Index: openacs-4/packages/forums/lib/search/search-chunk.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/forums/lib/search/search-chunk.tcl,v
diff -u -r1.7 -r1.8
--- openacs-4/packages/forums/lib/search/search-chunk.tcl	27 Oct 2014 16:41:37 -0000	1.7
+++ openacs-4/packages/forums/lib/search/search-chunk.tcl	27 Jun 2015 21:29:52 -0000	1.8
@@ -23,6 +23,13 @@
         set query search_all_forums
         if {$forum_id ne ""} {
             set query search_one_forum
+	    if {![string is integer -strict $forum_id]} {
+		ns_log warning "forum_id <$forum_id> is not an integer: probably a security check or an attempted injection"
+		set name forum_id
+		ad_complain [_ acs-tcl.lt_name_is_not_an_intege]
+		set messages:rowcount 0
+		return
+	    }
         }
         
         if { [parameter::get -parameter UseIntermediaForSearchP -default 0] } {
Index: openacs-4/packages/forums/tcl/forums-email-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/forums/tcl/forums-email-procs.tcl,v
diff -u -r1.4 -r1.5
--- openacs-4/packages/forums/tcl/forums-email-procs.tcl	15 May 2007 20:14:40 -0000	1.4
+++ openacs-4/packages/forums/tcl/forums-email-procs.tcl	27 Jun 2015 21:29:52 -0000	1.5
@@ -31,12 +31,15 @@
     # Set up the message body
     set new_body "[ad_html_to_text -- $pre_body]"
     append new_body "\n\n===================================\n\n"
-    append new_body "[_ forums.email_alert_body_header]
+    append new_body [subst {[_ forums.email_alert_body_header]
 [_ forums.Forum_1] $message(forum_name)
-Thread: $message(root_subject)\n\n"
+Thread: $message(root_subject)\n
+}]
     append new_body [ad_html_text_convert -from $message(format) -to text/plain -- $message(content)]
+    set url [export_vars \
+		 -base "[ad_url][ad_conn package_url]message-view" \
+		 -anchor $message(message_id) {{message_id $message(root_message_id)}}]
+    append new_body "\n\n-- \n$url\n"
 
-    append new_body "\n\n-- \n[ad_url][ad_conn package_url]message-view?[export_vars -anchor $message(message_id) [list [list message_id $message(root_message_id)]]]\n"
-
     return $new_body
 }
Index: openacs-4/packages/forums/www/forum-view.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/forums/www/forum-view.tcl,v
diff -u -r1.34 -r1.35
--- openacs-4/packages/forums/www/forum-view.tcl	27 Oct 2014 16:41:37 -0000	1.34
+++ openacs-4/packages/forums/www/forum-view.tcl	27 Jun 2015 21:29:52 -0000	1.35
@@ -8,8 +8,8 @@
 
 } -query {
     forum_id:naturalnum,notnull
-    {orderby "last_child_post,desc"}
-		{flush_p 0}
+    {orderby:token "last_child_post,desc"}
+    {flush_p:boolean 0}
     page:naturalnum,optional
 }
 
Index: openacs-4/packages/forums/www/moderate/move-thread-thread.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/forums/www/moderate/move-thread-thread.tcl,v
diff -u -r1.5 -r1.6
--- openacs-4/packages/forums/www/moderate/move-thread-thread.tcl	12 Jun 2015 08:47:28 -0000	1.5
+++ openacs-4/packages/forums/www/moderate/move-thread-thread.tcl	27 Jun 2015 21:29:52 -0000	1.6
@@ -84,7 +84,7 @@
 if {$confirm_p == 2} {
    ad_returnredirect "../message-view?message_id=$message(message_id)"
 }
-set url_vars [export_vars -url {msg_id return_url selected_message}]
+set url_vars [export_vars {msg_id return_url selected_message}]
 
 if {([info exists alt_template] && $alt_template ne "")} {
   ad_return_template $alt_template
Index: openacs-4/packages/forums/www/moderate/move-thread.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/forums/www/moderate/move-thread.tcl,v
diff -u -r1.6 -r1.7
--- openacs-4/packages/forums/www/moderate/move-thread.tcl	12 Jun 2015 08:47:28 -0000	1.6
+++ openacs-4/packages/forums/www/moderate/move-thread.tcl	27 Jun 2015 21:29:52 -0000	1.7
@@ -92,7 +92,7 @@
     ad_returnredirect "../message-view?message_id=$message(message_id)"
 }
 
-set url_vars [export_vars -url {msg_id return_url selected_message}]
+set url_vars [export_vars {msg_id return_url selected_message}]
 
 if {[info exists alt_template] && $alt_template ne ""} {
   ad_return_template $alt_template
Index: openacs-4/packages/forums/www/moderate/move.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/forums/www/moderate/move.tcl,v
diff -u -r1.5 -r1.6
--- openacs-4/packages/forums/www/moderate/move.tcl	12 Jun 2015 08:47:28 -0000	1.5
+++ openacs-4/packages/forums/www/moderate/move.tcl	27 Jun 2015 21:29:52 -0000	1.6
@@ -86,7 +86,7 @@
    #if confirm_p is no then return to the message view
    ad_returnredirect "../message-view?message_id=$message(message_id)"
 }
-set url_vars [export_vars -url {message_id return_url selected_forum}]
+set url_vars [export_vars {message_id return_url selected_forum}]
 
 if {[info exists alt_template] && $alt_template ne ""} {
   ad_return_template $alt_template