diff --git a/cis/private/lehre/benotungstool/functions.inc.php b/cis/private/lehre/benotungstool/functions.inc.php
index e4fc4d60e..2e42e33f0 100755
--- a/cis/private/lehre/benotungstool/functions.inc.php
+++ b/cis/private/lehre/benotungstool/functions.inc.php
@@ -17,13 +17,13 @@ function makeUploadName($db, $which, $lehreinheit_id=null, $uebung_id=null, $ss=
 	{
 		$query = "SELECT nachname, vorname from tbl_person, tbl_benutzer where tbl_benutzer.person_id = tbl_person.person_id and tbl_benutzer.uid = ".$db->db_add_param($uid);
 		$result = $db->db_query($query);
-		$row = $db->db_fetch_object($result);		
+		$row = $db->db_fetch_object($result);
 		$name .= "_".$uebung_id."_".$row->nachname."_".$row->vorname."_".$uid."_".$date;
 	}
 	else if ($which == "zip")
 	{
-		
-		$name .= "_".$uebung_id."_".$date;	
+
+		$name .= "_".$uebung_id."_".$date;
 	}
 	$name = str_replace(":","-",$name);
 	return $name;
diff --git a/cis/private/lehre/benotungstool/studentenansicht.php b/cis/private/lehre/benotungstool/studentenansicht.php
index be203d8d7..d13f24aa0 100644
--- a/cis/private/lehre/benotungstool/studentenansicht.php
+++ b/cis/private/lehre/benotungstool/studentenansicht.php
@@ -24,7 +24,7 @@
 // ********************
 
 require_once('../../../../config/cis.config.inc.php');
-require_once('../../../../include/basis_db.class.php');		
+require_once('../../../../include/basis_db.class.php');
 require_once('../../../../include/functions.inc.php');
 require_once('../../../../include/lehrveranstaltung.class.php');
 require_once('../../../../include/studiengang.class.php');
@@ -41,14 +41,13 @@ require_once('../../../../include/zeugnisnote.class.php');
 require_once('../../../../include/phrasen.class.php');
 include('functions.inc.php');
 
-$sprache = getSprache(); 
-$p = new phrasen($sprache); 
+$sprache = getSprache();
+$p = new phrasen($sprache);
 
 if (!$db = new basis_db())
 		die($p->t('global/fehlerBeimOeffnenDerDatenbankverbindung'));
 $user = get_uid();
-//$user = 'if06b172';
-//$user = 'if06b144';
+
 $lektorenansicht = 0;
 
 if(isset($_GET['lvid']) && is_numeric($_GET['lvid'])) //Lehrveranstaltung_id
@@ -62,12 +61,10 @@ else
 	$lehreinheit_id = '';
 $uid = (isset($_GET['uid'])?$_GET['uid']:''); //Uid
 
-	
-	
 if(check_lektor($user) && (isset($_GET['uid']) && $_GET["uid"] != ""))
 {
 	$rights = new benutzerberechtigung();
-	$rights->getBerechtigungen($user); 
+	$rights->getBerechtigungen($user);
 	$lehreinheit=new lehreinheit($_GET["lehreinheit_id"]);
 	if(!check_lektor_lehrveranstaltung($user, $lehreinheit->lehrveranstaltung_id, $lehreinheit->studiensemester_kurzbz) && !$rights->isBerechtigt('admin',0))
 			die($p->t('global/keineBerechtigungFuerDieseSeite'));
@@ -94,17 +91,29 @@ $datum_obj = new datum();
 $uebung_id = (isset($_GET['uebung_id'])?$_GET['uebung_id']:'');
 
 //Abgabedatei ausliefern
-if (isset($_GET["download_abgabe"])){
+if (isset($_GET["download_abgabe"]))
+{
 	$file=$_GET["download_abgabe"];
+	$file = preg_replace('/[^A-Za-z0-9\-_.]/', '',$file);
 	$uebung_id = $_GET["uebung_id"];
 	$ueb = new uebung();
-	$ueb->load_studentuebung($user, $uebung_id);
-	$ueb->load_abgabe($ueb->abgabe_id);
-	$filename = BENOTUNGSTOOL_PATH."abgabe/".$ueb->abgabedatei;
