diff --git a/apps/calendar/index.php b/apps/calendar/index.php
index cf03a7a3cd..05a808a5ae 100644
--- a/apps/calendar/index.php
+++ b/apps/calendar/index.php
@@ -54,9 +54,9 @@ OCP\Util::addscript('contacts','jquery.multi-autocomplete');
 OCP\Util::addscript('','oc-vcategories');
 OCP\App::setActiveNavigationEntry('calendar_index');
 $tmpl = new OCP\Template('calendar', 'calendar', 'user');
-$tmpl->assign('eventSources', $eventSources);
+$tmpl->assign('eventSources', $eventSources,false);
 $tmpl->assign('categories', $categories);
 if(array_key_exists('showevent', $_GET)){
-	$tmpl->assign('showevent', $_GET['showevent']);
+	$tmpl->assign('showevent', $_GET['showevent'], false);
 }
 $tmpl->printPage();
diff --git a/apps/contacts/ajax/addproperty.php b/apps/contacts/ajax/addproperty.php
index 42b0c78203..94e09bac19 100644
--- a/apps/contacts/ajax/addproperty.php
+++ b/apps/contacts/ajax/addproperty.php
@@ -82,6 +82,7 @@ if(is_array($value)) {
 	$value = strip_tags($value);
 }
 
+/* preprocessing value */
 switch($name) {
 	case 'BDAY':
 		$date = New DateTime($value);
@@ -94,6 +95,8 @@ switch($name) {
 	case 'N':
 	case 'ORG':
 	case 'NOTE':
+		$value = str_replace('\n', ' \\n', $value);
+		break;
 	case 'NICKNAME':
 		// TODO: Escape commas and semicolons.
 		break;
@@ -105,8 +108,14 @@ switch($name) {
 		break;
 }
 
-
-$property = $vcard->addProperty($name, $value); //, $parameters);
+switch($name) {
+	case 'NOTE':
+		$vcard->setString('NOTE', $value);
+		break;
+	default:
+		$property = $vcard->addProperty($name, $value); //, $parameters);
+		break;
+}
 
 $line = count($vcard->children) - 1;
 
diff --git a/apps/contacts/templates/part.contacts.php b/apps/contacts/templates/part.contacts.php
index 5751750540..00a61f72fd 100644
--- a/apps/contacts/templates/part.contacts.php
+++ b/apps/contacts/templates/part.contacts.php
@@ -8,5 +8,5 @@
 		}
 	}
 ?>
-	<li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo htmlspecialchars($display); ?></a></li>
+	<li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo $display; ?></a></li>
 <?php endforeach; ?>
diff --git a/apps/files/ajax/list.php b/apps/files/ajax/list.php
index ceb8d15858..f0600a179d 100644
--- a/apps/files/ajax/list.php
+++ b/apps/files/ajax/list.php
@@ -38,7 +38,7 @@ foreach( OC_Files::getdirectorycontent( $dir ) as $i ){
 }
 
 $list = new OCP\Template( "files", "part.list", "" );
-$list->assign( "files", $files );
+$list->assign( "files", $files, false );
 $data = array('files' => $list->fetchPage());
 
 OCP\JSON::success(array('data' => $data));
diff --git a/apps/files/index.php b/apps/files/index.php
index 60a3836cb5..ed36c5edab 100644
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -73,12 +73,12 @@ foreach( explode( '/', $dir ) as $i ){
 
 // make breadcrumb und filelist markup
 $list = new OCP\Template( 'files', 'part.list', '' );
-$list->assign( 'files', $files );
-$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
-$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=');
+$list->assign( 'files', $files, false );
+$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false);
+$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=', false);
 $breadcrumbNav = new OCP\Template( 'files', 'part.breadcrumb', '' );
-$breadcrumbNav->assign( 'breadcrumb', $breadcrumb );
-$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
+$breadcrumbNav->assign( 'breadcrumb', $breadcrumb, false );
+$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false);
 
 $upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize'));
 $post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size'));
@@ -89,8 +89,8 @@ $freeSpace=max($freeSpace,0);
 $maxUploadFilesize = min($maxUploadFilesize ,$freeSpace);
 
 $tmpl = new OCP\Template( 'files', 'index', 'user' );
-$tmpl->assign( 'fileList', $list->fetchPage() );
-$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage() );
+$tmpl->assign( 'fileList', $list->fetchPage(), false );
+$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage(), false );
 $tmpl->assign( 'dir', $dir);
 $tmpl->assign( 'readonly', !OC_Filesystem::is_writable($dir.'/'));
 $tmpl->assign( 'files', $files );
diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php
index 5837c752ef..e43c99bb76 100644
--- a/apps/gallery/lib/tiles.php
+++ b/apps/gallery/lib/tiles.php
@@ -141,7 +141,7 @@ class TileStack extends TileBase {
 	}
 
