# 
# 
# patch "install"
#  from [01e27aa4a57b6ac624b6b3ec38fc893fe775b436]
#    to [e3b156b50f3207f6073c7b69c181fdde171c5540]
# 
# patch "install-config.dist"
#  from [f3ecda7d4f7478186408018620dbb58e654b9f38]
#    to [041ff1bfa044470e29bbc2be1986d196c13384e2]
# 
# patch "webhost.initscript"
#  from [1000cec5a6bc9f26793faf663a6547e19c241845]
#    to [bf5f34cb46dc189669206a1c54aa4b14c8611738]
# 
# patch "www/admin-description_backend.php"
#  from [77be066f94469962dee95ebcbe852d3f7ef3bfc0]
#    to [31ebbd661f9f479a0238ebec278fbb2636bd3774]
# 
============================================================
--- install	01e27aa4a57b6ac624b6b3ec38fc893fe775b436
+++ install	e3b156b50f3207f6073c7b69c181fdde171c5540
@@ -94,7 +94,7 @@ do_install() {
 	chown $USHERUSER $LOGDIR/
 
 	make usher.webhost
-	cp usher.webhost $BINDIR/
+	cp usher.webhost $BINDIR/usher.$BINNAME
 	if [ ! -d $CONFDIR ] || [ "$1" == "--force-conffiles" ]; then
 		if [ -d $CONFDIR ]; then
 			echo "Replacing your configuration..."
@@ -108,11 +108,11 @@ do_install() {
 		fi
 
 		sed -e "s!CONFDIR!$CONFDIR!" \
-		    < dbrotate.sh > $BINDIR/update-viewmtn-db.sh.new
-		chmod a+x $BINDIR/update-viewmtn-db.sh.new
-		install_file $BINDIR/update-viewmtn-db.sh /bin/false
+		    < dbrotate.sh > $BINDIR/$BINNAME.update-viewmtn-db.sh.new
+		chmod a+x $BINDIR/$BINNAME.update-viewmtn-db.sh.new
+		install_file $BINDIR/$BINNAME.update-viewmtn-db.sh /bin/false
 
-		sed -e "s!DBROTATE!$BINDIR/update-viewmtn-db.sh!" \
+		sed -e "s!DBROTATE!$BINDIR/$BINNAME.update-viewmtn-db.sh!" \
 		    -e "s!CONFDIR!$CONFDIR!" \
 		    < skel/monotonerc > $CONFDIR/monotonerc.new
 		install_file $CONFDIR/monotonerc /bin/false
@@ -133,8 +133,10 @@ do_install() {
 		install_file $CONFDIR/hostconfig /bin/true
 
 		sed -e "s!BINDIR!$BINDIR!" \
+		    -e "s!BINNAME!$BINNAME!" \
 		    -e "s!CONFDIR!$CONFDIR!" \
 		    -e "s!USHERUSER!$USHERUSER!" \
+		    -e "s!NAME!$NAME!" \
 		    < webhost.initscript > /etc/init.d/$NAME.new
 		chmod a+x /etc/init.d/$NAME.new
 		install_file /etc/init.d/$NAME /bin/false
============================================================
--- install-config.dist	f3ecda7d4f7478186408018620dbb58e654b9f38
+++ install-config.dist	041ff1bfa044470e29bbc2be1986d196c13384e2
@@ -5,6 +5,7 @@ NAME=webhost
 USHERUSER=www-data
 USHERGROUP=www-data
 NAME=webhost
+BINNAME=webhost
 DBHOST=127.0.0.1
 DBNAME=webhost-db
 DBUSER=$WEBUSER
============================================================
--- webhost.initscript	1000cec5a6bc9f26793faf663a6547e19c241845
+++ webhost.initscript	bf5f34cb46dc189669206a1c54aa4b14c8611738
@@ -1,10 +1,10 @@ set -e
 #! /bin/sh
 set -e
 
 . /lib/lsb/init-functions
 
-OPTS="--quiet --pidfile /var/run/usher.webhost.pid --chuid=USHERUSER"
-START="--start --exec=BINDIR/usher.webhost --background --make-pidfile"
+OPTS="--quiet --pidfile /var/run/usher.BINNAME.pid --chuid=USHERUSER"
+START="--start --exec=BINDIR/usher.BINNAME --background --make-pidfile"
 CONFFILE='CONFDIR/hostconfig'
 LC_ALL=C; export LC_ALL
 
@@ -28,6 +28,6 @@ case "$1" in
 	;;
 
   *)
-	log_success_msg "Usage: /etc/init.d/webhost {start|stop|restart}"
+	log_success_msg "Usage: /etc/init.d/NAME {start|stop|restart}"
 	exit 1
 esac
============================================================
--- www/admin-description_backend.php	77be066f94469962dee95ebcbe852d3f7ef3bfc0
+++ www/admin-description_backend.php	31ebbd661f9f479a0238ebec278fbb2636bd3774
@@ -1,8 +1,17 @@ header('Content-type: text/x-json');
 <?
 include_once("common-ctrl.php");
 
 header('Content-type: text/x-json');
 
+function sanitize($string, $allowed) {
+	$okarr = explode(", ", $allowed);
+	foreach ($okarr as $tok) {
+		$okarr2[] = "/?" . $tok . "/?";
+	}
+	$pat = "~<(?!(" . implode("|", $okarr2) . ")>)~";
+	return preg_replace($pat, "&lt;", $string);
+}
+
 if ($action == "getdesc") {
 	print $json->encode(array(
 				"description" => file_get_contents($projwww . "/description"),
@@ -10,8 +19,9 @@ if ($action == "getdesc") {
 				));
 } else if ($action === "chdesc") {
 	if(allowed('description')) {
-		file_put_contents($projwww . "/description", $args->description, LOCK_EX);
-		file_put_contents($projwww . "/longdescription", $args->longdescription, LOCK_EX);
+		file_put_contents($projwww . "/description", sanitize($args->description, 'a( href="(?!javascript)[^"\\\\]*")?'), LOCK_EX);
+		$ok_for_longdesc = 'a( href="(?!javascript)[^"\\\\]*")?, p, br, li, ul, ol, i, b, blockquote, dl, dd, dt, em, strong, tt, ecode';
+		file_put_contents($projwww . "/longdescription", sanitize($args->longdescription, $ok_for_longdesc), LOCK_EX);
 		print $json->encode(array("description" => file_get_contents($projwww . "/description"),
 					"longdescription" => file_get_contents($projwww . "/longdescription")));
 	}