diff --git a/checkin_notes b/checkin_notes
index 0e1b8a84a0..63f4c390d2 100644
--- a/checkin_notes
+++ b/checkin_notes
@@ -7455,3 +7455,22 @@ Eric  16 Sept 2008
        users with RAC less than <profile_min_credit> with only be displayed if
        the viewing user is logged in.
 
+David  16 Sept 2008
+    - client: ignore CUDA devices with major versions > 100
+        (apparently some report 9999)
+    - web: security changes: sanitize some params; escape some strings
+
+    html/
+        inc/
+            pm.inc
+        user/
+            language_select.php
+            profile_search_action.php
+            top_hosts.php
+            top_teams.php
+            user_search.php
+    lib/
+        coproc.C
+    sched/
+        census.C
+        hr_info.C
diff --git a/doc/boinc_news.php b/doc/boinc_news.php
index 841c428fe4..eade3238ea 100644
--- a/doc/boinc_news.php
+++ b/doc/boinc_news.php
@@ -1,6 +1,12 @@
 <?
 
 $project_news = array(
+array("September 15, 2008",
+    "<a href=https://forja.unex.es/projects/ogm>OGM (Organizational Grid Manager)</a>
+    has been released by the University of Extremadura.
+    OGM is a system for grid computing
+    on organizational resources using BOINC."
+),
 array("September 4, 2008",
     "The talks and tutorials from the upcoming BOINC Workshop
     (Sept 10-12) will be broadcast
diff --git a/doc/versions.inc b/doc/versions.inc
index 453ed7efb8..a9cf97fc39 100644
--- a/doc/versions.inc
+++ b/doc/versions.inc
@@ -268,7 +268,7 @@ $windowsx64 = array(
 
 $mac = array(
     "name"=>"Mac OS X",
-    "description"=>"Version 10.3+",
+    "description"=>"Version 10.3.9+",
     "dbname" => "powerpc-apple-darwin",
     "versions"=>array(
         $m6218,
diff --git a/html/inc/pm.inc b/html/inc/pm.inc
index 994e9009ca..c455873bb5 100644
--- a/html/inc/pm.inc
+++ b/html/inc/pm.inc
@@ -17,6 +17,7 @@
 // along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
 
 require_once("boinc_db.inc");
+require_once("sanitize_html.inc");
 
 function pm_header() {
     echo "<div>\n";
@@ -129,8 +130,8 @@ function pm_web_line($notify) {
 
 function pm_send($to_user, $subject, $content) {
     global $g_logged_in_user;
-    $sql_subject = mysql_real_escape_string($subject);
-    $sql_content = mysql_real_escape_string($content);
+    $sql_subject = boinc_real_escape_string(strip_tags($subject));
+    $sql_content = boinc_real_escape_string(strip_tags($content));
     $mid = BoincPrivateMessage::insert("(userid, senderid, date, subject, content) VALUES ($to_user->id, $g_logged_in_user->id, UNIX_TIMESTAMP(), '$sql_subject', '$sql_content')");
     if (!$mid) {
         error_page("Couldn't create message");
diff --git a/html/user/language_select.php b/html/user/language_select.php
index 1abe4ee9e9..fb886a4ff7 100644
--- a/html/user/language_select.php
+++ b/html/user/language_select.php
@@ -58,8 +58,6 @@ echo "
     </p>
 ";
 
-
-
 start_table();
 row2("Language symbol", "Language name (click to select)");
 row2("",
diff --git a/html/user/profile_search_action.php b/html/user/profile_search_action.php
index 717de4cd18..a4c9fee088 100644
--- a/html/user/profile_search_action.php
+++ b/html/user/profile_search_action.php
@@ -25,6 +25,8 @@ function show_profile_link2($profile, $n) {
 }
 
 $search_string = get_str('search_string');
+$search_string = strip_tags($search_string);
+$search_string = boinc_real_escape_string($search_string);
 $offset = get_int('offset', true);
 if (!$offset) $offset=0;
 $count = 10;
diff --git a/html/user/top_hosts.php b/html/user/top_hosts.php
index 658d4f5bd2..1686863b1f 100644
--- a/html/user/top_hosts.php
+++ b/html/user/top_hosts.php
@@ -44,13 +44,17 @@ function get_top_hosts($offset, $sort_by) {
 function hosts_to_store($participants){
     return serialize($participants);
 }
+
 function store_to_hosts($data){
     return unserialize($data);
 }
 
