+-    return html2text($html);
++    $h2t = new html2text($html);
++    $result = $h2t->get_text();
++
++    // html2text does not fix HTML entities so handle those here.
++    $result = html_entity_decode($result, ENT_NOQUOTES, 'UTF-8');
++
++    return $result;
+ }
+ 
+ /**
--- moodle-1.8.2.orig/debian/patches/msa080021_text-cleaning.dpatch
+++ moodle-1.8.2/debian/patches/msa080021_text-cleaning.dpatch
@@ -0,0 +1,27 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa080021_text-cleaning.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Deficiency in text cleaning functions allowed for XSS (MSA-08-0021).
+## DP: Thanks to Dan Poltawski.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/lib/weblib.php moodle-1.8.2.dfsg/lib/weblib.php
+--- moodle-1.8.2/lib/weblib.php	2007-07-03 19:55:40.000000000 -0700
++++ moodle-1.8.2.dfsg/lib/weblib.php	2009-02-12 11:09:06.000000000 -0800
+@@ -1411,9 +1411,12 @@
+     if (!empty($CFG->formatstringstriptags)) {
+         $string = strip_tags($string);
+ 
+-    // Otherwise strip just links if that is required (default)
+-    } else if ($striplinks) {  //strip links in string
+-        $string = preg_replace('/(<a[^>]+?>)(.+?)(<\/a>)/is','$2',$string);
++    } else {
++        // Otherwise strip just links if that is required (default)
++        if ($striplinks) {  //strip links in string
++            $string = preg_replace('/(<a\s[^>]+?>)(.+?)(<\/a>)/is','$2',$string);
++        }
++        $string = clean_text($string);
+     }
+ 
+     //Store to cache
--- moodle-1.8.2.orig/debian/patches/mdl12793_PARAM_HOST.dpatch
+++ moodle-1.8.2/debian/patches/mdl12793_PARAM_HOST.dpatch
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## mdl12793_PARAM_HOST.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix insufficient cleaning of PARAM_HOST (MDL-12793).
+## DP: Thanks to Dan Poltawski.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/lib/moodlelib.php moodle-1.8.2.dfsg/lib/moodlelib.php
+--- moodle-1.8.2/lib/moodlelib.php	2007-07-06 20:36:14.000000000 -0700
++++ moodle-1.8.2.dfsg/lib/moodlelib.php	2009-02-12 11:09:06.000000000 -0800
+@@ -452,7 +452,7 @@
+             return ereg_replace('/(\./)+', '/', $param);
+ 
+         case PARAM_HOST:         // allow FQDN or IPv4 dotted quad
+-            preg_replace('/[^\.\d\w-]/','', $param ); // only allowed chars
++            $param = preg_replace('/[^\.\d\w-]/','', $param ); // only allowed chars
+             // match ipv4 dotted quad
+             if (preg_match('/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/',$param, $match)){
+                 // confirm values are ok
--- moodle-1.8.2.orig/debian/patches/msa090008.dpatch
+++ moodle-1.8.2/debian/patches/msa090008.dpatch
@@ -0,0 +1,63 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## msa090008.dpatch by Francois Marier <francois@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: forum: add sesskey to post/discussion deletion
+
+@DPATCH@
+diff --git a/mod/forum/post.php b/mod/forum/post.php
+index 8a4760b..cf06da1 100644
+--- a/mod/forum/post.php
++++ b/mod/forum/post.php
+@@ -266,7 +266,7 @@
+ 
+         $replycount = forum_count_replies($post);
+ 
+-        if (!empty($confirm)) {    // User has confirmed the delete
++        if (!empty($confirm) && confirm_sesskey()) {    // User has confirmed the delete
+ 
+             if ($post->totalscore) {
+                 notice(get_string("couldnotdeleteratings", "forum"),
+@@ -320,7 +320,7 @@
+                 }
+                 print_header();
+                 notice_yesno(get_string("deletesureplural", "forum", $replycount+1),
+-                             "post.php?delete=$delete&amp;confirm=$delete",
++                             "post.php?delete=$delete&amp;confirm=$delete&amp;sesskey=".sesskey(),
+                              $CFG->wwwroot.'/mod/forum/discuss.php?d='.$post->discussion.'#p'.$post->id);
+ 
+                 forum_print_post($post, $course->id, $ownpost=false, $reply=false, $link=false);
+@@ -335,7 +335,7 @@
+             } else {
+                 print_header();
+                 notice_yesno(get_string("deletesure", "forum", $replycount),
+-                             "post.php?delete=$delete&amp;confirm=$delete",
++                             "post.php?delete=$delete&amp;confirm=$delete&amp;sesskey=".sesskey(),
+                              $CFG->wwwroot.'/mod/forum/discuss.php?d='.$post->discussion.'#p'.$post->id);
+                 forum_print_post($post, $forum->course, $ownpost=false, $reply=false, $link=false);
+             }
+diff --git a/mod/forum/post.php b/mod/forum/post.php
+index cf06da1..83fb15a 100644
+--- a/mod/forum/post.php
++++ b/mod/forum/post.php
+@@ -371,7 +371,7 @@
+             error("You can't split discussions!");
+         }
+ 
+-        if (!empty($name)) {    // User has confirmed the prune
++        if (!empty($name) && confirm_sesskey()) {    // User has confirmed the prune
+ 
+             $newdiscussion = new object();
+             $newdiscussion->course       = $discussion->course;
+diff --git a/mod/forum/prune.html b/mod/forum/prune.html
+index 383b3a9..1a4f4b7 100644
+--- a/mod/forum/prune.html
++++ b/mod/forum/prune.html
+@@ -11,6 +11,7 @@
+     <td align="center" colspan="2">
+     <input type="hidden" name="prune"   value="<?php p($prune) ?>" />
+     <input type="hidden" name="confirm" value="<?php p($prune) ?>" />
++    <input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
+     <input type="submit" value="<?php print_string('prune', 'forum'); ?>" />
+     </td>
+ </tr>
--- moodle-1.8.2.orig/debian/patches/CVE-2008-5432_wiki.dpatch
+++ moodle-1.8.2/debian/patches/CVE-2008-5432_wiki.dpatch
@@ -0,0 +1,22 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2008-5432_wiki.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix XSS in the wiki module (CVE-2008-5432).
+## DP: Thanks to Francois Marier.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/mod/wiki/lib.php moodle-1.8.2.dfsg/mod/wiki/lib.php
+--- moodle-1.8.2/mod/wiki/lib.php	2007-02-22 18:22:16.000000000 -0800
++++ moodle-1.8.2.dfsg/mod/wiki/lib.php	2009-02-12 11:09:06.000000000 -0800
+@@ -192,6 +192,10 @@
+         //Obtain the visible property from the instance
+         $modvisible = instance_is_visible($log->module,$tempmod);
+ 
++    /// Process log->url and rebuild it here to properly clean the pagename - MDL-15896
++        $extractedpage = preg_replace('/^.*&page=/', '', $log->url);
++        $log->url = preg_replace('/page=.*$/', 'page='.urlencode($extractedpage), $log->url);
++
+         //Only if the mod is visible
+         if ($modvisible) {
+             $wikis[$log->info] = wiki_log_info($log);
--- moodle-1.8.2.orig/debian/patches/mdl11759_group-creation.dpatch
+++ moodle-1.8.2/debian/patches/mdl11759_group-creation.dpatch
@@ -0,0 +1,144 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## mdl11759_group-creation.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix anonymous group creation and html injection (MDL-11759).
+## DP: Thanks to Dan Poltawski.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/group/edit.php moodle-1.8.2.dfsg/group/edit.php
+--- moodle-1.8.2/group/edit.php	2007-05-15 19:40:11.000000000 -0700
++++ moodle-1.8.2.dfsg/group/edit.php	2009-02-12 11:09:06.000000000 -0800
+@@ -17,15 +17,16 @@
+ 
+ /// get url variables
+ $courseid    = required_param('courseid', PARAM_INT);
+-$id          = optional_param('id', false, PARAM_INT);         
+-$groupingid  = optional_param('grouping', false, PARAM_INT);
+-$newgrouping = optional_param('newgrouping', false, PARAM_INT);
++$id          = optional_param('id', 0, PARAM_INT);         
++$groupingid  = optional_param('grouping', GROUP_NOT_IN_GROUPING, PARAM_INT);
++$newgrouping = optional_param('newgrouping', GROUP_NOT_IN_GROUPING, PARAM_INT);
+ $delete      = optional_param('delete', 0, PARAM_BOOL);
+ $confirm     = optional_param('confirm', 0, PARAM_BOOL);
+ 
+ if (empty($CFG->enablegroupings)) {
+     // NO GROUPINGS YET!
+-    $groupingid = GROUP_NOT_IN_GROUPING;
++    $groupingid  = GROUP_NOT_IN_GROUPING;
++    $newgrouping = GROUP_NOT_IN_GROUPING;
+ }
+ 
+ /// Course must be valid 
+@@ -33,62 +34,73 @@
+     error('Course ID was incorrect');
+ }
+ 
+-/// Delete action should not be called without a group id
+-if ($delete && !$id) {
+-    error(get_string('errorinvalidgroup'));
+-}
++$context = get_context_instance(CONTEXT_COURSE, $course->id);
++require_capability('moodle/course:managegroups', $context);
+ 
+-if ($delete && !$confirm) {
+-    print_header(get_string('deleteselectedgroup', 'group'), get_string('deleteselectedgroup', 'group'));
+-    $optionsyes = array('id'=>$id, 'delete'=>1, 'courseid'=>$courseid, 'sesskey'=>sesskey(), 'confirm'=>1);
+-    $optionsno  = array('id'=>$courseid);
+-    if (!$group = get_record('groups', 'id', $id)) {
+-        error('Group ID was incorrect');
+-    } 
+-    notice_yesno(get_string('deletegroupconfirm', 'group', $group->name), 'edit.php', 'index.php', $optionsyes, $optionsno, 'post', 'get');
+-    print_footer();
+-    die;
+-}
++$group = false;
+ 
+-/// basic access control checks
+ if ($id) {
+     if (!$group = get_record('groups', 'id', $id)) {
+         error('Group ID was incorrect');
+     } 
+-    $context = get_context_instance(CONTEXT_COURSE, $course->id);
+-    require_capability('moodle/course:managegroups', $context);
+-    
+-    // If group given but no groupingid, retrieve grouping id
+-    if (empty($groupingid)) {
+-        $groupings = groups_get_groupings_for_group($id);
+-        if (empty($groupings)) {
+-            $groupingid = -1;
+-        } else {
++    $group->description = clean_text($group->description);
++
++    if (!groups_group_belongs_to_course($group->id, $course->id)) {
++        error('Group not from this course.');
++    }
++
++    $groupings = groups_get_groupings_for_group($id);
++    if (empty($groupings)) {
++        $groupingid = -1;
++    } else {
++        if (!isset($groupings[$groupingid])) {
+             $groupingid = $groupings[0];
+         }
+-    } 
++    }
+ }
+ 
+-/// First create the form
+-$editform = new group_edit_form('edit.php', compact('group', 'groupingid', 'newgrouping', 'group', 'courseid'));
++if ($groupingid != GROUP_NOT_IN_GROUPING and !groups_db_grouping_belongs_to_course($groupingid, $course->id)) {
++    error('Grouping not from this course.');
++}
+ 
+-/// Override defaults if group is set
+-if (!empty($group)) {
+-    $editform->set_data($group);
++if ($newgrouping != GROUP_NOT_IN_GROUPING and !groups_db_grouping_belongs_to_course($newgrouping, $course->id)) {
++    error('Grouping not from this course.');
+ }
+ 
+ // Process delete action
+-if ($delete) {
+-    if (!confirm_sesskey()) {
+-        error('Sesskey error');
+-    }
+-    if (groups_delete_group($id)) {
+-        redirect(groups_home_url($course->id, null, $groupingid, false));
++if ($delete and $group) {
++    if (!$group) {
++        /// Delete action should not be called without a group id
++        error(get_string('errorinvalidgroup'));
++
++    } else if (!$confirm) {
