diff -crB moodle/lib/questionlib.php /home/waldeck/moodle/lib/questionlib.php
*** moodle/lib/questionlib.php	2009-03-30 11:59:32.000000000 -0300
--- /home/waldeck/moodle/lib/questionlib.php	2009-08-11 01:36:28.000000000 -0300
***************
*** 1306,1311 ****
--- 1305,1316 ----
          debugging('Ambiguous action in question_process_responses.' , DEBUG_DEVELOPER);
          $action->event = QUESTION_EVENTSAVE;
      }
+     // Apply input filters to the student response
+     // TODO: apply only to html input
+     global $COURSE;
+     foreach ($action->responses as $key => $resp) {
+       $action->responses[$key] = filter_input_text($resp,$COURSE->id);
+     } 
      // If submitted then compare against last graded
      // responses, not last given responses in this case
      if (question_isgradingevent($action->event)) {
diff -crB moodle/lib/weblib.php /home/waldeck/moodle/lib/weblib.php
*** moodle/lib/weblib.php	2009-05-22 21:06:48.000000000 -0300
--- /home/waldeck/moodle/lib/weblib.php	2009-08-11 14:58:09.000000000 -0300
***************
*** 1842,1847 ****
--- 1842,1873 ----
      return $text;
  }
  
+ // Just like filter_text, but applies to user input
+ //
+ function filter_input_text($text, $courseid=NULL) {
+     global $CFG, $COURSE;
+ 
+     if (empty($courseid)) {
+         $courseid = $COURSE->id;       // (copied from format_text)
+     }
+ 
+     if (!empty($CFG->textfilters)) {
+         require_once($CFG->libdir.'/filterlib.php');
+         $textfilters = explode(',', $CFG->textfilters);
+         foreach ($textfilters as $textfilter) {
+             if (is_readable($CFG->dirroot .'/'. $textfilter .'/filter.php')) {
+                 include_once($CFG->dirroot .'/'. $textfilter .'/filter.php');
+                 $functionname = basename($textfilter).'_input_filter';
+                 if (function_exists($functionname)) {
+                     $text = $functionname($courseid, $text);
+                 }
+             }
+         }
+     }
+     return $text;
+ }
+ 
+ 
  
  /**
   * Given a string (short text) in HTML format, this function will pass it
***************
*** 1955,1960 ****
--- 1981,1992 ----
      }
  }
  function trusttext_after_edit(&$text, $context) {
+     global $COURSE;
+ 
+     // This will run the input filters from the input filter chain,
+     // trusted or untrusted.
+     $text = filter_input_text($text, $COURSE->id);
+ 
      if (has_capability('moodle/site:trustcontent', $context)) {
          $text = trusttext_strip($text);
          $text = trusttext_mark($text);
***************
*** 2583,2589 ****
      $meta = '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />' .
              "\n" . $meta . "\n";
      if (!$usexml) {
!         @header('Content-Type: text/html; charset=utf-8');
      }
      @header('Content-Script-Type: text/javascript');
      @header('Content-Style-Type: text/css');
--- 2615,2621 ----
      $meta = '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />' .
              "\n" . $meta . "\n";
      if (!$usexml) {
!        @header('Content-Type: text/html; charset=utf-8');
      }
      @header('Content-Script-Type: text/javascript');
      @header('Content-Style-Type: text/css');
***************
*** 2623,2635 ****
                  echo '<?xml-stylesheet type="text/xsl" href="'. $CFG->wwwroot .'/'. $stylesheet .'" ?>' . "\n";
              }
          }
!         echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1';
!         if (!empty($CFG->xml_doctype_extra)) {
!             echo ' plus '. $CFG->xml_doctype_extra;
          }
-         echo '//' . strtoupper($currentlanguage) . '" "'. $CFG->xml_dtd .'">'."\n";
          $direction = " xmlns=\"http://www.w3.org/1999/xhtml\"
                         xmlns:math=\"http://www.w3.org/1998/Math/MathML\"
                         xmlns:xlink=\"http://www.w3.org/1999/xlink\"
                         $direction";
          if($mathplayer) {
--- 2655,2670 ----
                  echo '<?xml-stylesheet type="text/xsl" href="'. $CFG->wwwroot .'/'. $stylesheet .'" ?>' . "\n";
              }
          }
!         if (!$usexml) {
! 	    echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1';
!             if (!empty($CFG->xml_doctype_extra)) {
!                 echo ' plus '. $CFG->xml_doctype_extra;
!             echo '//' . strtoupper($currentlanguage) . '" "'. $CFG->xml_dtd .'">'."\n";
! 	   }
          }
          $direction = " xmlns=\"http://www.w3.org/1999/xhtml\"
                         xmlns:math=\"http://www.w3.org/1998/Math/MathML\"
+ 		       xmlns:svg=\"http://www.w3.org/2000/svg\"
                         xmlns:xlink=\"http://www.w3.org/1999/xlink\"
                         $direction";
          if($mathplayer) {
diff -crB moodle/message/discussion.php /home/waldeck/moodle/message/discussion.php
*** moodle/message/discussion.php	2008-07-05 21:18:02.000000000 -0300
--- /home/waldeck/moodle/message/discussion.php	2009-08-10 23:51:47.000000000 -0300
***************
*** 77,83 ****
      $blockcontact   = optional_param('blockcontact',   0, PARAM_INT); // blocking a contact
      $unblockcontact = optional_param('unblockcontact', 0, PARAM_INT); // unblocking a contact
  