-	header('Content-Type: application/octet-stream');
-	header('Content-disposition: attachment; filename="'.$file.'"');
-	readfile($filename);
-	exit;
+	if($ueb->load_studentuebung($user, $uebung_id))
+	{
+		if($ueb->load_abgabe($ueb->abgabe_id))
+		{
+			$filename = BENOTUNGSTOOL_PATH."abgabe/".$ueb->abgabedatei;
+			header('Content-Type: application/octet-stream');
+			header('Content-disposition: attachment; filename="'.$file.'"');
+			readfile($filename);
+			exit;
+		}
+		else
+		{
+			die($ueb->errormsg);
+		}
+	}
+	else
+		die($ueb->errormsg);
 }
 
 //Angabedatei ausliefern
@@ -162,20 +171,21 @@ if (isset($_POST["abgabe"]))
 {
 	$abgabedatei_up = $_FILES["abgabedatei"]["tmp_name"];
 	$abgabe_anmerkung = (isset($_POST["abgabe_anmerkung"])?$_POST["abgabe_anmerkung"]:'');
-	
+
 	if ($abgabedatei_up)
 	{
 		//echo $abgabedatei_up;
 		$datum = date('Y-m-d H:i:s');
-		$datumstr = ereg_replace(" ","_",$datum);
+		$datumstr = str_replace(" ","_",$datum);
 		$name_up = pathinfo($_FILES["abgabedatei"]["name"]);
 		$name_neu = makeUploadName($db, $which='abgabe', $lehreinheit_id=$lehreinheit_id, $uebung_id=$uebung_id, $ss=$stsem,$uid=$user, $date=$datumstr);
+		$name_neu = preg_replace('/[^A-Za-z0-9\-_]/', '',$name_neu);
 		$abgabedatei = $name_neu.".".$name_up["extension"];
-		$abgabepfad = BENOTUNGSTOOL_PATH."abgabe/".$abgabedatei;	
-			
+		$abgabepfad = BENOTUNGSTOOL_PATH."abgabe/".$abgabedatei;
+
 		$uebung_obj = new uebung();
 		$uebung_obj->load_studentuebung($user, $uebung_id);
-			
+
 		if ($uebung_obj->errormsg != "")
 		{
 			$uebung_obj->student_uid = $user;
@@ -194,12 +204,12 @@ if (isset($_POST["abgabe"]))
 			$uebung_obj->new = true;
 			$uebung_obj->studentuebung_save($new=true);
 			//echo $uebung_obj->errormsg;
-			
+
 		}
 		if ($uebung_obj->abgabe_id != null)
-		{			
-			$uebung_obj->load_abgabe($uebung_obj->abgabe_id);			
-			unlink(BENOTUNGSTOOL_PATH."abgabe/".$uebung_obj->abgabedatei);			
+		{
+			$uebung_obj->load_abgabe($uebung_obj->abgabe_id);
+			unlink(BENOTUNGSTOOL_PATH."abgabe/".$uebung_obj->abgabedatei);
 			$uebung_obj->abgabedatei = $abgabedatei;
 			$uebung_obj->abgabezeit = 	$datum;
 			$uebung_obj->abgabe_anmerkung = $abgabe_anmerkung;
@@ -213,10 +223,10 @@ if (isset($_POST["abgabe"]))
 			$uebung_obj->abgabe_save(true);
 		}
 		$uebung_obj->studentuebung_save(false);
-		//Abgabedatei ablegen				
+		//Abgabedatei ablegen
 		move_uploaded_file($_FILES['abgabedatei']['tmp_name'], $abgabepfad);
 	}
-	
+
 	else
 	{
 		$abgabe_anmerkung = $_POST["abgabe_anmerkung"];
@@ -225,7 +235,7 @@ if (isset($_POST["abgabe"]))
 		if ($uebung_obj2->errormsg == "")
 		{
 			if ($uebung_obj2->abgabe_id != null)
-			{	
+			{
 				$uebung_obj2->load_abgabe($uebung_obj2->abgabe_id);
 				$uebung_obj2->abgabe_anmerkung = $abgabe_anmerkung;
 				$uebung_obj2->abgabe_save(false);
@@ -259,11 +269,11 @@ $qry = "SELECT distinct lehreinheit_id, lehrfach.kurzbz FROM lehre.tbl_lehreinhe
 			SELECT lehreinheit_id FROM lehre.tbl_lehreinheit JOIN campus.tbl_uebung USING(lehreinheit_id)
 			WHERE tbl_lehreinheit.lehrveranstaltung_id=".$db->db_add_param($lvid, FHC_INTEGER)." AND tbl_lehreinheit.studiensemester_kurzbz=".$db->db_add_param($stsem).")
