diff --git a/ChangeLog b/ChangeLog
index 234d6a5e8..093981534 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,8 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #1601625 [display] The Ignore checkbox is not unchecked for ENUM
 - bug #2809930 [setup] Notice: Undefined variable: k in setup/index.php
 - bug [features] Incorrect report of missing relational features
+- [security] XSS: Insufficient output sanitizing (not exploitable without a valid token)
+  thanks to Sven Vetsch/Disenchant for informing us in a responsible manner 
 
 3.2.0.1 (2009-06-30)
 - [security] XSS: Insufficient output sanitizing in bookmarks 
diff --git a/pdf_pages.php b/pdf_pages.php
index b935b6321..50bc73589 100644
--- a/pdf_pages.php
+++ b/pdf_pages.php
@@ -63,12 +63,12 @@ if ($cfgRelation['pdfwork']) {
                 if ($action_choose=="1") {
                     $ch_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
                               .   ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
-                              .   ' AND   pdf_page_number = ' . $chpage;
+                              .   ' AND   pdf_page_number = \'' . PMA_sqlAddslashes($chpage) . '\'';
                     PMA_query_as_controluser($ch_query, FALSE, $query_default_option);
 
                     $ch_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages'])
                               .   ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
-                              .   ' AND   page_nr = ' . $chpage;
+                              .   ' AND   page_nr = \'' . PMA_sqlAddslashes($chpage) . '\'';
                     PMA_query_as_controluser($ch_query, FALSE, $query_default_option);
 
                     unset($chpage);
@@ -205,25 +205,25 @@ if ($cfgRelation['pdfwork']) {
                         $test_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
                                     .   ' WHERE db_name = \'' .  PMA_sqlAddslashes($db) . '\''
                                     .   ' AND   table_name = \'' . PMA_sqlAddslashes($arrvalue['name']) . '\''
-                                    .   ' AND   pdf_page_number = ' . $chpage;
+                                    .   ' AND   pdf_page_number = \'' . PMA_sqlAddslashes($chpage) . '\'';
                         $test_rs    = PMA_query_as_controluser($test_query, FALSE, $query_default_option);
                         if ($test_rs && PMA_DBI_num_rows($test_rs) > 0) {
                             if (isset($arrvalue['delete']) && $arrvalue['delete'] == 'y') {
                                 $ch_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
                                           .   ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
                                           .   ' AND   table_name = \'' . PMA_sqlAddslashes($arrvalue['name']) . '\''
-                                          .   ' AND   pdf_page_number = ' . $chpage;
+                                          .   ' AND   pdf_page_number = \'' . PMA_sqlAddslashes($chpage) . '\'';
                             } else {
                                 $ch_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' '
                                           . 'SET x = ' . $arrvalue['x'] . ', y= ' . $arrvalue['y']
                                           .   ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
                                           .   ' AND   table_name = \'' . PMA_sqlAddslashes($arrvalue['name']) . '\''
-                                          .   ' AND   pdf_page_number = ' . $chpage;
+                                          .   ' AND   pdf_page_number = \'' . PMA_sqlAddslashes($chpage) . '\'';
                             }
                         } else {
                             $ch_query     = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' '
                                           . '(db_name, table_name, pdf_page_number, x, y) '
-                                          . 'VALUES (\'' . PMA_sqlAddslashes($db) . '\', \'' . PMA_sqlAddslashes($arrvalue['name']) . '\',' . $chpage . ',' . $arrvalue['x'] . ',' . $arrvalue['y'] . ')';
+                                          . 'VALUES (\'' . PMA_sqlAddslashes($db) . '\', \'' . PMA_sqlAddslashes($arrvalue['name']) . '\', \'' . PMA_sqlAddslashes($chpage) . '\',' . $arrvalue['x'] . ',' . $arrvalue['y'] . ')';
                         }
                         PMA_query_as_controluser($ch_query, FALSE, $query_default_option);
                     } // end if
@@ -234,7 +234,7 @@ if ($cfgRelation['pdfwork']) {
                     $d_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' ' . "\n"
                              .   ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' . "\n"
                              .   ' AND   table_name = \'' . PMA_sqlAddslashes($current_row) . '\'' . "\n"
-                             .   ' AND   pdf_page_number = ' . $chpage;
+                             .   ' AND   pdf_page_number = \'' . PMA_sqlAddslashes($chpage) . '\'';
                     PMA_query_as_controluser($d_query, FALSE, $query_default_option);
                 }
                 break;
@@ -322,7 +322,7 @@ if ($cfgRelation['pdfwork']) {
 <?php
 $page_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
             . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
-            . ' AND pdf_page_number = ' . $chpage;
+            . ' AND pdf_page_number = \'' . PMA_sqlAddslashes($chpage) . '\'';
 $page_rs    = PMA_query_as_controluser($page_query, FALSE, $query_default_option);
 $array_sh_page = array();
 $draginit = '';
@@ -398,7 +398,7 @@ function resetDrag() {
 
