ok since my subversion hates me and won't let me commit for some reason, I'll just post these bugs and how to fix them here, and someone else can actually do it.

firstly, there's an xss hole in the account page. you can fix this (and the poor email regex) by replacing the regex on line 1039 of library/People/People.Class.UserManager.php (it's in a function call) with this one:^([A-Z0-9+_-][A-Z0-9+_.-]{0,63})@(([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})|([A-Z0-9][A-Z0-9.-]{0,244}\.[A-Z]{2,10}))$ (obviously in single or double quotes, like the original)

secondly, there's a problem with cloning in that same function. at the beginning of UserManager::ValidateUser you'll see an assignment:$SafeUser = $User;replace that with the following:$SafeUser = clone($User);

ok that's it for now. if I can get this stupid svn to start working then I won't have to bug (hehe) you all about these.