What a terrible weather today.
“Maybe I’ll check the code for bugs” - i thought.
I did.. Used some software to speedup the process and what do you think? We were so stupid to leave Cookies without any checks. There were several security vulnerabilities through language, visitor and theme cookies. Most of them: remote include or XSS (cross-site scripting) and some SQL injections.
So I sit back, got myself some mineral water (yes yes, mineral, not beer :P ) and fixed all of them. Now there is a check and a clean-up. The rest of the main page looks secure enought for now. Some seriuos checks will be done after the rewrite of the code to OOP (object oriented programming) style.