 	public function get() {
-		$r = '<div class="title gallery_div">'.htmlentities($this->stack_name).'</div>';
+		$r = '<div class="title gallery_div">'.$this->stack_name.'</div>';
 		for ($i = 0; $i < count($this->tiles_array); $i++) {
 			$top = rand(-5, 5);
 			$left = rand(-5, 5);
@@ -168,7 +168,7 @@ class TileStack extends TileBase {
 	}
 	
 	public function getOnClickAction() {
-		return 'javascript:openNewGal(\''.htmlentities($this->stack_name).'\');';
+		return 'javascript:openNewGal(\''.$this->stack_name.'\');';
 	}
 
 	private $tiles_array;
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index d2404a80aa..78bc5b4656 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -186,7 +186,7 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
 		if(!$this->configured) {
 			return array();
 		}
-		if(is_null($this->_groups)) {
+		if(empty($this->_groups)) {
 			$ldap_groups = OC_LDAP::fetchListOfGroups($this->ldapGroupFilter, array(OC_LDAP::conf('ldapGroupDisplayName'), 'dn'));
 			$this->_groups = OC_LDAP::ownCloudGroupNames($ldap_groups);
 		}
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index f1a474ff27..42084855e8 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -20,7 +20,7 @@
  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute');
+$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_group_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute');
 
 OCP\Util::addscript('user_ldap', 'settings');
 
@@ -47,13 +47,14 @@ if ($_POST) {
 // fill template
 $tmpl = new OCP\Template( 'user_ldap', 'settings');
 foreach($params as $param){
-		$value = htmlentities(OCP\Config::getAppValue('user_ldap', $param,''));
+		$value = OCP\Config::getAppValue('user_ldap', $param,'');
 		$tmpl->assign($param, $value);
 }
 
 // settings with default values
 $tmpl->assign( 'ldap_port', OCP\Config::getAppValue('user_ldap', 'ldap_port', '389'));
 $tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_display_name', 'uid'));
+$tmpl->assign( 'ldap_group_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', 'cn'));
 $tmpl->assign( 'ldap_group_member_assoc_attribute', OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'));
 $tmpl->assign( 'ldap_agent_password', base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password')));
 
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 3462f2473f..31f453b5a5 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -22,6 +22,7 @@
 		<p><input type="checkbox" id="ldap_nocase" name="ldap_nocase" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label></p>
 		<p><label for="ldap_display_name"><?php echo $l->t('Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" value="<?php echo $_['ldap_display_name']; ?>" />
 		<small><?php echo $l->t('Currently the display name field needs to be the same you matched %%uid against in the filter above, because ownCloud doesn\'t distinguish between user id and user name.');?></small></p>
+		<p><label for="ldap_group_display_name"><?php echo $l->t('Group Display Name Field');?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" value="<?php echo $_['ldap_group_display_name']; ?>" /></p>
 		<p><label for="ldap_quota_attr">Quota Attribute</label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" value="<?php echo $_['ldap_quota_attr']; ?>" />
 		<label for="ldap_quota_def">Quota Default</label><input type="text" id="ldap_quota_def" name="ldap_quota_def" value="<?php if (isset($_['ldap_quota_def'])) echo $_['ldap_quota_def']; ?>" />bytes</p>
 		<p><label for="ldap_email_attr">Email Attribute</label><input type="text" id="ldap_email_attr" name="ldap_email_attr" value="<?php echo $_['ldap_email_attr']; ?>" /></p>
diff --git a/core/templates/login.php b/core/templates/login.php
index 41d6ba41ef..a40bf5c330 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -1,7 +1,7 @@
 <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
 <form action="index.php" method="post">
 	<fieldset>
-		<?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.htmlentities($_['redirect']).'" />'; } ?>
+		<?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.$_['redirect'].'" />'; } ?>
 		<?php if($_['error']): ?>
 			<a href="./core/lostpassword/"><?php echo $l->t('Lost your password?'); ?></a>
 		<?php endif; ?>
diff --git a/index.php b/index.php
index 07f8436720..b90b1b310a 100755
--- a/index.php
+++ b/index.php
@@ -112,6 +112,7 @@ elseif(OC_User::isLoggedIn()) {
 		if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"]))	{
 			//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
 			OC_User::unsetMagicInCookie();
+			$_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:'');
 			OC_Util::redirectToDefaultPage();
 		}else{
 			$error = true;
diff --git a/lib/template.php b/lib/template.php
index 688199a878..ba82b21774 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -286,10 +286,8 @@ class OC_Template{
 	 * This function is internally used to sanitize HTML.
 	 */
  	private static function sanitizeHTML( &$value ){
- 		if(is_string($value)) {
-        $value = htmlentities( $value, ENT_QUOTES );
-        return $value;
-        }
+ 			$value = htmlentities( $value );
+ 			return $value;
     }
 
 	/**
@@ -528,13 +526,13 @@ class OC_Template{
 			$_ = array_merge( $additionalparams, $this->vars );
 		}
 
-		// Einbinden
+		// Include
 		ob_start();
 		include( $this->path.$file.'.php' );
 		$data = ob_get_contents();
 		@ob_end_clean();
 