++        print_header(get_string('deleteselectedgroup', 'group'), get_string('deleteselectedgroup', 'group'));
++        $optionsyes = array('id'=>$group->id, 'delete'=>1, 'courseid'=>$course->id, 'sesskey'=>sesskey(), 'confirm'=>1);
++        $optionsno  = array('id'=>$course->id);
++        notice_yesno(get_string('deletegroupconfirm', 'group', $group->name), 'edit.php', 'index.php', $optionsyes, $optionsno, 'post', 'get');
++        print_footer();
++        die;
++
+     } else {
+-        print_error('erroreditgroup', 'group', groups_home_url($course->id));
++        if (!confirm_sesskey()) {
++            error('Sesskey error');
++        }
++        if (groups_delete_group($group->id)) {
++            redirect(groups_home_url($course->id, null, $groupingid, false));
++        } else {
++            print_error('erroreditgroup', 'group', groups_home_url($course->id));
++        }
+     }
+ }
+ 
++/// First create the form
++$editform = new group_edit_form('edit.php', compact('group', 'groupingid', 'newgrouping', 'group', 'courseid'));
++
++/// Override defaults if group is set
++if (!empty($group)) {
++    $editform->set_data($group);
++}
++
+ $error = null;
+ 
+ if ($editform->is_cancelled()) {
--- moodle-1.8.2.orig/debian/patches/CVE-2007-3215_phpmailer.dpatch
+++ moodle-1.8.2/debian/patches/CVE-2007-3215_phpmailer.dpatch
@@ -0,0 +1,23 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2007-3215_phpmailer.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Patch security bug in the embedded (and customised) copy of phpmailer
+## DP: CVE-2007-3215, thanks to Francois Marier.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/lib/phpmailer/class.phpmailer.php moodle-1.8.2.dfsg/lib/phpmailer/class.phpmailer.php
+--- moodle-1.8.2/lib/phpmailer/class.phpmailer.php	2007-03-12 19:26:25.000000000 -0700
++++ moodle-1.8.2.dfsg/lib/phpmailer/class.phpmailer.php	2009-02-12 11:09:06.000000000 -0800
+@@ -404,9 +404,9 @@
+      */
+     function SendmailSend($header, $body) {
+         if ($this->Sender != "")
+-            $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
++            $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
+         else
+-            $sendmail = sprintf("%s -oi -t", $this->Sendmail);
++            $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
+ 
+         if(!@$mail = popen($sendmail, "w"))
+         {
--- moodle-1.8.2.orig/debian/patches/00list
+++ moodle-1.8.2/debian/patches/00list
@@ -0,0 +1,36 @@
+fixdiscuss.dpatch
+CVE-2008-1502.dpatch
+# 1.8.2-2
+CVE-2007-3215_phpmailer.dpatch
+CVE-2008-4796_snoopy.dpatch
+# 1.8.2.dfsg-1
+html2text-update.dpatch
+CVE-2008-5432_wiki.dpatch
+# 1.8.2.dfsg-2
+msa080010_hotpot.dpatch
+msa080004_install.dpatch
+msa08003_login-as.dpatch
+msa080015_deleted-user-profiles.dpatch
+msa080021_text-cleaning.dpatch
+msa080023_message-csrf.dpatch
+mdl11759_group-creation.dpatch
+MDL-9288_mnet.dpatch
+MDL-11857_restore.dpatch
+mdl12079_essayquestions.dpatch
+mdl12793_PARAM_HOST.dpatch
+mdl14806_wiki-params.dpatch
+# 1.8.2.dfsg-3
+msa090001.dpatch
+msa090002.dpatch
+msa090004.dpatch
+msa090007_cleanup-prep.dpatch
+msa090007.dpatch
+msa090008.dpatch
+# 1.8.2.dfsg-4
+## originally msa090007_cleanup-prep.dpatch came from here
+msa090006_CVE-2009-0501_calendar.dpatch
+# 1.8.2.dfsg-4.1
+CVE-2009-1171.dpatch
+# Extra
+smarty_dollar_sign.dpatch
+smarty_math_backticks.dpatch
--- moodle-1.8.2.orig/debian/patches/MDL-9288_mnet.dpatch
+++ moodle-1.8.2/debian/patches/MDL-9288_mnet.dpatch
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## MDL-9288_mnet.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix SQL injection bug in mnet (MDL-9288).
+## DP: Thanks to Dan Poltawski.
+
+@DPATCH@
+diff -Nru moodle-1.8.2/auth/mnet/auth.php moodle-1.8.2.dfsg/auth/mnet/auth.php
+--- moodle-1.8.2/auth/mnet/auth.php	2007-04-29 20:03:57.000000000 -0700
++++ moodle-1.8.2.dfsg/auth/mnet/auth.php	2009-02-12 11:09:06.000000000 -0800
+@@ -285,7 +285,7 @@
+         $firsttime = false;
+ 
+         // get the local record for the remote user
+-        $localuser = get_record('user', 'username', $remoteuser->username, 'mnethostid', $remotehost->id);
++        $localuser = get_record('user', 'username', addslashes($remoteuser->username), 'mnethostid', $remotehost->id);
+ 
+         // add the remote user to the database if necessary, and if allowed
+         // TODO: refactor into a separate function
--- moodle-1.8.2.orig/debian/templates
+++ moodle-1.8.2/debian/templates
@@ -0,0 +1,105 @@
+Template: moodle/webserver
+Type: select
+Choices: apache2, apache, apache-ssl, apache-perl
+Default: apache2
+_Description: Web server software:
+ Please choose the web server software you will use with Moodle.
+
+Template: moodle/db_server
+Type: select
+Choices: postgresql, mysql-server
+Default: postgresql
+_Description: Database server software for Moodle:
+ Moodle can work with either MySQL or PostgreSQL. Please choose which
+ one you want to use.
+ .
+ Please check that it is installed before continuing.
+
+Template: moodle/db_postgres_create
+Type: boolean
+Default: true
+_Description: Should a default postgres database be created for Moodle on localhost?
+ Select "Yes" to create a database on localhost for Moodle.
+ .
+ Select "No" if you want to create the database and configure access to it manually.
+
+Template: moodle/db_host
+Type: string
+Default: localhost
+_Description: Database server hostname:
+ Please enter the hostname of the database server host.
+
+Template: moodle/dba_name
+Type: string
+Default: postgres
+_Description: Database administrator username:
+ Please enter the PostgreSQL or MySQL administrator username, needed for
+ the database creation.
+
+Template: moodle/dba_password
+Type: password
+_Description: Database administrator password:
+ Please enter the PostgreSQL or MySQL administrator password, needed for
+ the database creation.
+
+Template: moodle/dba_confirm
+Type: password
+_Description: DBA password confirmation:
+ Please confirm the password in order to continue the process.
+
+Template: moodle/mismatch
+Type: note
+_Description: Password mismatch
+ The password and its confirmation do not match. Please
+ reenter the passwords.
+
+Template: moodle/dbu_name
+Type: string
+Default: moodle
+_Description: Database owner username:
+ Please enter the username of the Moodle database owner.
+
+Template: moodle/dbu_password
+Type: password
+_Description: Database owner password:
+ Please enter the password of the Moodle database owner.
+
+Template: moodle/dbu_confirm
+Type: password
+_Description: Database user password confirmation:
+ Please confirm the password of the Moodle database owner.
+
+Template: moodle/notconfigured
+Type: note
+_Description: Warning - Moodle is not configured
+ Please note that you have not completed the Moodle configuration. For
+ completing it, please use "dpkg-reconfigure moodle" later.
+
+Template: moodle/create_tables
+Type: note
+_Description: Warning - Moodle tables not created in database
+ This install script will create the Moodle database, but
+ the tables need to be created by Moodle itself. Please
+ launch Moodle immediately after this installation completes:
+ .
+ http://localhost/moodle/admin
+
+Template: moodle/create_db
+Type: note
+_Description: Warning - Moodle database not created
+ You will need to create your Moodle database manually and
+ configure access to it according to the settings you specified
+ during this installation. See your Moodle's config.php.
+ Once you create the database, the tables will need to be created
+ by Moodle itself. Launch it immediately after configuring your
+ database:
+ .
+ http://localhost/moodle/admin
+
+Template: moodle/old_webserver_config
+Type: note
+_Description: Warning - Webserver configuration possibly deprecated
+ Your webserver appears to have a deprecated httpd.conf file
+ which may include an old Moodle configuration file. You should verify
+ your webserver configuration.
+
--- moodle-1.8.2.orig/debian/postinst
+++ moodle-1.8.2/debian/postinst
@@ -0,0 +1,283 @@
+#! /bin/sh -e
+# postinst script for moodle 
+#
+# see: dh_installdeb(1)
+#
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+# quoting from the policy:
+#     Any necessary prompting should almost always be confined to the
+#     post-installation script, and should be protected with a conditional
+#     so that unnecessary prompting doesn't happen if a package's
+#     installation fails and the `postinst' is called with `abort-upgrade',
+#     `abort-remove' or `abort-deconfigure'.
+
+# escape_quotes borrowed originally from Ubuntu mythtv package
+escape_quotes() {
+    cat <<EOF | sed -e "s/'/\\\\'/g"
+$1
+EOF
+}
+
+# DoSQL borrowed originally from Ubuntu mythtv package
+DoMySQL() {
+    local dbtype="$1"
+    local host="$2"
+    local admin_username="$3"
+    local admin_password="$4"
+    local database="$5"
+    local statement="`escape_quotes \"$6\"`"
+    local tmp=`tempfile -m 600`
+	cat <<EOF >$tmp
+$admin_password
+EOF
+    perl -e "
+use DBI;
+chomp(\$password=<>);
+@statements=split(/;/, '$statement');
+\$db = DBI->connect('dbi:mysql:host=$host;database=$database',
+		    '$admin_username', \$password,
+		    { PrintError => 0 }) || die 'Failed to connect to database: ' . \$DBI::errstr;
+for \$s (@statements) { \$db->do(\$s) || die 'Failed to execute SQL: ' . \$s . '\n' . \$DBI::errstr; }
+" < $tmp
+    ret=$?
+    rm -f $tmp
+    return $ret
+}
+
+check_pgsafe() {
+    dbname="$1"
+
+    [ -z "`type -p pg_lsclusters`" ] && { echo 'pg_lsclusters is not in my $PATH.'; return 1; }
+    o=$(pg_lsclusters -h) || { echo "pg_lsclusters failed."; return 1; }
+
+    if [ $(echo "$o" | wc -l) != 1 ]; then
+        echo "You have configured more than one PostgreSQL cluster."
+        return 1
+    fi
+
+    echo "$o" | if read VERSION CLUSTER trash; then
+        cf="/etc/postgresql/$VERSION/$CLUSTER/pg_hba.conf"
+        grep -q '^local.*all.*all.*ident.*sameuser$' "$cf" || {
+            echo "Your settings in $cf do not allow me to continue."
+            return 1;
+    }
+    fi
+
+    su -c 'psql -Atl' postgres | grep "^$dbname|" && {
+        echo "There is already a database named $dbname."
+        return 1;
+    }
+
+    return 0
+}
+
+get_config() {
+    db_get moodle/webserver
+    webserver="$RET"
+
+    db_get moodle/db_server
+    db_server="$RET"
+
+    db_get moodle/db_host
+    db_host="$RET"
+
+    db_get moodle/db_postgres_create
+    db_pgcreate="$RET"
+
+    case $db_server in
+	"postgresql")
+	    db_type="postgres7"
+	    db_port=5432 ;;
+
+	"mysql-server")
+	    db_type="mysql"
+	    db_port=3306 ;;
+	*)
+	    echo "Unknown database server type: $db_server"
+	    die
+    esac
+
+    db_get moodle/dba_name
+    dba_name="$RET"
+
+    db_get moodle/dba_password
+    dba_password="$RET"
+
+    db_get moodle/dbu_name
+    dbu_name="$RET"
+
+    db_get moodle/dbu_password
+    dbu_password="$RET"
+
+    db_name='moodle'
+}
+
+handle_config() {
+	 if [ "$webserver" = "apache-ssl" ]
+	 then
+		 protocol="https"
+	 else
+	    protocol="http"
+	 fi
+
+    cfile=/etc/moodle/config.php
+    tempcfile=`tempfile`
+    cat > $tempcfile <<EOF
+<?
