Eliminate all remains of insecure code

update: this is done. there was only one particularly dangerous file, the rest had moderate vulnerabilities. it is all better now.

===================
wont disclose the security hole, but the ConnectoR class needs to be used instead of a direct call.

there seems to be about 9 jsp pages that can use some tightening.

Status: 

Priority: 

High