 		UNION
-		SELECT 
-			lehreinheit_id 
-		FROM 
+		SELECT
+			lehreinheit_id
+		FROM
 			public.tbl_student, lehre.tbl_lehreinheitgruppe, public.tbl_studentlehrverband
-		WHERE 
+		WHERE
 			tbl_student.student_uid=".$db->db_add_param($user)." AND
 			tbl_studentlehrverband.student_uid=tbl_student.student_uid AND
 			tbl_studentlehrverband.studiensemester_kurzbz=".$db->db_add_param($stsem)." AND
@@ -370,7 +380,7 @@ echo '<td class="tdwidth10">&nbsp;</td>';
 echo "<td width='100%'>\n";
 echo "<table width='100%'><tr><td><b>".$lv_obj->bezeichnung_arr[$sprache]."</b></td><td align='right'><a href='../../../../documents/".strtolower($stg_obj->kuerzel)."/$lv_obj->semester/$lv_obj->lehreverzeichnis/download/' target='_blank' class='Item'>".$p->t('benotungstool/downloadverzeichnisAnzeigen')."</a></td></tr></table><br>";
 
-if($lehreinheit_id=='')		
+if($lehreinheit_id=='')
 	die($p->t('benotungstool/keineKreuzerllistenFuerDieseLehrveranstaltung'));
 
 $qry = "SELECT vorname, nachname FROM campus.vw_student WHERE uid=".$db->db_add_param($user);
@@ -383,7 +393,7 @@ if($result = $db->db_query($qry))
 
 if (!isset($_GET["notenuebersicht"]))
 {
-	$l = 0;	
+	$l = 0;
 	$ueb_check = new uebung();
 	$ueb_check->load_uebung($lehreinheit_id,1);
 	if	(count($ueb_check->uebungen > 0))
@@ -396,7 +406,7 @@ if (!isset($_GET["notenuebersicht"]))
 				$l = 1;
 		}
 	}
-	
+
 	if ($l > 0)
 	{
 		echo "<br><b>".$p->t('lehre/leistungsuebersicht')." / <a href='studentenansicht.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&notenuebersicht=1&uid=$user'>".$p->t('benotungstool/notenuebersichtFuer')." $name</b><br><br>";
@@ -409,12 +419,12 @@ if (!isset($_GET["notenuebersicht"]))
 			echo "<option value='studentenansicht.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uid=$user' selected></option>";
 			foreach ($uebung_obj->uebungen as $row)
 			{
-				
+
 				if($uebung_id == $row->uebung_id)
 					$selected = 'selected';
 				else
-					$selected = '';		
-				
+					$selected = '';
+
 				$subuebung_obj = new uebung();
 				$subuebung_obj->load_uebung($lehreinheit_id,2,$row->uebung_id);
 				if(count($subuebung_obj->uebungen)>0)
@@ -427,41 +437,41 @@ if (!isset($_GET["notenuebersicht"]))
 					}
 				else
 					$disabled = '';
-				
-		
-				
+
+
+
 				if(count($subuebung_obj->uebungen)>0)
 				{
 					foreach ($subuebung_obj->uebungen as $subrow)
 					{
 						if($uebung_id=='')
 							$uebung_id=$subrow->uebung_id;
-			
+
 						if($uebung_id == $subrow->uebung_id)
 							$selected = 'selected';
 						else
 							$selected = '';
-						
+
 						echo "<OPTION value='studentenansicht.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uebung_id=$subrow->uebung_id&uid=$user' $selected>";
-		
-						
+
+
 						//Freigegeben = +
 						//Nicht Freigegeben = -
 						if($datum_obj->mktime_fromtimestamp($subrow->freigabevon)<time() && $datum_obj->mktime_fromtimestamp($subrow->freigabebis)>time())
 							echo ' + ';
 						else
 							echo ' - ';
-						
+
 						echo $subrow->bezeichnung;
 						echo '</OPTION>';
