Index: /elgg/trunk/profile/extended.php
===================================================================
--- /elgg/trunk/profile/extended.php (revision 33)
+++ /elgg/trunk/profile/extended.php (revision 151)
@@ -8,5 +8,5 @@
 
 // define what profile to show
-$profile_name = optional_param('profile_name', '', PARAM_ALPHANUM);
+$profile_name = optional_param('profile_name', '', PARAM_SAFEDIR);
 if (!empty($profile_name)) {
     $profile_id = user_info_username('ident', $profile_name);
Index: /elgg/trunk/profile/edit.php
===================================================================
--- /elgg/trunk/profile/edit.php (revision 33)
+++ /elgg/trunk/profile/edit.php (revision 151)
@@ -10,5 +10,5 @@
 
 // define what profile to show
-$profile_name = optional_param('profile_name', '', PARAM_ALPHANUM);
+$profile_name = optional_param('profile_name', '', PARAM_SAFEDIR);
 if (!empty($profile_name)) {
     $profile_id = user_info_username('ident', $profile_name);
Index: /elgg/trunk/profile/index.php
===================================================================
--- /elgg/trunk/profile/index.php (revision 33)
+++ /elgg/trunk/profile/index.php (revision 151)
@@ -8,5 +8,5 @@
 
 // define what profile to show
-$profile_name = optional_param('profile_name', '', PARAM_ALPHANUM);
+$profile_name = optional_param('profile_name', '', PARAM_SAFEDIR);
 if (!empty($profile_name)) {
     $profile_id = user_info_username('ident', $profile_name);
Index: /elgg/trunk/.htaccess
===================================================================
--- /elgg/trunk/.htaccess (revision 117)
+++ /elgg/trunk/.htaccess (revision 151)
@@ -83,5 +83,5 @@
 ###########
 RewriteRule ^content\/?(.*)?$ mod/pages/index.php?owner=-1&page=$1 [QSA,L]
-RewriteRule ^([A-Za-z0-9]+)\/content\/(.*)?$ mod/pages/index.php?profile_name=$1&page=$2  [QSA,L]
+RewriteRule ^([A-Za-z0-9_]+)\/content\/(.*)?$ mod/pages/index.php?profile_name=$1&page=$2  [QSA,L]
 
 RewriteRule ^_templates(\/)?$ mod/template/index.php?%{QUERY_STRING}
@@ -92,19 +92,19 @@
 RewriteRule ^(.+)\/rssstyles.xsl$ mod/newsclient/styles.php?rssurl=$1&url=$1
 
-RewriteRule ^([A-Za-z0-9]+)\/dashboard(\/)?$ mod/adash/index.php?user=$1
-
-RewriteRule ^([A-Za-z0-9]+)\/profile(\/)?$ profile/index.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/tags(\/)?$ search/personaltags.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/rss\/(.+)\/?$ profile/rss2.php?profile_name=$1&tag=$2
+RewriteRule ^([A-Za-z0-9_]+)\/dashboard(\/)?$ mod/adash/index.php?user=$1
+
+RewriteRule ^([A-Za-z0-9_]+)\/profile(\/)?$ profile/index.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/tags(\/)?$ search/personaltags.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/rss\/(.+)\/?$ profile/rss2.php?profile_name=$1&tag=$2
 
 # Invite
 #########
 RewriteRule ^invite\/$ mod/invite/index.php
-ReWriteRule ^invite\/join\/([A-Za-z0-9]+)$ mod/invite/join.php?invitecode=$1
+ReWriteRule ^invite\/join\/([A-Za-z0-9_]+)$ mod/invite/join.php?invitecode=$1
 ReWriteRule ^register$ mod/invite/register.php
 RewriteRule ^forgottenpassword$ mod/invite/forgotten_password.php
-RewriteRule ^newpassword\/([A-Za-z0-9]+)$ mod/invite/new_password.php?passwordcode=$1
-
-RewriteRule ^([A-Za-z0-9]+)(\/)?$ profile/index.php?profile_name=$1
+RewriteRule ^newpassword\/([A-Za-z0-9_]+)$ mod/invite/new_password.php?passwordcode=$1
+
+RewriteRule ^([A-Za-z0-9_]+)(\/)?$ profile/index.php?profile_name=$1
 