+ # This file has been generated by debconf
+ # You can find a commented config file in /usr/share/doc/moodle/
+
+ unset(\$CFG);
+
+ \$CFG->dbtype = '${db_type}';
+ \$CFG->dbhost = '${db_host}';
+ \$CFG->dbname = '${db_name}';
+ \$CFG->dbuser = '${dbu_name}';
+ \$CFG->dbpass = '${dbu_password}';
+ \$CFG->prefix = 'mdl_';
+
+ \$CFG->dbpersist = "false";
+
+ \$CFG->wwwroot = '${protocol}://localhost/moodle';
+ \$CFG->dirroot = '/usr/share/moodle';
+ \$CFG->dataroot = '/var/lib/moodle';
+ \$CFG->directorypermissions = 0750;
+ \$CFG->admin = 'admin';
+
+ \$CFG->respectsessionsettings = true;
+
+	if (file_exists("\$CFG->dirroot/lib/setup.php"))  {       // Do not edit
+		include_once("\$CFG->dirroot/lib/setup.php");
+	} else {
+		if (\$CFG->dirroot == dirname(__FILE__)) {
+			echo "<p>Could not find this file: \$CFG->dirroot/lib/setup.php</p>";
+			echo "<p>Are you sure all your files have been uploaded?</p>";
+		} else {
+			echo "<p>Error detected in config.php</p>";
+			echo "<p>Error in: \\\$CFG->dirroot = '\$CFG->dirroot';</p>";
+			echo "<p>Try this: \\\$CFG->dirroot = '".dirname(__FILE__)."';</p>";
+		}
+		die;
+	}
+?>
+EOF
+    ucf --debconf-ok $tempcfile $cfile
+    chmod 640 $cfile
+    chown www-data:www-data $cfile
+}
+
+db_not_installed() {
+    echo "Please install the chosen Moodle SGBD: $db_server, then try"
+    echo "dpkg-reconfigure moodle"
+}
+
+case "$1" in
+    configure)
+	. /usr/share/debconf/confmodule
+	db_version 2.0
+
+	# care about config files
+	moodledir=/usr/share/moodle
+	
+	# Read debconf and edit the config file accordingly
+	get_config
+	handle_config
+	db_stop
+
+	if [ -r /etc/moodle/config.php ]; then
+	      [ -f $moodledir/config.php ] && rm $moodledir/config.php
+	      ln -s /etc/moodle/config.php $moodledir/config.php
+	fi
+
+	# Care about the repository
+	repository=/var/lib/moodle
+	if [ -d $repository ]; then
+	    # set the owner and change rights accordingly
+	    chown -R www-data:www-data $repository
+	    chmod 0755 $repository
+	fi
+
+	# Add the Apache configuration file to Apache conf.d directory
+	if [ ! -e /etc/${webserver}/conf.d/moodle ]
+	then
+	   if [ -d /etc/${webserver}/conf.d/ ]
+	   then
+	      ln -s /etc/moodle/apache.conf /etc/${webserver}/conf.d/moodle
+	   else
+		  echo "---------------------------------------------------------"
+		  echo "The selected web server doesn't seem to be installed"
+		  echo "You should select a web server which is installed or"
+		  echo "configure your web server manually"
+		  echo "---------------------------------------------------------"
+
+	   fi
+	fi
+	invoke-rc.d ${webserver} reload || true
+
+	# care about the database creation
+
+	case "$db_type" in
+	    mysql)
+		if ! DoMySQL "$db_server" "$db_host" "$dba_name" "$dba_password" "$db_name" "SELECT NULL" 2>/dev/null; then
+			if ! DoMySQL "$db_server" "$db_host" "$dba_name" "$dba_password" "" \
+			     "CREATE DATABASE $db_name"; then
+				echo "Failed to create database (incorrect admin username/password?)" >&2
+				echo "It's also possible that mysql-server wasn't running.  After install" >&2
+				echo "is completed, you will need to make sure mysql-server is running" >&2
+				echo "and that you supplied correct information. Try:" >&2
+				echo "sudo dpkg-reconfigure moodle" >&2
+				# silently exit, instead pop up a notification for user indicating this
+				unud=/var/lib/update-notifier/user.d
+				if test -d $uund; then
+				    cp -f /usr/share/moodle/moodle-reconfigure-required.update-notifier \
+				          /var/lib/update-notifier/user.d/moodle-reconfigure-required
+				fi
+				exit 0
+			fi
+		fi
+		DoMySQL "$db_server" "$db_host" "$dba_name" "$dba_password" "$db_name" \
+		    "GRANT ALL PRIVILEGES ON $db_name.* TO $dbu_name@localhost IDENTIFIED BY '$dbu_password'"
+
+		DoMySQL "$db_server" "$db_host" "$dba_name" "$dba_password" "$db_name" \
+		    "GRANT ALL PRIVILEGES ON $db_name.* TO $dbu_name@'%' IDENTIFIED BY '$dbu_password'"
+	    ;;
+	    postgres7)
+	        if [ "$db_pgcreate" = "false" ] || ! check_pgsafe "$db_name"; then
+		    echo "You must create your PostgreSQL database manually."
+		else
+                    id "$dbu_name" 2> /dev/null || adduser --system --home /nonexistent --no-create-home --disabled-login "$dbu_name"
+		    su -c "psql --command \"CREATE ROLE $dbu_name PASSWORD '$dbu_password' NOSUPERUSER CREATEDB NOCREATEROLE INHERIT LOGIN;\"" postgres
+		    su -c "createdb -E UTF8 -O \"$dbu_name\" \"$db_name\"" postgres
+		fi
+	    ;;
+	esac
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
--- moodle-1.8.2.orig/debian/moodle-reconfigure-required.update-notifier
+++ moodle-1.8.2/debian/moodle-reconfigure-required.update-notifier
@@ -0,0 +1,16 @@
+Name: Moodle reconfigure required
+Priority: High
+Terminal: False
+DontShowAfterReboot: True
+Description: The moodle package was upgraded or installed, but was unable
+ to contact a MySQL server.
+ .
+ If you were in the process of dist-upgrading, this is normal as mysql-server 
+ is stopped for a portion of the upgrade.
+ .
+ If this is a fresh package installation, verify that mysql-server is installed
+ and running.  Once you have verified the server is running, you can reconfigure 
+ the package by running 'sudo dpkg-reconfigure moodle'.
+ .
+ If your root password or location of the MySQL server are non-standard, you can
+ also update them via 'sudo dpkg-reconfigure moodle'.
--- moodle-1.8.2.orig/debian/compat
+++ moodle-1.8.2/debian/compat
@@ -0,0 +1 @@
+4
--- moodle-1.8.2.orig/debian/links
+++ moodle-1.8.2/debian/links
@@ -0,0 +1 @@
+usr/bin/mimetex	usr/share/moodle/filter/tex/mimetex.linux
--- moodle-1.8.2.orig/debian/docs
+++ moodle-1.8.2/debian/docs
@@ -0,0 +1 @@
+config-dist.php
--- moodle-1.8.2.orig/debian/preinst
+++ moodle-1.8.2/debian/preinst
@@ -0,0 +1,47 @@
+#! /bin/sh -e
+# preinst script for moodle 
+
+get_config() {
+    db_get moodle/webserver
+    webserver="$RET"
+}
+
+oldconfig_warning() {
+	. /usr/share/debconf/confmodule
+	db_version 2.0
+
+	# Read debconf and edit the config file accordingly
+	get_config
+	db_stop
+
+	# Warn about include from httpd.conf when upgrading from older versions
+	includefile=/etc/moodle/apache.conf
+	if [ ! -f "/etc/${webserver}/conf.d/moodle" \
+	     -a -f "/etc/${webserver}/httpd.conf" ]; then
+	    if grep -q "$includefile" "/etc/${webserver}/httpd.conf"; then
+		db_input critical moodle/old_webserver_config || true
+	    fi
+	fi
+}
+
+case "$1" in
+	upgrade)
+		#remove old sessions when upgrading from < than 1.4.4-1
+		if dpkg --compare-versions "$2" lt "1.4.4-1"; then
+			find /var/lib/moodle/sessions -type f -print0 | xargs -r0 rm -f
+		fi
+
+	 	oldconfig_warning
+		;;
+	install)
+		# if the package was not purged we are called with the version
+		# as second paramter
+		if [ $# -eq 2 ]; then
+			oldconfig_warning
+		fi
+		;;
+esac
+
+#DEBHELPER#
+
+exit 0
--- moodle-1.8.2.orig/debian/config
+++ moodle-1.8.2/debian/config
@@ -0,0 +1,173 @@
+#!/bin/sh -e
+
+# Source debconf library.
+. /usr/share/debconf/confmodule
+
+db_version 2.0
+db_capb backup
+
+db_input high moodle/sgbd || true
+
+STATE=1
+while [ "$STATE"  != 0 -a "$STATE" -lt 15 ]
+  do
+  case "$STATE" in
+      1)
+	  db_input critical moodle/webserver || true
+	  if db_go; then
+	      db_get moodle/webserver || true
+	      if [ ! -z "$RET" ]; then
+		  STATE=2
+	      fi
+	  else
+	      STATE=0
+	  fi
+	  ;;
+
+      2)
+	  db_input critical moodle/db_server || true
+	  if db_go; then
+	      db_get moodle/db_server || true
+	      if [ ! -z "$RET" ]; then
+		  if [ "$RET" = "postgresql" ]; then
+		      STATE=3
+		  else
+		      STATE=4
+		  fi
+	      fi
+	  else
+	      STATE=1
+	  fi
+	  ;;
+
+      3)
+	  db_input critical moodle/db_postgres_create || true
+	  if db_go; then
+	      db_get moodle/db_postgres_create || true
+	      if [ ! -z "$RET" ]; then
+		  STATE=9
+	      fi
+	  else
+	      STATE=2
+	  fi
+	  ;;
+
+      4)
+	  db_input critical moodle/db_host || true
+	  if db_go; then
+	      db_get moodle/db_host || true
+	      if [ ! -z "$RET" ]; then
+		  STATE=5
+	      fi
+	  else
+	      STATE=2
+	  fi
+	  ;;
+
+      5)
+	  db_input critical moodle/dba_name || true
+	  if db_go; then
+	      db_get moodle/dba_name || true
+	      if [ ! -z "$RET" ]; then
+		  STATE=6
+	      fi
+	  else
+	      STATE=2
+	  fi
+	  ;;
+
+      6)
+	  db_input critical moodle/dba_password || true
+	  if db_go; then
+	      db_get moodle/dba_password || true
+	      STATE=7
+	  else
+	      STATE=5
+	  fi
+	  ;;
+
+      7)
+	  db_input critical moodle/dba_confirm || true
+	  if db_go; then
+	      db_get moodle/dba_confirm || true
+	      CONFIRM="$RET"
+	      db_get moodle/dba_password || true
+	      if [ "$RET" != "$CONFIRM" ]; then
+		  STATE=8
+	      else
+		  STATE=9
+	      fi
+	  else
+	      STATE=4
+	  fi
+	  ;;
+
+      8)
+	  db_input critical moodle/mismatch || true
+	  db_go
+	  STATE=5
+	  ;;
+
+      9)
+	  db_input critical moodle/dbu_name || true
+	  if db_go; then
+	      db_get moodle/dbu_name || true
+	      if [ ! -z "$RET" ]; then
+		  STATE=10
+	      fi
+	  else
+	      STATE=2
+	  fi
+	  ;;
+
+      10)
+	  db_input critical moodle/dbu_password || true
+	  if db_go; then
+	      db_get moodle/dbu_password || true
+	      STATE=11
+	  else
+	      STATE=9
+	  fi
+	  ;;
+
+      11)
+	  db_input critical moodle/dbu_confirm || true
+	  if db_go; then
+	      db_get moodle/dbu_confirm || true
+	      CONFIRM="$RET"
+	      db_get moodle/dbu_password || true
+	      if [ "$RET" != "$CONFIRM" ]; then
+		  STATE=12
+	      else
+		  STATE=13
+	      fi
+	  else
+	      STATE=9
+	  fi
+	  ;;
+
+      12)
+	  db_input critical moodle/mismatch || true
+	  db_go
+	  STATE=9
+	  ;;
+
+      13)
+	  db_input critical moodle/create_tables || true
+	  db_go
+	  STATE=15
+	  ;;
+
+      14)
+	  db_input critical moodle/create_db || true
+	  db_go
+	  STATE=15
+	  ;;
+  esac
+done
+
+if [ "$STATE" = 0 ]; then
+    db_input critical moodle/notconfigured || true
+    db_go
+    exit 1
+fi
--- moodle-1.8.2.orig/debian/apache.conf
+++ moodle-1.8.2/debian/apache.conf
@@ -0,0 +1,42 @@
+
+Alias /moodle /usr/share/moodle/
+
+<DirectoryMatch /usr/share/moodle/>
+
+Options +FollowSymLinks
+AllowOverride None
+
+order deny,allow
+deny from all
+allow from 127.0.0.0/255.0.0.0
+# allow from all
+
+<IfModule mod_php5.c>
+	php_flag magic_quotes_gpc On
+	php_flag magic_quotes_runtime Off
+	php_flag file_uploads On
+	php_flag short_open_tag On
+	php_flag session.auto_start Off
+	php_flag session.bug_compat_warn Off
+
+	php_value upload_max_filesize 2M
+	php_value post_max_size 2M
+</IfModule>
+
+<IfModule mod_php4.c>
+	php_flag magic_quotes_gpc On
+	php_flag magic_quotes_runtime Off
+	php_flag file_uploads On
+	php_flag short_open_tag On
+	php_flag session.auto_start Off
+	php_flag session.bug_compat_warn Off
+
+	php_value upload_max_filesize 2M
+	php_value post_max_size 2M
+</IfModule>
+
+<IfModule mod_dir.c>
+	DirectoryIndex index.php
+</IfModule>
+
+</DirectoryMatch>
--- moodle-1.8.2.orig/debian/changelog
+++ moodle-1.8.2/debian/changelog
@@ -0,0 +1,521 @@
+moodle (1.8.2-1ubuntu4.3) hardy-proposed; urgency=low
+
+  * Depend on PostgreSQL or MySQL to ensure host database is set up
+    before moodle configuration (Closes LP: #378726, #440098)
+
+ -- Jeremy Bicha <jeremy@bicha.net>  Sat, 24 Oct 2009 03:08:51 -0400
+
+moodle (1.8.2-1ubuntu4.2) hardy-security; urgency=low
+
+  * SECURITY UPDATE: backported upstream fixes from Moodle 1.8.9 and earlier.
