diff --git a/includes/account.php b/includes/account.php
index 94ccdb1..56457b9 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -48,7 +48,7 @@
 			exit;
 		}
 		$checkemail = checkEmail($_REQUEST['newemail']);
-		if($checkemail != true)
+		if($checkemail != "OK")
 		{
 			showheader(_("My CAcert.org Account!"));
 			echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
@@ -427,7 +427,7 @@
 			exit;
 		}
 		$checkemail = checkEmail($_REQUEST['newemail']);
-		if($checkemail != true)
+		if($checkemail != "OK")
 		{
 			showheader(_("My CAcert.org Account!"));
 			echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
diff --git a/includes/general.php b/includes/general.php
index 6353c80..5a606dd 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -88,7 +88,7 @@
 
 	if($_SESSION['_config']['language'] == "")
 	{
-		$bits = explode(",", strtolower(str_replace(" ", "", $_SERVER['HTTP_ACCEPT_LANGUAGE'])));
+		$bits = explode(",", strtolower(str_replace(" ", "", mysql_real_escape_string($_SERVER['HTTP_ACCEPT_LANGUAGE']))));
 		foreach($bits as $lang)
 		{
 			$b = explode(";", $lang);
@@ -105,6 +105,7 @@
 
 		foreach($value as $key => $val)
 		{
+			$val = substr(escapeshellarg($val), 1, -1);
 			$short = substr($val, 0, 2);
 			if($val == "en" || $short == "en")
 			{
@@ -624,7 +625,7 @@
 						break;
 				}
 			}
-			return true;
+			return "OK";
 		}
 		return _("Failed to make a connection to the mail server");
 	}
diff --git a/pages/account/43.php b/pages/account/43.php
index 83d4dfb..2ee125e 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -168,7 +168,10 @@
     <td class="DataTD"><?=_("Delete Account")?>:</td>
     <td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>"><?=_("Delete Account")?></a></td>
   </tr>
-<? if($_REQUEST['showlostpw'] != "yes") { ?>
+<?
+	// This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
+	if($_GET['showlostpw'] != "yes") {
+?>
   <tr>
     <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
   </tr>
diff --git a/tverify/index/0.php b/tverify/index/0.php
index 1b80efc..bf9ec58 100644
--- a/tverify/index/0.php
+++ b/tverify/index/0.php
@@ -34,7 +34,8 @@
 		$row = mysql_fetch_assoc($account);
 		$memid = $row['memid'];
 
-		$firstname = trim($_SERVER['SSL_CLIENT_S_DN_G']);
+		$bits = explode(" ", trim($_SERVER['SSL_CLIENT_S_DN_G']), 2);
+		$firstname = trim($bits['0']);
 		$lastname = trim($_SERVER['SSL_CLIENT_S_DN_S']);
 
 		$query = "select * from `users` where `fname`='$firstname' and `lname`='$lastname' and `id`='$memid'";
diff --git a/www/index.php b/www/index.php
index 61a3dd0..a55ba72 100644
--- a/www/index.php
+++ b/www/index.php
@@ -326,7 +326,7 @@
 		if($id == 2)
 		{
 			$checkemail = checkEmail($_SESSION['signup']['email']);
-			if($checkemail != true)
+			if($checkemail != "OK")
 			{
 				$id = 1;
 				$_SESSION['_config']['errmsg'] .= _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."<br>\n$checkemail<br>\n";