 # Activity
@@ -115,26 +115,26 @@
 # Communities
 ##############
-RewriteRule ^([A-Za-z0-9]+)\/communities\/?$ mod/community/index.php?friends_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/communities\/owned$ mod/community/owned.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/communities\/new$ mod/community/new.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/community\/delete$ mod/community/index.php?profile_name=$1&action=community:delete
-RewriteRule ^([A-Za-z0-9]+)\/community\/requests$ mod/community/requests.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/community\/requests\/aprove\/([0-9]+)$ mod/community/requests.php?profile_name=$1&action=community:approve:request&request_id=$2
-RewriteRule ^([A-Za-z0-9]+)\/community\/requests\/decline\/([0-9]+)$ mod/community/requests.php?profile_name=$1&action=community:decline:request&request_id=$2
-RewriteRule ^([A-Za-z0-9]+)\/community\/members$ mod/community/members.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/community\/add\/([0-9]+)$ mod/community/index.php?friends_name=$1&friend_id=$2&action=friend
-RewriteRule ^([A-Za-z0-9]+)\/community\/leave\/([0-9]+)$ mod/community/index.php?profile_name=$1&friend_id=$2&action=leave
-RewriteRule ^([A-Za-z0-9]+)\/community\/separate\/([0-9]+)$ mod/community/members.php?profile_name=$1&friend_id=$2&action=separate
+RewriteRule ^([A-Za-z0-9_]+)\/communities\/?$ mod/community/index.php?friends_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/communities\/owned$ mod/community/owned.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/communities\/new$ mod/community/new.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/community\/delete$ mod/community/index.php?profile_name=$1&action=community:delete
+RewriteRule ^([A-Za-z0-9_]+)\/community\/requests$ mod/community/requests.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/community\/requests\/aprove\/([0-9]+)$ mod/community/requests.php?profile_name=$1&action=community:approve:request&request_id=$2
+RewriteRule ^([A-Za-z0-9_]+)\/community\/requests\/decline\/([0-9]+)$ mod/community/requests.php?profile_name=$1&action=community:decline:request&request_id=$2
+RewriteRule ^([A-Za-z0-9_]+)\/community\/members$ mod/community/members.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/community\/add\/([0-9]+)$ mod/community/index.php?friends_name=$1&friend_id=$2&action=friend
+RewriteRule ^([A-Za-z0-9_]+)\/community\/leave\/([0-9]+)$ mod/community/index.php?profile_name=$1&friend_id=$2&action=leave
+RewriteRule ^([A-Za-z0-9_]+)\/community\/separate\/([0-9]+)$ mod/community/members.php?profile_name=$1&friend_id=$2&action=separate
 RewriteRule ^community\/([0-9]+)\/?$ mod/communities/community.php?community_id=$1
-RewriteRule ^([A-Za-z0-9]+)\/community\/invite$ mod/community/invite.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/communities\/invitations$ mod/community/user_community_invitations.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/community\/invite$ mod/community/invite.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/communities\/invitations$ mod/community/user_community_invitations.php?profile_name=$1
 