+    - CVE-2008-4796_snoopy.dpatch: did not escape shell characters when
+      using https (MSA-09-0003).
+    - msa090006_CVE-2009-0501_calendar.dpatch: do not expose usernames via
+      calendar export errors.
+    - CVE-2007-3215_phpmailer.dpatch: escape sender email address when
+      calling sendmail.
+    - html2text-update.dpatch: html cleaning improved (MSA-08-0026,
+      CVE-2008-5619).
+    - CVE-2008-5432_wiki.dpatch: escape wiki titles in recent changes
+      list (MSA-08-0022).
+    - msa080010_hotpot.dpatch: block SQL injections in HotPot reports
+      (MSA-08-0010, CVE-2008-6124).
+    - msa080004_install.dpatch: stop XSS in unconfigured installs.
+    - msa08003_login-as.dpatch: correctly validate permissions when attempting
+      to switch users.
+    - msa080015_deleted-user-profiles.dpatch: do not display deleted user
+      profiles.
+    - msa080021_text-cleaning.dpatch: stop XSS in certain string format
+      situations.
+    - msa080023_message-csrf.dpatch: require sessionkey for instant messages
+      to stop CSRF.
+    - mdl11759_group-creation.dpatch: stop XSS in group creation.
+    - MDL-9288_mnet.dpatch: correct escape users names in mnet.
+    - MDL-11857_restore.dpatch: stop SQL injection from restore.
+    - mdl12079_essayquestions.dpatch: block XSS in essay questions.
+    - mdl12793_PARAM_HOST.dpatch: block XSS in host parameter.
+    - mdl14806_wiki-params.dpatch: block XSS in wiki parameters.
+    - msa090001.dpatch: allow removal of deleted-user pictures.
+    - msa090002.dpatch: block access to deleted-user pictures.
+    - msa090004.dpatch: stop XSS in "login as" (CVE-2009-0502).
+    - msa090007{,_cleanup-prep}.dpatch: add more input validation to
+      prevent XSS via inputs (CVE-2009-0500).
+    - msa090008.dpatch: add session key to forum actions to stop CSRF
+      (CVE-2009-0499).
+    - CVE-2009-1171.dpatch: blacklist TeX functions that allow arbitrary file
+      inclusion (MSA-09-0009, CVE-2009-1171).
+  * SECURITY UPDATE: Smarty template processor security fixes.
+    - smarty_dollar_sign.dpatch: stop php execution via templates
+      (CVE-2008-4810, CVE-2008-4811).
+    - smarty_math_backticks.dpatch: stop backtick processing in math
+      expressions (CVE-2009-1669).
+  * SECURITY UPDATE: remove unsafe and unused SpellChecker extension.
+    - debian/rules: remove SpellChecker (CVE-2008-5153).
+
+ -- Kees Cook <kees@ubuntu.com>  Fri, 19 Jun 2009 16:50:43 -0700
+
+moodle (1.8.2-1ubuntu4.1) hardy-security; urgency=low
+
+  * SECURITY UPDATE: arbitrary code execution via multiple vectors.
+    - Add CVE-2008-1502.dpatch: upstream KSES lib fixes, thanks to Nico Golde.
+
+ -- Kees Cook <kees@ubuntu.com>  Wed, 22 Oct 2008 14:01:33 -0700
+
+moodle (1.8.2-1ubuntu4) hardy; urgency=low
+
+  * debian/postinst: ... except we should explicitly pass --debconf-ok
+    to ucf, for compatibility with older versions.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 28 Mar 2008 01:16:24 +0000
+
+moodle (1.8.2-1ubuntu3) hardy; urgency=low
+
+  * debian/postinst: Only call db_stop after ucf has been run in
+    handle_config(), since ucf itself uses debconf; and drop the
+    "exec 0<&1" workaround which no longer matters. LP: #203844
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 28 Mar 2008 00:37:00 +0000
+
+moodle (1.8.2-1ubuntu2) gutsy; urgency=low
+
+  * Package changed to avoid use of wwwconfig; borrowed database setup code
+    from Ubuntu mythtv package.
+
+ -- Matt Oquist <moquist@majen.net>  Sat, 28 Jul 2007 16:14:18 +0200
+
+moodle (1.8.2-1ubuntu1) gutsy; urgency=low
+
+  * Merge from Debian unstable. Remaining Ubuntu changes:
+    - Depends on postgresql-client
+    - Suggest php5-ldap
+    - Modify Maintainer value to match Debian-Maintainer-Field Spec
+
+ -- Vincent Legout <bixente44@gmail.com>  Tue, 17 Jul 2007 16:14:18 +0200
+
+moodle (1.8.2-1) unstable; urgency=low
+
+  * New upstream release, fixes security bug, closes: #432264
+
+ -- Isaac Clerencia <isaac@debian.org>  Mon, 09 Jul 2007 00:24:17 +0200
+
+moodle (1.8.1-1ubuntu1) gutsy; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - Depends on postgresql-client
+    - Suggest php5-ldap
+    - Set apache2 as default in debian/templates
+    - Update Maintainer field in debian/control
+
+ -- Luca Falavigna <dktrkranz@ubuntu.com>  Fri, 15 Jun 2007 23:33:55 +0100
+
+moodle (1.8.1-1) unstable; urgency=low
+
+  * New upstream release
+  * Add php5-curl | php4-curl dependency for the new network features
+  * No longer depend on php4 and apache 1
+
+ -- Isaac Clerencia <isaac@debian.org>  Fri, 15 Jun 2007 14:12:43 +0200
+
+moodle (1.7.2-1ubuntu2) gutsy; urgency=low
+
+  * Switch back to postgresql-client and postgresql (LP: 110054)
+  * Suggest php5-ldap (LP: 107713)
+
+ -- Luca Falavigna <dktrkranz@ubuntu.com>  Sun, 10 Jun 2007 23:56:16 +0200
+
+moodle (1.7.2-1ubuntu1) gutsy; urgency=low
+
+  * Merge from Debian unstable. Remaining Ubuntu changes:
+    + debian/control:
+      - php5 by default.
+      - Add postgresql-client-8.1 to Depends.
+      - Update Recommends alternate to postgresql-8.1.
+    + debian/templates: Ensure the default corresponds to the install-
+      time dependencies (apache2).
+  * Modify Maintainer value to match Debian-Maintainer-Field Spec
+
+ -- Arthur Loiret <freacky22527@free.fr>  Sun,  3 Jun 2007 20:53:01 +0200
+
+moodle (1.7.2-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Isaac Clerencia <isaac@debian.org>  Fri, 01 Jun 2007 12:54:59 +0200
+
+moodle (1.7.1-1) experimental; urgency=low
+
+  * New upstream release
+
+ -- Isaac Clerencia <isaac@debian.org>  Wed, 24 Jan 2007 14:21:34 +0100
+
+moodle (1.7+20061215-1) experimental; urgency=low
+
+  * New upstream release
+
+ -- Isaac Clerencia <isaac@debian.org>  Fri, 15 Dec 2006 13:39:14 +0100
+
+moodle (1.6.3-2ubuntu1) feisty; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - debian/control:
+      + php5 by default.
+      + Add postgresql-client-8.1 to Depends.
+      + Update Recommends alternate to postgresql-8.1.
+    - debian/templates: Ensure the default corresponds to the install-
+      time dependencies (apache2).
+
+ -- Kees Cook <kees@ubuntu.com>  Mon, 18 Dec 2006 12:28:27 -0800
+
+moodle (1.6.3-2) unstable; urgency=high
+
+  * Urgency high as it fixes a security bug and should enter Etch ASAP
+  * Fix security bug in the forum module (discuss.php)
+
+ -- Isaac Clerencia <isaac@debian.org>  Thu, 14 Dec 2006 14:14:27 +0100
+
+moodle (1.6.3-1ubuntu1) feisty; urgency=low
+
+  * Merge from debian unstable.  Remaining Ubuntu changes:
+    - debian/control:
+      + php5 by default.
+      + Add postgresql-client-8.1 to Depends.
+      + Update Recommends alternate to postgresql-8.1.
+    - debian/templates: Ensure the default corresponds to the install-
+      time dependencies (apache2).
+
+ -- Kees Cook <kees@ubuntu.com>  Wed, 29 Nov 2006 16:08:37 -0800
+
+moodle (1.6.3-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Isaac Clerencia <isaac@debian.org>  Thu, 19 Oct 2006 11:37:40 +0200
+
+moodle (1.6.2+20060930-1) unstable; urgency=high
+
+  * Urgency high because it fixes a critical security hole
+  * New upstream release, closes: #390294, critical security hole
+  * Notify the user if the selected server isn't installed, select apache2
+    by default instead of apache, closes: #389806
+  * Add a configuration section for php5 in apache.conf, closes: #387609
+
+ -- Isaac Clerencia <isaac@debian.org>  Sat, 30 Sep 2006 12:14:29 +0100
+
+moodle (1.6.2-1ubuntu1.1) edgy; urgency=low
+
+  * SECURITY UPDATE: SQL injection vulnerability
+  * Add '01_sql-injection-fix.dpatch': Correctly escape tag options.
+  * References:
+    CVE-2006-5219
+    http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3
+
+ -- Kees Cook <kees@ubuntu.com>  Wed, 11 Oct 2006 15:25:15 -0700
+
+moodle (1.6.2-1ubuntu1) edgy; urgency=low
+
+  * Merge from Debian unstable. The following Ubuntu changes remain:
+    - debian/control:
+      + Apply patch from Ubuntu #59472 to use php5
+        (Closes Ubuntu: #59472),
+      + Add postgresql-client-8.1 to Depends (Closes Ubuntu: #51813),
+      + Update Recommends alternate to postgresql-8.1,
+    - debian/templates: Ensure the default corresponds to the install-
+      time dependencies (apache2) so we can avoid the mess that was
+      worked around in dapper-security.
+
+ -- Daniel T Chen <crimsun@ubuntu.com>  Sat, 23 Sep 2006 22:26:13 -0400
+
+moodle (1.6.2-1) unstable; urgency=low
+
+  * New upstream release, closes: #387177
+  * Debconf translation updates/additions:
+    * Czech, closes: #371834
+    * French, closes: 372713
+    * Portuguese, closes: #381194
+  * Install config-dist.php in the documentation directory, closes: #386476
+
+ -- Isaac Clerencia <isaac@debian.org>  Tue, 12 Sep 2006 22:06:34 +0200
+
+moodle (1.6.1+20060825-1) unstable; urgency=low
+
+  * New upstream release
+  * Moodle neither uses nor plans to use ADODB_Pager, so it's not affected by
+    #360396, but include patch for it anyway, just in case somebody decides to
+    use it out of the blue
+
+ -- Isaac Clerencia <isaac@debian.org>  Fri, 25 Aug 2006 08:56:42 +0200
+
+moodle (1.6-2ubuntu1) edgy; urgency=low
+
+  [ Ubuntu Merge-o-Matic ]
+  * Merge from debian unstable.