 <form method="post" action="pdf_pages.php" name="edcoord">
     <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
-    <input type="hidden" name="chpage" value="<?php echo $chpage; ?>" />
+    <input type="hidden" name="chpage" value="<?php echo htmlspecialchars($chpage); ?>" />
     <input type="hidden" name="do" value="edcoord" />
     <table border="0">
     <tr>
@@ -502,7 +502,7 @@ function resetDrag() {
             echo '<form action="pdf_pages.php" method="post">' . "\n"
                . PMA_generate_common_hidden_inputs($db, $table)
                . '<input type="hidden" name="do" value="deleteCrap" />' . "\n"
-               . '<input type="hidden" name="chpage" value="' . $chpage . '" />' . "\n"
+               . '<input type="hidden" name="chpage" value="' . htmlspecialchars($chpage) . '" />' . "\n"
                . $strDelOld
                . '<ul>' . "\n"
                . $_strname
@@ -523,7 +523,7 @@ function resetDrag() {
         ?>
 <form method="post" action="pdf_schema.php" name="pdfoptions">
     <?php echo PMA_generate_common_hidden_inputs($db); ?>
-    <input type="hidden" name="pdf_page_number" value="<?php echo $chpage; ?>" />
+    <input type="hidden" name="pdf_page_number" value="<?php echo htmlspecialchars($chpage); ?>" />
 
     <?php echo '<br /><strong>' . $strDisplayPDF . '</strong>'; ?>:&nbsp;<br />
     <input type="checkbox" name="show_grid" id="show_grid_opt" /><label for="show_grid_opt"><?php echo $strShowGrid; ?></label><br />
diff --git a/server_privileges.php b/server_privileges.php
index 5692ded9d..52d8e8505 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -682,7 +682,7 @@ function PMA_displayLoginInformationFields($mode = 'new')
         . $username_length . '" title="' . $GLOBALS['strUserName'] . '"'
         . (empty($GLOBALS['username'])
             ? ''
-            : ' value="' . (isset($GLOBALS['new_username'])
+            : ' value="' . htmlspecialchars(isset($GLOBALS['new_username'])
                 ? $GLOBALS['new_username']
                 : $GLOBALS['username']) . '"')
         . ' onchange="pred_username.value = \'userdefined\';" />' . "\n"
@@ -747,7 +747,7 @@ function PMA_displayLoginInformationFields($mode = 'new')
        . '</span>' . "\n"
        . '<input type="text" name="hostname" maxlength="'
         . $hostname_length . '" value="'
-        . (isset($GLOBALS['hostname']) ? $GLOBALS['hostname'] : '')
+        . htmlspecialchars(isset($GLOBALS['hostname']) ? $GLOBALS['hostname'] : '')
         . '" title="' . $GLOBALS['strHost']
         . '" onchange="pred_hostname.value = \'userdefined\';" />' . "\n"
        . PMA_showHint($GLOBALS['strHostTableExplanation'])