-		// Daten zurÃ¼ckgeben
+		// Return data
 		return $data;
 	}
 
@@ -548,7 +546,7 @@ class OC_Template{
 	public static function printUserPage( $application, $name, $parameters = array() ){
 		$content = new OC_Template( $application, $name, "user" );
 		foreach( $parameters as $key => $value ){
-			$content->assign( $key, $value );
+			$content->assign( $key, $value, false );
 		}
 		print $content->printPage();
 	}
@@ -563,7 +561,7 @@ class OC_Template{
 	public static function printAdminPage( $application, $name, $parameters = array() ){
 		$content = new OC_Template( $application, $name, "admin" );
 		foreach( $parameters as $key => $value ){
-			$content->assign( $key, $value );
+			$content->assign( $key, $value, false );
 		}
 		return $content->printPage();
 	}
@@ -578,7 +576,7 @@ class OC_Template{
 	public static function printGuestPage( $application, $name, $parameters = array() ){
 		$content = new OC_Template( $application, $name, "guest" );
 		foreach( $parameters as $key => $value ){
-			$content->assign( $key, $value );
+			$content->assign( $key, $value,false );
 		}
 		return $content->printPage();
 	}
diff --git a/lib/util.php b/lib/util.php
old mode 100644
new mode 100755
index 7c85db71f5..d1d5983dcf
--- a/lib/util.php
+++ b/lib/util.php
@@ -332,7 +332,8 @@ class OC_Util {
 	* Redirect to the user default page
 	*/
 	public static function redirectToDefaultPage(){
-		if(isset($_REQUEST['redirect_url']) && substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT) {
+		OC_Log::write('core','redirectToDefaultPage',OC_Log::DEBUG);
+		if(isset($_REQUEST['redirect_url']) && (substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT || $_REQUEST['redirect_url'][0] == '/')) {
 			header( 'Location: '.$_REQUEST['redirect_url']);
 		} else {
 			header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
@@ -358,12 +359,30 @@ class OC_Util {
 	 * Todo: Write howto
 	 */
 	public static function callRegister(){
+		//mamimum time before token exires
+		$maxtime=(60*60);  // 1 hour
+
 		// generate a random token.
 		$token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000);
 
 		// store the token together with a timestamp in the session.
 		$_SESSION['requesttoken-'.$token]=time();
 
+		// cleanup old tokens garbage collector
+		// only run every 20th time so we don´t waste cpu cycles
+		if(rand(0,20)==0) {  
+			foreach($_SESSION as $key=>$value) {
+				// search all tokens in the session
+				if(substr($key,0,12)=='requesttoken') {
+					if($value+$maxtime<time()){
+						// remove outdated tokens
+						unset($_SESSION[$key]);						
+					}
+				}	
+			}
+		}
+
+
 		// return the token
 		return($token);
 	}
diff --git a/settings/admin.php b/settings/admin.php
index a997bad4e3..fed0fe9ff8 100644
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -22,7 +22,7 @@ function compareEntries($a,$b){
 }
 usort($entries, 'compareEntries');
 
-$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
+$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ), false);
 $tmpl->assign('entries',$entries);
 $tmpl->assign('forms',array());
 foreach($forms as $form){
diff --git a/settings/apps.php b/settings/apps.php
index 7908e6cc18..f85b28158f 100644
--- a/settings/apps.php
+++ b/settings/apps.php
@@ -92,7 +92,7 @@ usort($apps, 'app_sort');
 
 
 $tmpl = new OC_Template( "settings", "apps", "user" );
-$tmpl->assign('apps',$apps);
+$tmpl->assign('apps',$apps, false);
 
 $tmpl->printPage();
 
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index d167f2780e..38c6042c82 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -29,7 +29,7 @@ $levels=array('Debug','Info','Warning','Error','Fatal');
 				<?php echo $entry->app;?>
 			</td>
 			<td>
-				<?php echo htmlentities($entry->message);?>
+				<?php echo $entry->message;?>
 			</td>
 			<td>
 				<?php echo OC_Util::formatDate($entry->time);?>
diff --git a/settings/templates/help.php b/settings/templates/help.php
index cf61207e60..a53ec76d68 100644
--- a/settings/templates/help.php
+++ b/settings/templates/help.php
@@ -26,9 +26,9 @@
 	<?php foreach($_["kbe"] as $kb): ?>
 	<div class="helpblock">
 		<?php if($kb["preview1"] <> "") { echo('<img class="preview" src="'.$kb["preview1"].'" />'); } ?>
-		<?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.htmlentities($kb["name"]).'</strong></a></p>');?>
-		<p><?php echo htmlentities($kb['description']);?></p>
-		<?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.htmlentities($kb['answer']).'</p>');?>
+		<?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.$kb["name"].'</strong></a></p>');?>
+		<p><?php echo $kb['description'];?></p>
+		<?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.$kb['answer'].'</p>');?>
 	</div>
 	<?php endforeach;
 endif?>