+
+ -- Daniel T Chen <crimsun@ubuntu.com>  Thu,  6 Jul 2006 20:30:30 -0400
+
+moodle (1.6-2) unstable; urgency=low
+
+  * Fix two problems in preinst, thanks to Jordi Mallach's workmate
+  * Ship cron file in package instead of generating it at postinst
+
+ -- Isaac Clerencia <isaac@debian.org>  Mon,  3 Jul 2006 10:25:31 +0200
+
+moodle (1.6-1ubuntu1) edgy; urgency=low
+
+  * Merge from debian unstable:
+    - Use Debian Sid's packaging save in debian/templates where we need
+      to make sure the default corresponds to the install-time
+      dependencies (apache2) so we can avoid the mess that was worked
+      around in dapper-security.
+
+ -- Daniel T Chen <crimsun@ubuntu.com>  Fri, 30 Jun 2006 19:21:20 +0100
+
+moodle (1.6-1) unstable; urgency=low
+
+  * New upstream release, needs newer PHP version, so updated versioned
+    dependencies
+
+ -- Isaac Clerencia <isaac@debian.org>  Mon, 19 Jun 2006 18:21:07 +0200
+
+moodle (1.5.4-1) unstable; urgency=low
+
+  * New upstream release
+  * Depend on ucf
+  * Move debhelper to Build-Depends as it's used in the clean target of
+    debian/rules
+  * Add colons to debconf template short descriptions
+  * Bumped Standard-Versions to 3.7.2, no changes needed
+
+ -- Isaac Clerencia <isaac@debian.org>  Tue, 30 May 2006 17:48:11 +0200
+
+moodle (1.5.3+20060206-1) unstable; urgency=low
+
+  * New package created from 1.5.3+ branch, which includes several bugfixes
+  * Allow moodle to be installed using php5 instead of php4, closes: #351298
+  * Changed apache | httpd to apache2-mpm-prefork | httpd
+
+ -- Isaac Clerencia <isaac@debian.org>  Mon,  6 Feb 2006 09:49:09 +0100
+
+moodle (1.5.3+20060108-2) unstable; urgency=low
+
+  * Throw cronjob output to /dev/null, closes: #349971 
+
+ -- Isaac Clerencia <isaac@debian.org>  Thu, 26 Jan 2006 13:01:58 +0100
+
+moodle (1.5.3+20060108-1ubuntu1) dapper; urgency=low
+
+  * Resynchronise with Debian.
+
+ -- Daniel T Chen <crimsun@fungus.sh.nu>  Mon, 09 Jan 2006 13:49:39 +0000
+
+moodle (1.5.3+20060108-1) unstable; urgency=low
+
+  * New package created from 1.5.3+ branch, which closes: #346509, a
+    security bug in the ADODB code included in Moodle
+  * Check for /usr/share/moodle/admin/cron.php existence in the cronjob,
+    closes: #342304
+  * Use php4-cli instead of wget to run the cronjob, closes: #345930
+
+ -- Isaac Clerencia <isaac@debian.org>  Sun,  8 Jan 2006 17:09:57 +0100
+
+moodle (1.5.3-1ubuntu1) dapper; urgency=low
+
+  * Resynchronise with Debian.
+
+ -- Stephan Hermann <sh@sourcecode.de>  Wed, 28 Dec 2005 18:25:41 +0100
+
+moodle (1.5.3-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Isaac Clerencia <isaac@debian.org>  Mon, 21 Nov 2005 21:09:21 +0100
+
+moodle (1.5.2-1ubuntu1) breezy; urgency=low
+
+  * Resync with debian (security update)
+  * changed dependencys to php5
+  * changed apache dependency to apache2 
+  * References
+    CAN-2005-2247
+
+ -- Andrew Mitchell <ajmitch@ubuntu.com>  Thu, 13 Oct 2005 02:00:59 +1300
+
+moodle (1.5.2-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Isaac Clerencia <isaac@debian.org>  Wed, 20 Jul 2005 15:13:41 +0200
+
+moodle (1.5.1-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Isaac Clerencia <isaac@debian.org>  Tue, 12 Jul 2005 09:50:59 +0200
+
+moodle (1.5-1) unstable; urgency=low
+
+  * New upstream release
+  * Added Vietnamese debconf translation, closes: #312961
+
+ -- Isaac Clerencia <isaac@debian.org>  Wed, 22 Jun 2005 22:18:26 +0200
+
+moodle (1.4.4.dfsg.1-3) unstable; urgency=high
+
+  * Urgency high as this upload closes a security bug
+  * Remove admin/delete.php on installation, fixes an important security bug 
+
+ -- Isaac Clerencia <isaac@debian.org>  Mon, 30 May 2005 20:45:33 +0200
+
+moodle (1.4.4.dfsg.1-2) unstable; urgency=low
+
+  * Use find | xargs instead of rm to remove old sessions, closes: #300266
+
+ -- Isaac Clerencia <isaac@debian.org>  Fri, 18 Mar 2005 18:47:32 +0100
+
+moodle (1.4.4.dfsg.1-1) unstable; urgency=high
+
+  * Urgency high as it closes a release critical bug and fixes some security
+  problems
+
+  * New upstream release
+
+  * Replaced non-free fonts with free fonts for some languages in the original
+  tarball, closes: #298938
+
+  * Set perms for /etc/moodle/config.php to 640 instead of 644, closes: #297237
+
+  * Use new option $CFG->respectsessionsettings = true; to clean sessions and
+  remove old sessions from /var/lib/moodle/sessions: closes: #295124
+
+  * Added cs.po debconf template translation, closes: #298208
+
+  * Remove /var/lib/moodle/ when purging
+
+ -- Isaac Clerencia <isaac@debian.org>  Thu, 10 Mar 2005 01:02:48 +0100
+
+moodle (1.4.3-1) unstable; urgency=high
+
+  * Urgency high as upstream release fixes several security bugs
+  * New upstream release
+  * Write database creation errors and warn the user about it, 
+  closes: #285842, #285842
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Wed, 29 Dec 2004 00:49:52 +0100
+
+moodle (1.4.2-2) unstable; urgency=low
+
+  * Create user before creating database in postinst 
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Tue, 23 Nov 2004 10:55:28 +0100
+
+moodle (1.4.2-1) unstable; urgency=high
+
+  * New upstream release
+  * Urgency high, as this upstream release closes several security bugs
+  * Added some extra information to README.Debian, thanks to Kevin Coyner
+  * Added apache2 as a choice for autoconfiguration, closes: #275444
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Wed, 10 Nov 2004 13:18:41 +0100
+
+moodle (1.4.1-2) unstable; urgency=medium
+
+  * Urgency medium, as it fixes the "default username" problem, which is a
+    www-config bug but affects lots of moodle users
+  * Use moodle as default database username, currently uses www-data which
+    causes www-config to fail to create the database
+  * Enabled Tex math filter and added mimetex in Depends:
+  * Removed an extra line from README.Debian
+  * Removed debian/overrides/ for lintian
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Sun, 24 Oct 2004 12:16:39 +0200
+
+moodle (1.4.1-1) unstable; urgency=low
+
+  * New upstream release, closes: #270855
+  * /var/lib/moodle is now owned by www-data, closes: #258283
+  * Added README.Debian with some hints for database setup,
+    closes: #272553, #270851
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Sat,  2 Oct 2004 00:37:53 +0200
+
+moodle (1.4-1) unstable; urgency=low
+
+  * New upstream release, closes: #256218, #256219
+  * Switched to a file in conf.d instead of an include in http.conf
+  * Added DirectoryIndex index.php to apache.conf file, closes: #247554
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Tue,  7 Sep 2004 22:07:10 +0200
+
+moodle (1.3.3-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Mon, 19 Jul 2004 11:28:48 +0200
+
+moodle (1.3.2-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Mon, 19 Jul 2004 11:16:45 +0200
+
+moodle (1.3.1-1) unstable; urgency=low
+
+  * New upstream release, closes: #252693
+  * Added "exec 0<&1" to postinst to fix hang when ucf asks the user
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Fri,  4 Jun 2004 23:45:37 +0200
+
+moodle (1.2.1-3) unstable; urgency=low
+
+  * Added a choice to use apache-perl in addition to apache and apache-ssl
+  * Changed back priority to Optional, because no longer depends on php4-gd2
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Thu, 22 Apr 2004 11:32:40 +0200
+
+moodle (1.2.1-2) unstable; urgency=low
+
+  * Changed depends on php4-gd2 to php4-gd, closes: #243717
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Tue, 20 Apr 2004 23:16:47 +0200
+
+moodle (1.2.1-1) unstable; urgency=low
+
+  * New upstream release
+  * Added ucf for better handling of config files
+  * Changed priority to Extra
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Tue, 30 Mar 2004 22:01:33 +0200
+
+moodle (1.1.1-4) unstable; urgency=low
+
+  * Added French debconf templates translation, closes: #235572
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Mon,  1 Mar 2004 12:22:03 +0100
+
+moodle (1.1.1-3) unstable; urgency=low
+
+  * Fixed debconf stuff by adding POTFILES.in, closes: #233114
+    Thanks to Martin Quirson.
+  * Fixed bug in config generation that caused passwords including '$'
+    broke the autentication
+  * Removed moodle prefix from some debian/ files
+  * Changed depend on debconf to misc:Depends
+  * Updated version for debhelper build-depend to 4.1.13
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Tue, 17 Feb 2004 23:55:45 +0100
+
+moodle (1.1.1-2) unstable; urgency=low
+
+  * Now depends on php4-pgsql or php4-mysql not both
+  * Added recommends for postgresql or mysql-serverl
+  * Added documentation dir
+  * Added wget in Depends: and changed cron.d to use wget
+  * Fixed postinst to put the correct protocol in config.php and cron.d/moodle
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Thu, 27 Nov 2003 23:14:11 +0100
+
+moodle (1.1.1-1) unstable; urgency=low
+
+  * Initial Debian Release, closes: #222475
+
+ -- Isaac Clerencia <isaac@sindominio.net>  Thu, 27 Nov 2003 23:14:11 +0100
+
--- moodle-1.8.2.orig/debian/dirs
+++ moodle-1.8.2/debian/dirs
@@ -0,0 +1,3 @@
+usr/share/moodle
+var/lib/moodle
+etc/moodle
--- moodle-1.8.2.orig/debian/copyright
+++ moodle-1.8.2/debian/copyright
@@ -0,0 +1,67 @@
+This package was debianized by Isaac Clerencia <isaac@sindominio.net> on
+Thu, 27 Nov 2003 23:14:11 +0100.
+
+It was downloaded from http://www.moodle.org
+
+Upstream Author: Martin Dougiamas <martin@dougiamas.com>
+
+Copyright (C) 2000-2002 Martin Dougiamas
+
+License:
+	This program is free software; you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation; either version 2 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You can find the license on Debian systems in the file 
+	/usr/share/common-licenses/GPL
+
+	This package also includes other pieces of software:
+	AdoDB, licensed under the LGPL
+	AdoDB-XML Schema, dual licensed under the BSD license and the LGPL
+	ipatlas, licensed under the GPL
+	PHPMailer, licensed under the LGPL
+	Smarty, licensed under the LGPL
+	htmlArea, licensed under a BSD license (see below)
+	TinyMCE, licensed under the LGPL
+	bennu, licensed under the LGPL
+
+	LGPL can be found in the file /usr/share/common-licenses/LGPL,
+	GPL can be found in the file /usr/share/common-licenses/GPL, and
+	BSD license can be found in the file /usr/share/common-licenses/BSD
+
+--------------------------------------------------------------------------------
+htmlArea License (based on BSD license)
+Copyright (c) 2002, interactivetools.com, inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+1) Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+2) Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation and/or
+other materials provided with the distribution.