 # Files
 ########
-RewriteRule ^([A-Za-z0-9]+)\/files\/?$ mod/file/index.php?files_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/files\/([0-9]+)\/?$ mod/file/index.php?files_name=$1&folder=$2
-RewriteRule ^([A-Za-z0-9]+)\/files\/([0-9\-]+)\/([0-9]+)\/(.+)$ mod/file/download.php?files_name=$1&folder=$2&filename=$4&id=$3
-RewriteRule ^(([A-Za-z0-9])[A-Za-z0-9]+)\/files\/rss\/?$ mod/newsclient/static.php?username=$1&userref=$2&type=files
-RewriteRule ^([A-Za-z0-9]+)\/files\/rss\/(.+)\/?$ mod/file/rss2.php?files_name=$1&tag=$2
+RewriteRule ^([A-Za-z0-9_]+)\/files\/?$ mod/file/index.php?files_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/files\/([0-9]+)\/?$ mod/file/index.php?files_name=$1&folder=$2
+RewriteRule ^([A-Za-z0-9_]+)\/files\/([0-9\-]+)\/([0-9]+)\/(.+)$ mod/file/download.php?files_name=$1&folder=$2&filename=$4&id=$3
+RewriteRule ^(([A-Za-z0-9_])[A-Za-z0-9_]+)\/files\/rss\/?$ mod/newsclient/static.php?username=$1&userref=$2&type=files
+RewriteRule ^([A-Za-z0-9_]+)\/files\/rss\/(.+)\/?$ mod/file/rss2.php?files_name=$1&tag=$2
 RewriteRule ^_icon\/file/([-0-9]+)$ mod/file/icon.php?id=$1
 RewriteRule ^_files\/icon.php$ mod/file/icon.php?%{QUERY_STRING}
@@ -142,8 +142,8 @@
 # Friends
 ##########
-RewriteRule ^([A-Za-z0-9]+)\/friends\/?$ mod/friend/index.php?friends_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/friendsof\/?$ mod/friend/friendsof.php?friends_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/friends\/requests?$ mod/friend/requests.php?friends_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/foaf\/?$ mod/friend/foaf.php?friends_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/friends\/?$ mod/friend/index.php?friends_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/friendsof\/?$ mod/friend/friendsof.php?friends_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/friends\/requests?$ mod/friend/requests.php?friends_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/foaf\/?$ mod/friend/foaf.php?friends_name=$1
 
 # Icons
@@ -164,11 +164,11 @@
 # Newsclient
 ############
-RewriteRule ^(([A-Za-z0-9])[A-Za-z0-9]+)\/rss\/?$ mod/newsclient/static.php?username=$1&userref=$2&type=profile
-RewriteRule ^([A-Za-z0-9]+)\/newsclient\/?$ mod/newsclient/subscriptions.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/newsclient\/all\/?$ mod/newsclient/index.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/newsclient\/all\/skip=([0-9]+)$ mod/newsclient/index.php?profile_name=$1&feed_offset=$2
-RewriteRule ^([A-Za-z0-9]+)\/feeds\/?$ mod/newsclient/subscriptions.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/feeds\/all\/?$ mod/newsclient/index.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/feeds\/all\/skip=([0-9]+)$ mod/newsclient/index.php?profile_name=$1&feed_offset=$2
+RewriteRule ^(([A-Za-z0-9_])[A-Za-z0-9_]+)\/rss\/?$ mod/newsclient/static.php?username=$1&userref=$2&type=profile
+RewriteRule ^([A-Za-z0-9_]+)\/newsclient\/?$ mod/newsclient/subscriptions.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/newsclient\/all\/?$ mod/newsclient/index.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/newsclient\/all\/skip=([0-9]+)$ mod/newsclient/index.php?profile_name=$1&feed_offset=$2
+RewriteRule ^([A-Za-z0-9_]+)\/feeds\/?$ mod/newsclient/subscriptions.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/feeds\/all\/?$ mod/newsclient/index.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/feeds\/all\/skip=([0-9]+)$ mod/newsclient/index.php?profile_name=$1&feed_offset=$2
 RewriteRule ^_rss\/([A-Za-z_]+).php$ mod/newsclient/$1.php?%{QUERY_STRING}
 
