diff --git a/checkin_notes b/checkin_notes
index e2543f36f2..8d0b949911 100755
--- a/checkin_notes
+++ b/checkin_notes
@@ -8073,3 +8073,14 @@ Rom    23 Aug 2007
     win_build/installerv2/redist/Windows/x64/
         boinccas.dll
         boinccas95.dll
+
+Rytis   24 Aug 2007
+    - User web: fix XSS vulnerability in team join/quit/lookup code.
+    
+    html/user/
+        team_join_action.php
+        team_join_form.php
+        team_lookup.php
+        team_quit_action.php
+        team_quit_form.php
+
diff --git a/html/user/team_join_action.php b/html/user/team_join_action.php
index 6ddf7cc873..71c5d118dd 100644
--- a/html/user/team_join_action.php
+++ b/html/user/team_join_action.php
@@ -1,13 +1,15 @@
 <?php
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 require_once("../inc/db.inc");
 require_once("../inc/util.inc");
 require_once("../inc/team.inc");
 
 db_init();
-$user = get_logged_in_user();
+$user = get_logged_in_user(true);
+check_tokens($user->authenticator);
 
-$teamid = $_POST["teamid"];
+$teamid = post_int("teamid");
 $team = lookup_team($teamid);
 require_team($team);
 if ($user->teamid == $team->id) {
diff --git a/html/user/team_join_form.php b/html/user/team_join_form.php
index dfd6bb7511..eb056cdf62 100644
--- a/html/user/team_join_form.php
+++ b/html/user/team_join_form.php
@@ -1,4 +1,5 @@
 <?php
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 require_once("../inc/db.inc");
 require_once("../inc/util.inc");
@@ -17,9 +18,11 @@ echo " <p><b>Please note:</b>
     <li> Joining a team does not affect your account's credit.
     </ul>
     <hr>
-    <form method=post action=team_join_action.php>
-    <input type=hidden name=teamid value=$teamid>
-    <input type=submit value='Join team'>
+    <form method=\"post\" action=\"team_join_action.php\">";
+echo form_tokens($user->authenticator);
+echo "
+    <input type=\"hidden\" name=\"teamid\" value=\"$teamid\">
+    <input type=\"submit\" value=\"Join team\">
     </form>
 ";
 page_tail();
diff --git a/html/user/team_lookup.php b/html/user/team_lookup.php
index f44e20b3c2..f3d99fa8f8 100644
--- a/html/user/team_lookup.php
+++ b/html/user/team_lookup.php
@@ -27,11 +27,11 @@ if ($team_id) {
     exit();
 }
 
-$team_name = $_GET["team_name"];
+$team_name = get_str("team_name");
 $name_lc = strtolower($team_name);
 $name_lc = escape_pattern($name_lc);
  
-$query = "select * from team where name like '%$name_lc%' order by expavg_credit desc";
+$query = "select * from team where name like '%".mysql_real_escape_string($name_lc)."%' order by expavg_credit desc";
 $result_list = mysql_query($query);
 
 if ($format == 'xml') {
@@ -49,7 +49,7 @@ if ($format == 'xml') {
 page_head("Search Results");
 if ($result_list) {
     $total = 0;
-    echo "<h2>Search results for '$team_name'</h2>";
+    echo "<h2>Search results for '".strip_tags($team_name)."'</h2>";
     echo "<p>";
     echo "You may view these teams' members, statistics, and information.";
     echo "<ul>";
diff --git a/html/user/team_quit_action.php b/html/user/team_quit_action.php
index 6957701e5e..dd652d3e92 100644
--- a/html/user/team_quit_action.php
+++ b/html/user/team_quit_action.php
@@ -1,20 +1,23 @@
 <?php
-    require_once("../inc/db.inc");
-    require_once("../inc/util.inc");
-    require_once("../inc/team.inc");
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
-    db_init();
-    $user = get_logged_in_user();
-    $teamid = $_POST["id"];
-    $team = lookup_team($teamid);
-    if ($user->teamid == $team->id) {
-        user_quit_team($user);
-        page_head("Quit $team->name");
-        echo "You have been removed from <a href=team_display.php?teamid=$team->id>$team->name</a>";
-    } else {
-        page_head("Unable to quit team");
-        echo "Team doesn't exist, or you don't belong to it.\n";
-    }
+require_once("../inc/db.inc");
+require_once("../inc/util.inc");
+require_once("../inc/team.inc");
+
+db_init();
+$user = get_logged_in_user(true);
+check_tokens($user->authenticator);
+$teamid = post_int("id");
+$team = lookup_team($teamid);
+if ($user->teamid == $team->id) {
+    user_quit_team($user);
+    page_head("Quit $team->name");
+    echo "You have been removed from <a href=\"team_display.php?teamid=$team->id\">$team->name</a>";
+} else {
+    page_head("Unable to quit team");
+    echo "Team doesn't exist, or you don't belong to it.\n";
+}
 
 page_tail();
 
diff --git a/html/user/team_quit_form.php b/html/user/team_quit_form.php
index de0a360ee2..a9e06a9868 100644
--- a/html/user/team_quit_form.php
+++ b/html/user/team_quit_form.php
@@ -1,4 +1,5 @@
 <?php
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 require_once("../inc/db.inc");
 require_once("../inc/util.inc");
@@ -22,9 +23,10 @@ echo "
     statistics in any way.
     </ul>
     </p>
-    <form method=post action=team_quit_action.php>
-    <input type=hidden name=id value=$team->id>
-    <input type=submit value=\"Quit Team\">
+    <form method=\"post\" action=\"team_quit_action.php\">";
+echo form_tokens($user->authenticator);
+echo "<input type=\"hidden\" name=\"id\" value=\"$team->id\">
+    <input type=\"submit\" value=\"Quit Team\">
     </form>
 ";
 page_tail();