+
+3) Neither the name of interactivetools.com, inc. nor the names of its
+contributors may be used to endorse or promote products derived from this
+software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+--------------------------------------------------------------------------------
--- moodle-1.8.2.orig/debian/control
+++ moodle-1.8.2/debian/control
@@ -0,0 +1,19 @@
+Source: moodle
+Section: web
+Priority: optional
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Isaac Clerencia <isaac@debian.org>
+Build-Depends-Indep: po-debconf
+Build-Depends: debhelper (>= 4.1.13), dpatch
+Standards-Version: 3.7.2
+
+Package: moodle
+Architecture: all
+Depends: ${misc:Depends}, libapache2-mod-php5 | php5-cgi, php5-pgsql | php5-mysql, php5-gd, php5-curl, php5-cli, apache2-mpm-prefork | httpd,
+ mimetex, ucf, postgresql-client | mysql-client, libdbi-perl, libdbd-mysql-perl, postgresql | mysql-server
+Suggests: php5-ldap
+Description: Course Management System for Online Learning
+ Moodle (Modular Object-Oriented Dynamic Learning Environment) is a course 
+ management system - a software package designed to help educators create 
+ quality online courses. One of the main advantages of Moodle over other 
+ systems is a strong grounding in social constructionist pedagogy.
--- moodle-1.8.2.orig/debian/postrm
+++ moodle-1.8.2/debian/postrm
@@ -0,0 +1,67 @@
+#! /bin/sh -e
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version>
+# for details, see /usr/share/doc/packaging-manual/
+
+get_config() {
+	db_get moodle/webserver
+	webserver="$RET"
+}
+
+case "$1" in
+    purge)
+	. /usr/share/debconf/confmodule
+	db_version 2.0
+
+	get_config
+
+	rm -f /etc/${webserver}/conf.d/moodle
+	if [ -e "/etc/init.d/${webserver}" ]; then
+	    invoke-rc.d ${webserver} reload || true
+	fi
+
+	rm -rf /usr/share/moodle
+	ucf --purge /etc/moodle/config.php
+	ucf --purge /etc/cron.d/moodle
+	rm -rf /etc/moodle
+	rm -rf /var/lib/moodle
+	rm -f /etc/cron.d/moodle
+	;;
+
+	remove)
+	. /usr/share/debconf/confmodule
+	db_version 2.0
+
+	get_config
+
+	rm -f /etc/${webserver}/conf.d/moodle
+	if [ -e "/etc/init.d/${webserver}" ]; then
+	    invoke-rc.d ${webserver} reload || true
+	fi
+	;;
+
+       upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+
+        ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 0
+
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
--- moodle-1.8.2.orig/debian/install
+++ moodle-1.8.2/debian/install
@@ -0,0 +1,35 @@
+file.php				usr/share/moodle
+help.php				usr/share/moodle
+index.php				usr/share/moodle
+version.php				usr/share/moodle
+admin					usr/share/moodle
+auth					usr/share/moodle
+backup					usr/share/moodle
+blocks					usr/share/moodle
+blog					usr/share/moodle
+calendar				usr/share/moodle
+course					usr/share/moodle
+enrol					usr/share/moodle
+error					usr/share/moodle
+files					usr/share/moodle
+filter					usr/share/moodle
+grade					usr/share/moodle
+group					usr/share/moodle
+install					usr/share/moodle
+iplookup				usr/share/moodle
+lang					usr/share/moodle
+lib					usr/share/moodle
+login					usr/share/moodle
+message					usr/share/moodle
+mnet					usr/share/moodle
+mod					usr/share/moodle
+my					usr/share/moodle
+pix					usr/share/moodle
+question				usr/share/moodle
+rss					usr/share/moodle
+search					usr/share/moodle
+sso					usr/share/moodle
+theme					usr/share/moodle
+user					usr/share/moodle
+userpix					usr/share/moodle
+debian/apache.conf			etc/moodle
--- moodle-1.8.2.orig/debian/README.Debian
+++ moodle-1.8.2/debian/README.Debian
@@ -0,0 +1,57 @@
+Moodle quickstart for Debian
+----------------------------
+
+USAGE
+
+  The application should be available at http://localhost/moodle/ after
+  install.
+
+  If you want to continue with setup and table creation from a remote browser
+  in another host, you should edit the file /etc/moodle/apache.conf,
+  removing the comment (#) from the line "allow from all" and restart apache.
+  
+  Note that if you do not remove this comment (#), no one will have remote
+  access to your moodle installation and only local users on that
+  machine will be able to access moodle.
+
+QUICKSTART
+
+  DATABASE CREATION
+
+  For the correct database and user creation during the package installation
+  you need to have a database admin account and the password for that account.
+
+  In PostgreSQL you should verify that you have the right access policy in 
+  /etc/postgresql/pg_hba.conf.
+
+  You should change your PostgreSQL server configuration to use passwords to 
+  authenticate users writing in your /etc/postgresql/pg_hba.conf file:
+
+  local   all         all                                       password
+  host    all         all   127.0.0.1         255.255.255.255   password
+
+  Before restarting the postmaster you should check that the admin user
+  has a password to access the database.
+
+  You can do this by executing in a shell while being root:
+  su - postgres
+  psql template1
+  (and inside the psql shell)
+  ALTER USER postgres password 'new_pass';
+  \q
+
+  For further information about PostgreSQL users and passwords refer to
+  the documentation available in the postgresql-doc package.
+
+  Then, restart the postmaster with /etc/init.d/postgresql restart.
+
+  TABLE CREATION
+
+  In order to create the database tables you need to point your browser to
+  http://localhost/moodle/admin . You need to have network access to your
+  database, you can enable it in /etc/mysql/my.cnf (just comment the
+  skip-networking line) for MySQL, and in /etc/postgresql/pg_hba.conf
+  (the above pg_hba example should work) for PostgreSQL.
+
+  Remember to restart the database with /etc/init.d/<database> restart if you
+  change that files.
--- moodle-1.8.2.orig/debian/rules
+++ moodle-1.8.2/debian/rules
@@ -0,0 +1,74 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# GNU copyright 1997 to 1999 by Joey Hess.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+include /usr/share/dpatch/dpatch.make
+
+build:
+
+clean: clean1 unpatch
+clean1:
+	dh_testdir
+	dh_testroot
+
+	dh_clean 
+
+install: patch-stamp
+	dh_testdir
+	dh_testroot
+	dh_clean -k 
+	dh_installdirs
+
+	dh_install -pmoodle debian/moodle-reconfigure-required.update-notifier usr/share/moodle
+
+# Build architecture-dependent files here.
+binary-arch: install
+# We have nothing to do by default.
+
+# Build architecture-independent files here.
+binary-indep: install
+	dh_testdir
+	dh_testroot
+	dh_installchangelogs
+	dh_installdocs
+	dh_install
+	dh_installcron
+	
+	rm debian/moodle/usr/share/moodle/lib/adodb/license.txt
+	rm debian/moodle/usr/share/moodle/lib/editor/htmlarea/license.txt
+	rm debian/moodle/usr/share/moodle/lib/editor/tinymce/jscripts/tiny_mce/license.txt
+	rm debian/moodle/usr/share/moodle/lib/bennu/LICENSE.txt
+	rm debian/moodle/usr/share/moodle/lib/phpmailer/LICENSE
+	rm debian/moodle/usr/share/moodle/lib/simpletestlib/LICENSE
+	rm debian/moodle/usr/share/moodle/search/Zend/LICENSE.txt
+	rm debian/moodle/usr/share/moodle/lib/smarty/COPYING.lib
+	rm debian/moodle/usr/share/moodle/iplookup/ipatlas/COPYING
+
+	find debian/moodle/usr -type f -exec chmod 644 {} \;
+	find debian/moodle/usr -type d -exec chmod 755 {} \;
+	# MSA-09-0005, CVE-2008-5153: remove unused SpellChecker
+	rm -rf debian/moodle/usr/share/moodle/lib/editor/htmlarea/plugins/SpellChecker
+	chmod 755 debian/moodle/usr/share/moodle/mod/chat/chatd.php
+	rm debian/moodle/usr/share/moodle/mod/chat/chatd.php
+	chmod 755 debian/moodle/usr/share/moodle/mod/wiki/ewiki/fragments/mkhuge
+	chmod 755 debian/moodle/usr/share/moodle/filter/algebra/algebra2tex.pl
+	chmod 755 debian/moodle/usr/share/moodle/admin/process_email.php
+	rm -f debian/moodle/usr/share/moodle/filter/tex/*mimetex*
+	rm -f debian/moodle/usr/share/moodle/admin/delete.php
+
+	dh_installdebconf	
+	dh_link
+	dh_compress
+	dh_fixperms
+
+	dh_installdeb
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install patch unpatch clean1
--- moodle-1.8.2.orig/debian/po/cs.po
+++ moodle-1.8.2/debian/po/cs.po
@@ -0,0 +1,201 @@
+#
+#    Translators, if you are not familiar with the PO format, gettext
+#    documentation is worth reading, especially sections dedicated to
+#    this format, e.g. by running:
+#         info -n '(gettext)PO Files'
+#         info -n '(gettext)Header Entry'
+#
+#    Some information specific to po-debconf are available at
+#            /usr/share/doc/po-debconf/README-trans
+#         or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+#    Developers do not need to manually edit POT or PO files.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: moodle\n"
+"Report-Msgid-Bugs-To: isaac@debian.org\n"
+"POT-Creation-Date: 2006-05-30 18:07+0200\n"
+"PO-Revision-Date: 2006-06-07 21:28+0200\n"
+"Last-Translator: Miroslav Kure <kurem@debian.cz>\n"
+"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: select
+#. Description
+#: ../templates:5
+msgid "Web server software:"
+msgstr "Webový server:"
+
+#. Type: select
+#. Description
+#: ../templates:5
+msgid "Please choose the web server software you will use with Moodle."
+msgstr "Vyberte si webový server, který budete se systémem Moodle používat."
+
+#. Type: select
+#. Description
+#: ../templates:12
+msgid "Database server software for Moodle:"
+msgstr "Databázový server pro Moodle:"
+
+#. Type: select
+#. Description
+#: ../templates:12
+msgid ""
+"Moodle can work with either MySQL or PostgreSQL. Please choose which one you "
+"want to use."
+msgstr ""
+"Moodle umí pracovat s databázovými systémy MySQL a PostgreSQL. Vyberte si, "
+"který z nich chcete používat."
+
+#. Type: select
+#. Description
+#: ../templates:12
+msgid "Please check that it is installed before continuing."
+msgstr "Před pokračováním zkontrolujte, že je nainstalovaný."
+
+#. Type: string
+#. Description
+#: ../templates:21
+msgid "Database server hostname:"
+msgstr "Jméno počítače s databázovým serverem:"
+
+#. Type: string
+#. Description
+#: ../templates:21
+msgid "Please enter the hostname of the database server host."
+msgstr "Zadejte jméno počítače, na kterém běží databázový server."
+
+#. Type: string
+#. Description
+#: ../templates:27
+msgid "Database administrator username:"
+msgstr "Uživatelské jméno správce databáze:"
+
+#. Type: string
+#. Description
+#: ../templates:27
+msgid ""
+"Please enter the PostgreSQL or MySQL administrator username, needed for the "
+"database creation."
+msgstr ""
+"Zadejte uživatelské jméno správce PostgreSQL nebo MySQL. To je potřeba pro "
+"vytvoření databáze."
+
+#. Type: password
+#. Description
+#: ../templates:33
+msgid "Database administrator password:"
+msgstr "Heslo správce databáze:"
+
+#. Type: password
+#. Description
+#: ../templates:33
+msgid ""
+"Please enter the PostgreSQL or MySQL administrator password, needed for the "
+"database creation."
+msgstr ""
+"Zadejte heslo správce PostgreSQL nebo MySQL. To je potřeba pro vytvoření "
+"databáze."
+
+#. Type: password
+#. Description
+#: ../templates:39
+msgid "DBA password confirmation:"
+msgstr "Potvrzení správcovského hesla k databázi:"
+
+#. Type: password
+#. Description
+#: ../templates:39
+msgid "Please confirm the password in order to continue the process."
+msgstr "Abyste mohli pokračovat, potvrďte prosím heslo."
+
+#. Type: note
+#. Description
+#: ../templates:44
+msgid "Password mismatch"
+msgstr "Hesla nesouhlasí"
+
+#. Type: note
+#. Description
+#: ../templates:44
+msgid ""
+"The password and its confirmation do not match. Please reenter the passwords."