@@ -180,21 +180,21 @@
 # Weblog
 ########
-RewriteRule ^([A-Za-z0-9]+)\/weblog\/?$ mod/blog/index.php?weblog_name=$1
-ReWriteRule ^([A-Za-z0-9]+)\/weblog\/skip=([0-9]+)$ mod/blog/index.php?weblog_name=$1&weblog_offset=$2
-RewriteRule ^([A-Za-z0-9]+)\/weblog\/edit$ mod/blog/edit.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/weblog\/edit\/([0-9]+)$ mod/blog/edit.php?profile_name=$1&weblog_post_id=$2&action=edit
-RewriteRule ^([A-Za-z0-9]+)\/weblog\/archive\/?$ mod/blog/archive.php?weblog_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/weblog\/archive\/([0-9]+)\/([0-9]+)\/?$ mod/blog/archive_month.php?weblog_name=$1&year=$2&month=$3
-RewriteRule ^([A-Za-z0-9]+)\/weblog\/friends\/?$ mod/blog/friends.php?weblog_name=$1
-ReWriteRule ^([A-Za-z0-9]+)\/weblog\/friends\/skip=([0-9]+)$ mod/blog/friends.php?weblog_name=$1&weblog_offset=$2
-RewriteRule ^([A-Za-z0-9]+)\/weblog\/interesting\/?$ mod/blog/interesting.php?weblog_name=$1
-ReWriteRule ^([A-Za-z0-9]+)\/weblog\/interesting\/skip=([0-9]+)$ mod/blog/interesting.php?weblog_name=$1&weblog_offset=$2
-RewriteRule ^[A-Za-z0-9]+\/weblog\/([0-9]+)\.html$ mod/blog/view_post.php?post=$1
-RewriteRule ^[A-Za-z0-9]+\/weblog\/([0-9]+)\.html.([0-9]+)$ mod/blog/view_post.php?post=$1&commentpage=$2
-RewriteRule ^([A-Za-z0-9]+)\/weblog\/rss\/(.+)\/?$ mod/blog/rss2.php?weblog_name=$1&tag=$2&modifier=is
-RewriteRule ^([A-Za-z0-9]+)\/weblog\/rssnot\/(.+)\/?$ mod/blog/rss2.php?weblog_name=$1&tag=$2&modifier=not
-RewriteRule ^(([A-Za-z0-9])[A-Za-z0-9]+)\/weblog\/rss\/?$ mod/newsclient/static.php?username=$1&userref=$2&type=weblog
-RewriteRule ^([A-Za-z0-9]+)\/weblog\/category\/([^\/]+)\/?$ mod/blog/index.php?weblog_name=$1&filter=$2
-ReWriteRule ^([A-Za-z0-9]+)\/weblog\/category\/([^\/]+)\/skip=([0-9]+)$ mod/blog/index.php?weblog_name=$1&filter=$2&weblog_offset=$3
+RewriteRule ^([A-Za-z0-9_]+)\/weblog\/?$ mod/blog/index.php?weblog_name=$1
+ReWriteRule ^([A-Za-z0-9_]+)\/weblog\/skip=([0-9]+)$ mod/blog/index.php?weblog_name=$1&weblog_offset=$2
+RewriteRule ^([A-Za-z0-9_]+)\/weblog\/edit$ mod/blog/edit.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/weblog\/edit\/([0-9]+)$ mod/blog/edit.php?profile_name=$1&weblog_post_id=$2&action=edit
+RewriteRule ^([A-Za-z0-9_]+)\/weblog\/archive\/?$ mod/blog/archive.php?weblog_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/weblog\/archive\/([0-9]+)\/([0-9]+)\/?$ mod/blog/archive_month.php?weblog_name=$1&year=$2&month=$3
+RewriteRule ^([A-Za-z0-9_]+)\/weblog\/friends\/?$ mod/blog/friends.php?weblog_name=$1
+ReWriteRule ^([A-Za-z0-9_]+)\/weblog\/friends\/skip=([0-9]+)$ mod/blog/friends.php?weblog_name=$1&weblog_offset=$2
+RewriteRule ^([A-Za-z0-9_]+)\/weblog\/interesting\/?$ mod/blog/interesting.php?weblog_name=$1
+ReWriteRule ^([A-Za-z0-9_]+)\/weblog\/interesting\/skip=([0-9]+)$ mod/blog/interesting.php?weblog_name=$1&weblog_offset=$2
+RewriteRule ^[A-Za-z0-9_]+\/weblog\/([0-9]+)\.html$ mod/blog/view_post.php?post=$1
+RewriteRule ^[A-Za-z0-9_]+\/weblog\/([0-9]+)\.html.([0-9]+)$ mod/blog/view_post.php?post=$1&commentpage=$2
+RewriteRule ^([A-Za-z0-9_]+)\/weblog\/rss\/(.+)\/?$ mod/blog/rss2.php?weblog_name=$1&tag=$2&modifier=is
+RewriteRule ^([A-Za-z0-9_]+)\/weblog\/rssnot\/(.+)\/?$ mod/blog/rss2.php?weblog_name=$1&tag=$2&modifier=not
+RewriteRule ^(([A-Za-z0-9_])[A-Za-z0-9_]+)\/weblog\/rss\/?$ mod/newsclient/static.php?username=$1&userref=$2&type=weblog
+RewriteRule ^([A-Za-z0-9_]+)\/weblog\/category\/([^\/]+)\/?$ mod/blog/index.php?weblog_name=$1&filter=$2
+ReWriteRule ^([A-Za-z0-9_]+)\/weblog\/category\/([^\/]+)\/skip=([0-9]+)$ mod/blog/index.php?weblog_name=$1&filter=$2&weblog_offset=$3
 ReWriteRule ^weblog\/everyone$ mod/blog/everyone.php
 ReWriteRule ^weblog\/everyone\/(people|communities|commented|uncommented)$ mod/blog/everyone.php?filter=$1
@@ -210,13 +210,13 @@
 