!     if ($addcontact and confirm_sesskey()) {
          add_to_log(SITEID, 'message', 'add contact',
                     'discussion.php?user1='.$addcontact.'&amp;user2='.$USER->id, $addcontact);
          message_add_contact($addcontact);
--- 77,83 ----
      $blockcontact   = optional_param('blockcontact',   0, PARAM_INT); // blocking a contact
      $unblockcontact = optional_param('unblockcontact', 0, PARAM_INT); // unblocking a contact
  
!      if ($addcontact and confirm_sesskey()) {
          add_to_log(SITEID, 'message', 'add contact',
                     'discussion.php?user1='.$addcontact.'&amp;user2='.$USER->id, $addcontact);
          message_add_contact($addcontact);
***************
*** 119,124 ****
--- 119,126 ----
  
      } else if (empty($refresh) and data_submitted() and confirm_sesskey()) {
          if ($message!='') {
+         global $COURSE; 
+         $message = filter_input_text($message, $COURSE->id);
              message_post_message($USER, $user, $message, $format, 'direct');
          }
          redirect('discussion.php?id='.$userid.'&amp;start='.$start.'&amp;noframesjs='.$noframesjs.'&amp;newonly='.$newonly.'&amp;last='.$last);
diff -crB moodle/message/send.php /home/waldeck/moodle/message/send.php
*** moodle/message/send.php	2008-05-08 21:16:41.000000000 -0300
--- /home/waldeck/moodle/message/send.php	2009-08-10 23:52:13.000000000 -0300
***************
*** 65,71 ****
  
      if ($message!='' and confirm_sesskey()) {   /// Current user has just sent a message
  
!     /// Save it to the database...
          $messageid = message_post_message($USER, $user, addslashes($message), $format, 'direct');
  
      /// Format the message as HTML
--- 65,74 ----
  
      if ($message!='' and confirm_sesskey()) {   /// Current user has just sent a message
  
!     /// Save it to the database..       
! 	global $COURSE; 
!         $message = filter_input_text($message, $COURSE->id);
! 
          $messageid = message_post_message($USER, $user, addslashes($message), $format, 'direct');
  
      /// Format the message as HTML
diff -crB moodle/mod/forum/lib.php /home/waldeck/moodle/mod/forum/lib.php
*** moodle/mod/forum/lib.php	2009-05-06 21:06:24.000000000 -0300
--- /home/waldeck/moodle/mod/forum/lib.php	2009-08-10 20:02:49.000000000 -0300
***************
*** 3923,3929 ****
      if (!update_record('forum_discussions', $updatediscussion)) {
          return false;
      }
! 
      if ($newfilename = forum_add_attachment($post, 'attachment',$message)) {
          $post->attachment = $newfilename;
      } else {
--- 3923,3929 ----
      if (!update_record('forum_discussions', $updatediscussion)) {
          return false;
      }
!     
      if ($newfilename = forum_add_attachment($post, 'attachment',$message)) {
          $post->attachment = $newfilename;
      } else {