+msgstr "Zadané heslo a jeho potvrzení nesouhlasí. Zadejte prosím hesla znovu."
+
+#. Type: string
+#. Description
+#: ../templates:51
+msgid "Database owner username:"
+msgstr "Uživatelské jméno vlastníka databáze:"
+
+#. Type: string
+#. Description
+#: ../templates:51
+msgid "Please enter the username of the Moodle database owner."
+msgstr "Zadejte uživatelské jméno vlastníka databáze Moodle."
+
+#. Type: password
+#. Description
+#: ../templates:56
+msgid "Database owner password:"
+msgstr "Heslo vlastníka databáze:"
+
+#. Type: password
+#. Description
+#: ../templates:56
+msgid "Please enter the password of the Moodle database owner."
+msgstr "Zadejte heslo vlastníka databáze Moodle."
+
+#. Type: password
+#. Description
+#: ../templates:61
+msgid "Database user password confirmation:"
+msgstr "Potvrzení hesla k databázi:"
+
+#. Type: password
+#. Description
+#: ../templates:61
+msgid "Please confirm the password of the Moodle database owner."
+msgstr "Potvrďte prosím heslo vlastníka databáze Moodle."
+
+#. Type: note
+#. Description
+#: ../templates:66
+msgid "Warning - Moodle is not configured"
+msgstr "Varování - Moodle není nakonfigurován"
+
+#. Type: note
+#. Description
+#: ../templates:66
+msgid ""
+"Please note that you have not completed the Moodle configuration. For "
+"completing it, please use \"dpkg-reconfigure moodle\" later."
+msgstr ""
+"Mějte prosím na paměti, že jste nedokončili nastavení Moodle. Pro jeho "
+"dokončení později spusťte příkaz \"dpkg-reconfigure moodle\"."
+
+#. Type: note
+#. Description
+#: ../templates:72
+msgid "Warning - Moodle database tables not created"
+msgstr "Varování - Databázové tabulky Moodle nebyly vytvořeny"
+
+#. Type: note
+#. Description
+#: ../templates:72
+msgid ""
+"The Moodle install script will create the database, but the tables are to be "
+"created with a PHP script. Please launch it right after the install:"
+msgstr ""
+"Instalační skript Moodle vytvoří databázi, avšak databázové tabulky se "
+"vytváří PHP skriptem. Hned po instalaci jej prosím spusťte z:"
+
+#. Type: note
+#. Description
+#: ../templates:72
+msgid "http://localhost/moodle/admin"
+msgstr "http://localhost/moodle/admin"
--- moodle-1.8.2.orig/debian/po/fr.po
+++ moodle-1.8.2/debian/po/fr.po
@@ -0,0 +1,206 @@
+# translation of fr.po to French
+#
+#
+#
+#
+# Christian Perrier <bubulle@debian.org>, 2006.
+msgid ""
+msgstr ""
+"Project-Id-Version: fr\n"
+"Report-Msgid-Bugs-To: isaac@debian.org\n"
+"POT-Creation-Date: 2006-05-30 18:07+0200\n"
+"PO-Revision-Date: 2006-06-07 06:44+0200\n"
+"Last-Translator: Christian Perrier <bubulle@debian.org>\n"
+"Language-Team: French <debian-l10n-french@lists.debian.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-15\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.2\n"
+
+#. Type: select
+#. Description
+#: ../templates:5
+msgid "Web server software:"
+msgstr "Logiciel serveur web�:"
+
+#. Type: select
+#. Description
+#: ../templates:5
+msgid "Please choose the web server software you will use with Moodle."
+msgstr ""
+"Veuillez choisir le logiciel serveur web que vous d�sirez utiliser avec "
+"Moodle."
+
+#. Type: select
+#. Description
+#: ../templates:12
+msgid "Database server software for Moodle:"
+msgstr "Logiciel serveur de bases de donn�es pour Moodle�:"
+
+#. Type: select
+#. Description
+#: ../templates:12
+msgid ""
+"Moodle can work with either MySQL or PostgreSQL. Please choose which one you "
+"want to use."
+msgstr ""
+"Moodle peut fonctionner avec MySQL ou PostgreSQL. Veuillez choisir le "
+"serveur de bases de donn�es que vous souhaitez utiliser."
+
+#. Type: select
+#. Description
+#: ../templates:12
+msgid "Please check that it is installed before continuing."
+msgstr "V�rifiez qu'il est bien install� avant de continuer."
+
+#. Type: string
+#. Description
+#: ../templates:21
+msgid "Database server hostname:"
+msgstr "Nom d'h�te du serveur de bases de donn�es�:"
+
+#. Type: string
+#. Description
+#: ../templates:21
+msgid "Please enter the hostname of the database server host."
+msgstr "Veuillez indiquer le nom d'h�te du serveur de bases de donn�es."
+
+#. Type: string
+#. Description
+#: ../templates:27
+msgid "Database administrator username:"
+msgstr "Identifiant de l'administrateur du serveur de bases de donn�es�:"
+
+#. Type: string
+#. Description
+#: ../templates:27
+msgid ""
+"Please enter the PostgreSQL or MySQL administrator username, needed for the "
+"database creation."
+msgstr ""
+"Veuillez indiquer l'identifiant de l'administrateur de PostgreSQL ou MySQL. "
+"Il est n�cessaire pour la cr�ation de la base de donn�es."
+
+#. Type: password
+#. Description
+#: ../templates:33
+msgid "Database administrator password:"
+msgstr "Mot de passe de l'administrateur de bases de donn�es�:"
+
+#. Type: password
+#. Description
+#: ../templates:33
+msgid ""
+"Please enter the PostgreSQL or MySQL administrator password, needed for the "
+"database creation."
+msgstr ""
+"Veuillez indiquer le mot de passe de l'administrateur de PostgreSQL ou "
+"MySQL. Il est n�cessaire pour la cr�ation de la base de donn�es."
+
+#. Type: password
+#. Description
+#: ../templates:39
+msgid "DBA password confirmation:"
+msgstr "Confirmation du mot de passe de l'administrateur�:"
+
+#. Type: password
+#. Description
+#: ../templates:39
+msgid "Please confirm the password in order to continue the process."
+msgstr "Veuillez confirmer le mot de passe afin de poursuivre."
+
+#. Type: note
+#. Description
+#: ../templates:44
+msgid "Password mismatch"
+msgstr "Mots de passe diff�rents"
+
+#. Type: note
+#. Description
+#: ../templates:44
+msgid ""
+"The password and its confirmation do not match. Please reenter the passwords."
+msgstr ""
+"Le mot de passe et sa confirmation ne correspondent pas. Veuillez indiquer � "
+"nouveau les mots de passe."
+
+#. Type: string
+#. Description
+#: ../templates:51
+msgid "Database owner username:"
+msgstr "Identifiant du propri�taire de la base de donn�es�:"
+
+#. Type: string
+#. Description
+#: ../templates:51
+msgid "Please enter the username of the Moodle database owner."
+msgstr ""
+"Veuillez indiquer l'identifiant du propri�taire de la base de donn�es de "
+"Moodle."
+
+#. Type: password
+#. Description
+#: ../templates:56
+msgid "Database owner password:"
+msgstr "Mot de passe du propri�taire de la base de donnes�:"
+
+#. Type: password
+#. Description
+#: ../templates:56
+msgid "Please enter the password of the Moodle database owner."
+msgstr ""
+"Veuillez indiquer le mot de passe du propri�taire de la base de donn�es de "
+"Moodle."
+
+#. Type: password
+#. Description
+#: ../templates:61
+msgid "Database user password confirmation:"
+msgstr "Confirmation du mot de passe du propri�taire�:"
+
+#. Type: password
+#. Description
+#: ../templates:61
+msgid "Please confirm the password of the Moodle database owner."
+msgstr ""
+"Veuillez confirmer le mot de passe du propri�taire de la base de donn�es."
+
+#. Type: note
+#. Description
+#: ../templates:66
+msgid "Warning - Moodle is not configured"
+msgstr "Moodle non configur�"
+
+#. Type: note
+#. Description
+#: ../templates:66
+msgid ""
+"Please note that you have not completed the Moodle configuration. For "
+"completing it, please use \"dpkg-reconfigure moodle\" later."
+msgstr ""
+"Veuillez noter que la configuration de Moodle n'est pas termin�e. Pour la "
+"terminer plus tard, veuillez utiliser la commande ��dpkg-reconfigure "
+"moodle��."
+
+#. Type: note
+#. Description
+#: ../templates:72
+msgid "Warning - Moodle database tables not created"
+msgstr "Tables de la base de donn�es de Moodle non cr��es"
+
+#. Type: note
+#. Description
+#: ../templates:72
+msgid ""
+"The Moodle install script will create the database, but the tables are to be "
+"created with a PHP script. Please launch it right after the install:"
+msgstr ""
+"Le script d'installation de Moodle s'occupera de la cr�ation de la base de "
+"donn�es, mais les tables qu'elle doit contenir doivent �tre cr��es avec un "
+"script PHP. Veuillez le lancer imm�diatement apr�s l'installation�:"
+
+#. Type: note
+#. Description
+#: ../templates:72
+msgid "http://localhost/moodle/admin"
+msgstr "http://localhost/moodle/admin"
--- moodle-1.8.2.orig/debian/po/templates.pot
+++ moodle-1.8.2/debian/po/templates.pot
@@ -0,0 +1,184 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: isaac@debian.org\n"
+"POT-Creation-Date: 2006-05-30 18:07+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: select
+#. Description
+#: ../templates:5
+msgid "Web server software:"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../templates:5
+msgid "Please choose the web server software you will use with Moodle."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../templates:12
+msgid "Database server software for Moodle:"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../templates:12
+msgid ""
+"Moodle can work with either MySQL or PostgreSQL. Please choose which one you "
+"want to use."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../templates:12
+msgid "Please check that it is installed before continuing."
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../templates:21
+msgid "Database server hostname:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../templates:21
+msgid "Please enter the hostname of the database server host."
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../templates:27
+msgid "Database administrator username:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../templates:27
+msgid ""
+"Please enter the PostgreSQL or MySQL administrator username, needed for the "
+"database creation."
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../templates:33
+msgid "Database administrator password:"
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../templates:33
+msgid ""
+"Please enter the PostgreSQL or MySQL administrator password, needed for the "
+"database creation."
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../templates:39
+msgid "DBA password confirmation:"
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../templates:39
+msgid "Please confirm the password in order to continue the process."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../templates:44
+msgid "Password mismatch"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../templates:44
+msgid ""
+"The password and its confirmation do not match. Please reenter the passwords."
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../templates:51
+msgid "Database owner username:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../templates:51
+msgid "Please enter the username of the Moodle database owner."
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../templates:56
+msgid "Database owner password:"
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../templates:56
+msgid "Please enter the password of the Moodle database owner."
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../templates:61
+msgid "Database user password confirmation:"
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../templates:61
+msgid "Please confirm the password of the Moodle database owner."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../templates:66
+msgid "Warning - Moodle is not configured"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../templates:66
+msgid ""
+"Please note that you have not completed the Moodle configuration. For "
+"completing it, please use \"dpkg-reconfigure moodle\" later."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../templates:72
+msgid "Warning - Moodle database tables not created"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../templates:72
+msgid ""
+"The Moodle install script will create the database, but the tables are to be "
+"created with a PHP script. Please launch it right after the install:"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../templates:72
+msgid "http://localhost/moodle/admin"
+msgstr ""
--- moodle-1.8.2.orig/debian/po/vi.po
+++ moodle-1.8.2/debian/po/vi.po
@@ -0,0 +1,202 @@
+# Vietnamese Translation for moodle.
+# Copyright © 2005 Free Software Foundation, Inc.
+# Clytie Siddall <clytie@riverland.net.au>, 2005.
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: moodle 1.4.4.dfsg.1-3\n"
+"Report-Msgid-Bugs-To: isaac@debian.org\n"
+"POT-Creation-Date: 2006-05-30 18:07+0200\n"
+"PO-Revision-Date: 2005-06-11 13:12+0930\n"
+"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n"
+"Language-Team: Vietnamese <gnomevi-list@lists.sourceforge.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0\n"
+
+#. Type: select
+#. Description
+#: ../templates:5
+#, fuzzy
+msgid "Web server software:"
+msgstr "Phần mềm phục vụ Mạng"
+
+#. Type: select
+#. Description
+#: ../templates:5
+msgid "Please choose the web server software you will use with Moodle."