-						
+
 					}
 				}
 			}
-			
+
 			echo '</SELECT>';
 			echo '</td>';
-			
+
 			echo "<td>
 				<table>
 				<tr>
@@ -482,21 +492,21 @@ if (!isset($_GET["notenuebersicht"]))
 	else
 	{
 		$callURL="studentenansicht.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&notenuebersicht=1&uid=$user";
-		#header("Location:$callURL");	
+		#header("Location:$callURL");
 	echo "<script language=\"JavaScript\">";
 	echo "window.location.href  ='$callURL'";
 	echo "</script>";
-	exit;		
-		//echo "Derzeit sind keine Kreuzerllisten oder Abgaben angelegt";	
+	exit;
+		//echo "Derzeit sind keine Kreuzerllisten oder Abgaben angelegt";
 	}
-	
-	
-	
+
+
+
 	//******SPEICHERN DER DATEN*************
 	if(isset($_POST['submit']))
 	{
 		$error=false;
-	
+
 		$ueb_hlp_obj = new uebung();
 		$ueb_hlp_obj->load($uebung_id);
 		//Wenn Kreuzerlliste Freigegeben ist
@@ -504,21 +514,21 @@ if (!isset($_GET["notenuebersicht"]))
 		   $datum_obj->mktime_fromtimestamp($ueb_hlp_obj->freigabebis)>time())
 		{
 			$bsp_obj = new beispiel();
-	
+
 			if($bsp_obj->load_beispiel($uebung_id))
 			{
-				$anzahl_solved = 0;			
+				$anzahl_solved = 0;
 				foreach ($bsp_obj->beispiele as $row)
 				{
 						if (isset($_POST['solved_'.$row->beispiel_id]) && ($_POST['solved_'.$row->beispiel_id]==1))
 							$anzahl_solved++;
 				}
 				if (($anzahl_solved <= $ueb_hlp_obj->maxbsp) || ($ueb_hlp_obj->maxbsp == 0))
-				{		
+				{
 					foreach ($bsp_obj->beispiele as $row)
 					{
 						$stud_bsp_obj = new beispiel();
-		
+
 						if($stud_bsp_obj->load_studentbeispiel($user, $row->beispiel_id))
 						{
 							$stud_bsp_obj->new=false;
@@ -530,18 +540,18 @@ if (!isset($_GET["notenuebersicht"]))
 							$stud_bsp_obj->insertvon = $user;
 							$stud_bsp_obj->vorbereitet = false;
 						}
-						if (isset($_POST['solved_'.$row->beispiel_id]))				
+						if (isset($_POST['solved_'.$row->beispiel_id]))
 							$stud_bsp_obj->vorbereitet = ($_POST['solved_'.$row->beispiel_id]==1?true:false);
-							
+
 						$stud_bsp_obj->probleme = (isset($_POST['problem_'.$row->beispiel_id])?true:false);
 						$stud_bsp_obj->updateamum = date('Y-m-d H:i:s');
 						$stud_bsp_obj->updatevon = $user;
 						$stud_bsp_obj->student_uid = $user;
 						$stud_bsp_obj->beispiel_id = $row->beispiel_id;
-						
+
 						if(!$row->check_anzahl_studentbeispiel($row->beispiel_id))
 							die('<span class="error">Fehler beim Ermitteln der Beispiele</span>');
-						if (($row->anzahl_studentbeispiel >= $ueb_hlp_obj->maxstd) && ($stud_bsp_obj->vorbereitet==true) && ($ueb_hlp_obj->maxstd != null)) //isset($_POST['problem_'.$row->beispiel_id]) &&  $stud_bsp_obj->new || 
+						if (($row->anzahl_studentbeispiel >= $ueb_hlp_obj->maxstd) && ($stud_bsp_obj->vorbereitet==true) && ($ueb_hlp_obj->maxstd != null)) //isset($_POST['problem_'.$row->beispiel_id]) &&  $stud_bsp_obj->new ||
 						{
 							$hlp = new beispiel();
 							if($hlp->load_studentbeispiel($user, $row->beispiel_id))
@@ -552,7 +562,7 @@ if (!isset($_GET["notenuebersicht"]))