-if (isset($_GET["sort_by"])) {
-    $sort_by = $_GET["sort_by"];
-} else {
+$sort_by = get_str("sort_by", true);
+switch ($sort_by) {
+case "total_credit":
+case "expavg_credit":
+    break;
+default:
     $sort_by = "expavg_credit";
 }
 
diff --git a/html/user/top_teams.php b/html/user/top_teams.php
index cf759c1ad6..95d90810d6 100644
--- a/html/user/top_teams.php
+++ b/html/user/top_teams.php
@@ -54,9 +54,12 @@ function store_to_teams($data){
     return unserialize($data);
 }
 
-if (isset($_GET["sort_by"])) {
-    $sort_by = $_GET["sort_by"];
-} else {
+$sort_by = get_str("sort_by", true);
+switch ($sort_by) {
+case "total_credit":
+case "expavg_credit":
+    break;
+default:
     $sort_by = "expavg_credit";
 }
 
diff --git a/html/user/user_search.php b/html/user/user_search.php
index 6c5bfbfce2..e1e7b52395 100644
--- a/html/user/user_search.php
+++ b/html/user/user_search.php
@@ -144,8 +144,8 @@ function name_search($filter) {
     if (strlen($search_string)<3) {
         error_page("search string must be at least 3 characters");
     }
-    $urls = urlencode($search_string);
-    $s = escape_pattern($search_string);
+    $s = boinc_real_escape_string($search_string);
+    $s = escape_pattern($s);
     $fields = "id, create_time, name, country, total_credit, expavg_credit, teamid, url, has_profile";
     $users = BoincUser::enum_fields($fields, "name like '$s%'", "limit $count");
     $n=0;
diff --git a/lib/coproc.C b/lib/coproc.C
index 2dcc3c27c1..df21031c52 100644
--- a/lib/coproc.C
+++ b/lib/coproc.C
@@ -154,20 +154,20 @@ const char* COPROC_CUDA::get(COPROCS& coprocs) {
     }
 #endif
 
-    // NOTE: our design is flawed:
+    // NOTE: our design is slightly flawed:
     // there's no provision for having two coprocs of type CUDA.
-    // So on systems with two GPUs (possibly of different hardware type)
-    // we have to count them as two of the same
+    // So on systems with two GPUs (possibly of different hardware types)
+    // we have to count them as two of the same type.
     //
     (*__cudaGetDeviceCount)(&count);
     int real_count = 0;
     COPROC_CUDA cc, cc2;
     for (int i=0; i<count; i++) {
         (*__cudaGetDeviceProperties)(&cc.prop, i);
-        if (cc.prop.major >= 1) {       // major == 0 means emulation
-            cc2 = cc;
-            real_count++;
-        }
+        if (cc.prop.major == 0) break;  // major == 0 means emulation
+        if (cc.prop.major > 100) break;  // e.g. 9999 is an error
+        cc2 = cc;
+        real_count++;
     }
     if (real_count) {
         COPROC_CUDA* ccp = new COPROC_CUDA;
diff --git a/sched/census.C b/sched/census.C
index 409a8681e4..da5f321edb 100644
--- a/sched/census.C
+++ b/sched/census.C
@@ -64,9 +64,11 @@ int main(int argc, char** argv) {
         log_messages.printf(MSG_CRITICAL, "Can't open DB\n");
         exit(1);
     }
+    log_messages.printf(MSG_NORMAL, "Starting\n");
     boinc_db.set_isolation_level(READ_UNCOMMITTED);
     hri.init();
     hri.scan_db();
     hri.write_file();
     hri.perf_info.write_file();
+    log_messages.printf(MSG_NORMAL, "Finished\n");
 }
diff --git a/sched/hr_info.C b/sched/hr_info.C
index c3e2d1cb14..98b5f29a3f 100644
--- a/sched/hr_info.C
+++ b/sched/hr_info.C
@@ -60,7 +60,7 @@ int HR_INFO::read_file() {
     for (i=1; i<HR_NTYPES; i++) {
         char* p = fgets(buf, sizeof(buf), f);
         if (!p) {
-            fprintf(stderr, "missing delimeter line in HR info");
+            fprintf(stderr, "missing delimiter line in HR info");
             exit(1);
         }
         for (j=0; j<hr_nclasses[i]; j++) {