Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.206.2.4
diff -u -p -r1.206.2.4 bootstrap.inc
--- includes/bootstrap.inc	18 Aug 2008 18:56:30 -0000	1.206.2.4
+++ includes/bootstrap.inc	22 Oct 2008 19:02:03 -0000
@@ -238,6 +238,11 @@ function conf_path($require_settings = T
 
   $confdir = 'sites';
   $uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']);
+  if (strpos($_SERVER['HTTP_HOST'], '/') !== FALSE) {
+    // A HTTP_HOST containing slashes may be an attack and is invalid.
+    header('HTTP/1.1 400 Bad Request');
+    exit;
+  }
   $server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.')))));
   for ($i = count($uri) - 1; $i > 0; $i--) {
     for ($j = count($server); $j > 0; $j--) {
Index: modules/book/book.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/book/book.admin.inc,v
retrieving revision 1.8.2.2
diff -u -p -r1.8.2.2 book.admin.inc
--- modules/book/book.admin.inc	8 Jul 2008 10:19:46 -0000	1.8.2.2
+++ modules/book/book.admin.inc	22 Oct 2008 19:02:12 -0000
@@ -170,8 +170,8 @@ function _book_admin_table($node, &$form
  * @see book_admin_edit()
  */
 function _book_admin_table_tree($tree, &$form) {
-  foreach ($tree as $key => $data) {
-    $form[$key] = array(
+  foreach ($tree as $data) {
+    $form['book-admin-'. $data['link']['nid']] = array(
       '#item' => $data['link'],
       'nid' => array('#type' => 'value', '#value' => $data['link']['nid']),
       'depth' => array('#type' => 'value', '#value' => $data['link']['depth']),