 									$error = true;
 								}
 							}
-						}					
+						}
 						else
 						{
 							if(!$stud_bsp_obj->studentbeispiel_save())
@@ -565,11 +575,11 @@ if (!isset($_GET["notenuebersicht"]))
 				}
 				else
 				{
-					$error=true;				
+					$error=true;
 					echo $p->t('benotungstool/zuVieleBeispieleAngekreuzt')."!<br>";
 				}
 			}
-	
+
 			if($error)
 				echo "<span class='error'>".$p->t('benotungstool/esKonntenNichtAlleDatenGespeichertWerden')."</span><br>";
 			else
@@ -578,19 +588,20 @@ if (!isset($_GET["notenuebersicht"]))
 		else
 			echo "<span class='error'>".$p->t('benotungstool/nichtGespeichertKreuzerllisteNichtFreigegeben')."!</span>";
 	}
-	
+
 	//********ANZEIGE DER EINGETRAGENEN KREUZERL***********
 	if ($l > 0)
-	{	
+	{
 		$uebung_obj = new uebung();
 		$uebung_obj->load($uebung_id);
 		$downloadname = mb_ereg_replace($uebung_id,mb_ereg_replace(' ','_',$uebung_obj->bezeichnung), $uebung_obj->angabedatei);
+		$downloadname = preg_replace('/[^A-Za-z0-9\-_.]/', '',$downloadname);
 		echo $p->t('benotungstool/freigegebenVon')." ".date('d.m.Y H:i',$datum_obj->mktime_fromtimestamp($uebung_obj->freigabevon))." ".$p->t('global/bis')." ".date('d.m.Y H:i',$datum_obj->mktime_fromtimestamp($uebung_obj->freigabebis));
 		echo "<br><br><h3><u>$uebung_obj->bezeichnung</u></h3>";
 		if ($uebung_obj->angabedatei)
 			echo $p->t('benotungstool/angabe').": <a href='studentenansicht.php?uid=$user&lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&download=".$downloadname."'>".$downloadname."</a><br><br>";
-		
-		
+
+
 		$ueb_obj = new uebung();
 		if($ueb_obj->load_studentuebung($user, $uebung_id))
 		{
@@ -608,39 +619,39 @@ if (!isset($_GET["notenuebersicht"]))
 		$anmerkung = mb_str_replace("\n", "<br>", $anmerkung);
 		if ($uebung_obj->beispiele)
 		{
-			
+
 			$qry_cnt = "SELECT count(*) as anzahl FROM campus.tbl_studentbeispiel WHERE beispiel_id IN (SELECT beispiel_id from campus.tbl_beispiel where uebung_id =".$db->db_add_param($uebung_id, FHC_INTEGER).") AND vorbereitet=true and student_uid = ".$db->db_add_param($user);
 				if($result_cnt = $db->db_query($qry_cnt))
 					if($row_cnt = $db->db_fetch_object($result_cnt))
 						$anzahl = $row_cnt->anzahl;
-						
+
 			echo "<script type='text/javascript'>";
 			if ($uebung_obj->maxbsp)
 				echo "maxbsp = ".$uebung_obj->maxbsp.";";
 			else
-				echo "maxbsp = 9999;";			
+				echo "maxbsp = 9999;";
 			echo "aktbsp = ".$anzahl.";";
 			echo "function plus1(id)
 				{
 					aktbsp++;
 					if (aktbsp > maxbsp)
-					{			
+					{
 						document.bspform.reset();
-						alert('Sie dürfen maximal '+maxbsp+' Beispiele markieren!');		
-						aktbsp = ".$anzahl.";		
+						alert('Sie dürfen maximal '+maxbsp+' Beispiele markieren!');
+						aktbsp = ".$anzahl.";
 					}
-					
+
 				}
 				function minus1()
 				{
-					aktbsp--;		
-				}		
+					aktbsp--;
+				}
 				";
-				
+
 			echo "</script>";
-			
+
 			$bsp_obj = new beispiel();
-			$bsp_obj->load_beispiel($uebung_id);			
+			$bsp_obj->load_beispiel($uebung_id);
 			if ($bsp_obj->beispiele)