 #project modules
-RewriteRule ^([A-Za-z0-9]+)\/projects\/?$ mod/projects/index.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/projects\/([A-Za-z0-9]+)\/?$ mod/projects/$2.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/projects\/?$ mod/projects/index.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/projects\/([A-Za-z0-9_]+)\/?$ mod/projects/$2.php?profile_name=$1
 
 #marketplace module
-RewriteRule ^([A-Za-z0-9]+)\/marketplace\/?$ mod/marketplace/index.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/marketplace\/([A-Za-z0-9]+)\/?$ mod/marketplace/$2.php?profile_name=$1
-RewriteRule ^([A-Za-z0-9]+)\/marketplace\/interested\/([A-Za-z0-9]+)\/([A-Za-z0-9]+)\/?$ mod/marketplace/interested.php?profile_name=$1&cat=$2&id=$3
-RewriteRule ^([A-Za-z0-9]+)\/marketplace\/removead\/([A-Za-z0-9]+)\/([A-Za-z0-9]+)\/?$ mod/marketplace/removead.php?profile_name=$1&cat=$2&id=$3
-RewriteRule ^([A-Za-z0-9]+)\/marketplace\/editad\/([A-Za-z0-9]+)\/([A-Za-z0-9]+)\/?$ mod/marketplace/editad.php?profile_name=$1&cat=$2&id=$3
+RewriteRule ^([A-Za-z0-9_]+)\/marketplace\/?$ mod/marketplace/index.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/marketplace\/([A-Za-z0-9_]+)\/?$ mod/marketplace/$2.php?profile_name=$1
+RewriteRule ^([A-Za-z0-9_]+)\/marketplace\/interested\/([A-Za-z0-9_]+)\/([A-Za-z0-9_]+)\/?$ mod/marketplace/interested.php?profile_name=$1&cat=$2&id=$3
+RewriteRule ^([A-Za-z0-9_]+)\/marketplace\/removead\/([A-Za-z0-9_]+)\/([A-Za-z0-9_]+)\/?$ mod/marketplace/removead.php?profile_name=$1&cat=$2&id=$3
+RewriteRule ^([A-Za-z0-9_]+)\/marketplace\/editad\/([A-Za-z0-9_]+)\/([A-Za-z0-9_]+)\/?$ mod/marketplace/editad.php?profile_name=$1&cat=$2&id=$3
 
 # RewriteRule ^([A-Za-z0-9]+)\/projects\/?$ mod/projects/index.php?profile_name=$1