+msgstr "Hãy chọn phần mềm phục vụ sẽ sử dụng với trình Moodle."
+
+#. Type: select
+#. Description
+#: ../templates:12
+#, fuzzy
+msgid "Database server software for Moodle:"
+msgstr "Phần phục vụ cơ sở dữ liệu cho Moodle"
+
+#. Type: select
+#. Description
+#: ../templates:12
+msgid ""
+"Moodle can work with either MySQL or PostgreSQL. Please choose which one you "
+"want to use."
+msgstr ""
+"Trình Moodle có thể hoạt động với hoặc MySQL hoặc PostgreSQL. Hãy chọn một "
+"điều."
+
+#. Type: select
+#. Description
+#: ../templates:12
+msgid "Please check that it is installed before continuing."
+msgstr "Hãy kiểm tra xem nó được cài đặt, trước khi tiếp tục."
+
+#. Type: string
+#. Description
+#: ../templates:21
+#, fuzzy
+msgid "Database server hostname:"
+msgstr "Tên máy của máy phục vụ cơ sở dữ liệu"
+
+#. Type: string
+#. Description
+#: ../templates:21
+msgid "Please enter the hostname of the database server host."
+msgstr "Hãy nhập tên máy của máy phục vụ cơ sở dữ liệu."
+
+#. Type: string
+#. Description
+#: ../templates:27
+#, fuzzy
+msgid "Database administrator username:"
+msgstr "Tên người dùng của quản trị cơ sở dữ liệu"
+
+#. Type: string
+#. Description
+#: ../templates:27
+msgid ""
+"Please enter the PostgreSQL or MySQL administrator username, needed for the "
+"database creation."
+msgstr ""
+"Hãy nhập tên người dùng của quản trị PostgreSQL hay MySQL: cần đến nó để tạo "
+"cơ sở dữ liệu."
+
+#. Type: password
+#. Description
+#: ../templates:33
+#, fuzzy
+msgid "Database administrator password:"
+msgstr "Mật khẩu của quản trị cơ sở dữ liệu"
+
+#. Type: password
+#. Description
+#: ../templates:33
+msgid ""
+"Please enter the PostgreSQL or MySQL administrator password, needed for the "
+"database creation."
+msgstr ""
+"Hãy nhập mật khẩu của quản trị PostgreSQL hay MySQL: cần đến nó để tạo cơ sở "
+"dữ liệu."
+
+#. Type: password
+#. Description
+#: ../templates:39
+#, fuzzy
+msgid "DBA password confirmation:"
+msgstr "Xác nhận mật khẩu quản trị cơ sở dữ liệu"
+
+#. Type: password
+#. Description
+#: ../templates:39
+msgid "Please confirm the password in order to continue the process."
+msgstr "Hãy xác nhận mật khẩu ấy để tiếp tục tiến trình này."
+
+#. Type: note
+#. Description
+#: ../templates:44
+msgid "Password mismatch"
+msgstr "Hai mật khẩu không khớp."
+
+#. Type: note
+#. Description
+#: ../templates:44
+msgid ""
+"The password and its confirmation do not match. Please reenter the passwords."
+msgstr "Hai mật khẩu ấy không khớp được. Hãy nhập lại."
+
+#. Type: string
+#. Description
+#: ../templates:51
+#, fuzzy
+msgid "Database owner username:"
+msgstr "Tên người dùng sở hữu cơ sở dữ liệu"
+
+#. Type: string
+#. Description
+#: ../templates:51
+msgid "Please enter the username of the Moodle database owner."
+msgstr "Hãy nhập tên người dùng của người sở hữu cơ sở dữ liệu Moodle."
+
+#. Type: password
+#. Description
+#: ../templates:56
+#, fuzzy
+msgid "Database owner password:"
+msgstr "Mật khẩu người sở hữu cơ sở dữ liệu"
+
+#. Type: password
+#. Description
+#: ../templates:56
+msgid "Please enter the password of the Moodle database owner."
+msgstr "Hãy nhập mật khẩu của người sở hữu cơ sở dữ liệu Moodle."
+
+#. Type: password
+#. Description
+#: ../templates:61
+#, fuzzy
+msgid "Database user password confirmation:"
+msgstr "Xác nhận mật khẩu người sở hữu cơ sở dữ liệu"
+
+#. Type: password
+#. Description
+#: ../templates:61
+msgid "Please confirm the password of the Moodle database owner."
+msgstr "Hãy xác nhận mật khẩu của người sở hữu cơ sở dữ liệu Moodle."
+
+#. Type: note
+#. Description
+#: ../templates:66
+msgid "Warning - Moodle is not configured"
+msgstr "• Cảnh báo: chưa cấu hình Moodle. •"
+
+#. Type: note
+#. Description
+#: ../templates:66
+msgid ""
+"Please note that you have not completed the Moodle configuration. For "
+"completing it, please use \"dpkg-reconfigure moodle\" later."
+msgstr ""
+"Hãy ghi chú rằng bạn chưa cấu hình xong trình Moodle. Để làm như thế lần "
+"sau, hãy sử dụng lệnh «dpkg-reconfigure moodle»."
+
+#. Type: note
+#. Description
+#: ../templates:72
+msgid "Warning - Moodle database tables not created"
+msgstr "• Cảnh báo: chưa tạo bảng cơ sở dữ liệu Moodle. •"
+
+#. Type: note
+#. Description
+#: ../templates:72
+msgid ""
+"The Moodle install script will create the database, but the tables are to be "
+"created with a PHP script. Please launch it right after the install:"
+msgstr ""
+"Tập lệnh cài đặt Moodle sẽ tạo cơ sở dữ liệu, nhưng mà cần đến một tập lệnh "
+"PHP để tạo bảng. Hãy khởi chạy nó đúng sau khi cài đặt:"
+
+#. Type: note
+#. Description
+#: ../templates:72
+msgid "http://localhost/moodle/admin"
+msgstr "http://localhost/moodle/admin"
--- moodle-1.8.2.orig/debian/po/POTFILES.in
+++ moodle-1.8.2/debian/po/POTFILES.in
@@ -0,0 +1 @@
+[type: gettext/rfc822deb] templates
--- moodle-1.8.2.orig/debian/po/pt.po
+++ moodle-1.8.2/debian/po/pt.po
@@ -0,0 +1,195 @@
+# Native Portuguese translation of moodle debconf.
+# Ricardo Silva <ardoric@gmail.com>, 2006.
+#
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: moodle 1.6-2\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-07-07 05:02-0600\n"
+"PO-Revision-Date: 2006-08-02 15:00+0100\n"
+"Last-Translator: Ricardo Silva <ardoric@gmail.com>\n"
+"Language-Team: Native Portuguese <traduz@debianpt.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit"
+
+#. Type: select
+#. Description
+#: ../templates:1001
+msgid "Web server software:"
+msgstr "Software servidor de Web:"
+
+#. Type: select
+#. Description
+#: ../templates:1002
+msgid "Please choose the web server software you will use with Moodle."
+msgstr "Por favor seleccione o software servidor de web que vai usar com o Moodle."
+
+#. Type: select
+#. Description
+#: ../templates:2001
+msgid "Database server software for Moodle:"
+msgstr "Software servidor de Bases de Dados para o Moodle:"
+
+#. Type: select
+#. Description
+#: ../templates:2002
+msgid ""
+"Moodle can work with either MySQL or PostgreSQL. Please choose which one you "
+"want to use."
+msgstr ""
+"O Moodle pode funcionar tanto com MySQL como com PostgreSQL. "
+"Por favor seleccione qual quer usar."
+
+#. Type: select
+#. Description
+#: ../templates:2003
+msgid "Please check that it is installed before continuing."
+msgstr "Por favor verifique que o mesmo está instalado antes de continuar."
+
+#. Type: string
+#. Description
+#: ../templates:3001
+msgid "Database server hostname:"
+msgstr "Hostname do servidor de Bases de Dados:"
+
+#. Type: string
+#. Description
+#: ../templates:3002
+msgid "Please enter the hostname of the database server host."
+msgstr "Por favor introduza o 'hostname' do servidor de bases de dados."
+
+#. Type: string
+#. Description
+#: ../templates:4001
+msgid "Database administrator username:"
+msgstr "Nome de utilizador do administrador da base de dados:"
+
+#. Type: string
+#. Description
+#: ../templates:4002
+msgid ""
+"Please enter the PostgreSQL or MySQL administrator username, needed for the "
+"database creation."
+msgstr ""
+"Por favor introduza o nome de utilizador de MySQL ou PostgreSQL, necessário "
+"para a criação de bases de dados."
+
+#. Type: password
+#. Description
+#: ../templates:5001
+msgid "Database administrator password:"
+msgstr "Palavra-chave do administrador de bases de dados:"
+
+#. Type: password
+#. Description
+#: ../templates:5002
+msgid ""
+"Please enter the PostgreSQL or MySQL administrator password, needed for the "
+"database creation."
+msgstr ""
+"Por favor introduza a palavra-chave do administrador de MySQL ou PostgreSQL, "
+"necessária para a criação de base de dados."
+
+#. Type: password
+#. Description
+#: ../templates:6001
+msgid "DBA password confirmation:"
+msgstr "Confirmação da palavra-chave de DBA:"
+
+#. Type: password
+#. Description
+#: ../templates:6002
+msgid "Please confirm the password in order to continue the process."
+msgstr "Por favor confirme a palavra-chave para poder continuar o processo."
+
+#. Type: note
+#. Description
+#: ../templates:7001
+msgid "Password mismatch"
+msgstr "Palavra-chave não coincidente"
+
+#. Type: note
+#. Description
+#: ../templates:7002
+msgid ""
+"The password and its confirmation do not match. Please reenter the passwords."
+msgstr ""
+"A palavra-chave e a sua confirmação não são iguais. Por favor volte a introduzi-las."
+
+#. Type: string
+#. Description
+#: ../templates:8001
+msgid "Database owner username:"
+msgstr "Nome de utilizador do dono da base de dados:"
+
+#. Type: string
+#. Description
+#: ../templates:8002
+msgid "Please enter the username of the Moodle database owner."
+msgstr "Por favor introduza o nome de utilizador do dono de base de dados do Moodle."
+
+#. Type: password
+#. Description
+#: ../templates:9001
+msgid "Database owner password:"
+msgstr "Palavra chave do dono da base de dados:"
+
+#. Type: password
+#. Description
+#: ../templates:9002
+msgid "Please enter the password of the Moodle database owner."
+msgstr "Por favor introduza a palavra-chave do dono da base de dados do moodle."
+
+#. Type: password
+#. Description
+#: ../templates:10001
+msgid "Database user password confirmation:"
+msgstr "Confirmação da palavra-chave do utilizador da base de dados:"
+
+#. Type: password
+#. Description
+#: ../templates:10002
+msgid "Please confirm the password of the Moodle database owner."
+msgstr "Por favor confirme a palavra-chave do dono da base de dados do Moodle."
+
+#. Type: note
+#. Description
+#: ../templates:11001
+msgid "Warning - Moodle is not configured"
+msgstr "AViso - o Moodle não está configurado"
+
+#. Type: note
+#. Description
+#: ../templates:11002
+msgid ""
+"Please note that you have not completed the Moodle configuration. For "
+"completing it, please use \"dpkg-reconfigure moodle\" later."
+msgstr ""
+"Por favor note que o senhor ainda não completou a configuração do Moodle. "
+"Para a completar, por favor use \"dpkg-reconfigure moodle\" mais tarde."
+
+#. Type: note
+#. Description
+#: ../templates:12001
+msgid "Warning - Moodle database tables not created"
+msgstr "Aviso - as tabelas da base de dados do moodle não estão criadas"
+
+#. Type: note
+#. Description
+#: ../templates:12002
+msgid ""
+"The Moodle install script will create the database, but the tables are to be "
+"created with a PHP script. Please launch it right after the install:"
+msgstr ""
+"O script de instalação do Moodle vai criar a base de dados, mas as tabelas serão "
+"criadas com um script PHP. Por favor lance-o logo a seguir à instalação:"
+
+#. Type: note
+#. Description
+#: ../templates:12003
+msgid "http://localhost/moodle/admin"
+msgstr "http://localhost/moodle/admin"
+
+