 			{
 				echo " <table>";
@@ -648,7 +659,7 @@ if (!isset($_GET["notenuebersicht"]))
 					echo "<tr><td>".$p->t('benotungstool/maxBeispieleStudent').":</td><td><b>".$uebung_obj->maxbsp."</b></td></tr>";
 				if ($uebung_obj->maxstd > 0)
 					echo "<tr><td>".$p->t('benotungstool/maxStudentenBeispiel').":</td><td style='background-color:#dddddd;'><b>".$uebung_obj->maxstd."</b></td></tr>";
-				echo "</table>";	
+				echo "</table>";
 				echo "
 				<form accept-charset='UTF-8' method='POST' name='bspform' action='studentenansicht.php?lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&stsem=$stsem&uid=$user'>
 				<table width='100%'>
@@ -664,12 +675,12 @@ if (!isset($_GET["notenuebersicht"]))
 							    <td class='ContentHeader2'>".$p->t('benotungstool/probleme')."</td>
 							    <td class='ContentHeader2'>".$p->t('benotungstool/punkte')."</td>
 							</tr>";
-				
-				
-				
+
+
+
 				foreach ($bsp_obj->beispiele as $row)
 				{
-					$bsp_voll = false;		
+					$bsp_voll = false;
 					$stud_bsp_obj = new beispiel();
 					if ($uebung_obj->maxstd > 0)
 					{
@@ -690,7 +701,7 @@ if (!isset($_GET["notenuebersicht"]))
 					if ($bsp_voll)
 					{
 						$ro = " disabled";
-						$markiert = " style='background-color:#dddddd;'";		
+						$markiert = " style='background-color:#dddddd;'";
 					}
 					else
 					{
@@ -704,64 +715,64 @@ if (!isset($_GET["notenuebersicht"]))
 							<td align='center'><input type='checkbox' name='problem_$row->beispiel_id' ".($probleme?'checked':'')."$ro></td>
 							<td align='center'>$row->punkte</td>
 						</tr>";
-			
-						
+
+
 				}
-				
+
 				//Speichern button nur Anzeigen wenn die Uebung Freigegeben ist
 				if($datum_obj->mktime_fromtimestamp($uebung_obj->freigabevon)<time() && $datum_obj->mktime_fromtimestamp($uebung_obj->freigabebis)>time())
 					echo "<tr><td align='right' colspan=5><input type='submit' value='".$p->t('global/speichern')."' name='submit'></td></form></tr>";
-				
+
 				echo "</table>";
 			}
 			else
 				echo "<table><tr><td>".$p->t('benotungstool/keineBeispieleAngelegt')."</td></tr></table><table width='100%'><tr><td width='70%'></div><table><tr><td>&nbsp;</td></tr></table>";
-			
+
 			if ($uebung_obj->abgabe)
 			{
-				
+
 				echo "<br><table><tr><td>".$p->t('benotungstool/abgabedatei').":</td></tr>\n";
 				$uebung_obj->load_studentuebung($user, $uebung_id);
 				if ($uebung_obj->abgabe_id)
-				{		
-					$uebung_obj->load_abgabe($uebung_obj->abgabe_id);	
+				{
+					$uebung_obj->load_abgabe($uebung_obj->abgabe_id);
 					echo " <tr>";
 					echo"	<td><a href='studentenansicht.php?uid=$user&lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&stsem=$stsem&download_abgabe=".$uebung_obj->abgabedatei."'>".$uebung_obj->abgabedatei."</a>";
-					if($datum_obj->mktime_fromtimestamp($uebung_obj->freigabevon)<time() && $datum_obj->mktime_fromtimestamp($uebung_obj->freigabebis)>time())	
+					if($datum_obj->mktime_fromtimestamp($uebung_obj->freigabevon)<time() && $datum_obj->mktime_fromtimestamp($uebung_obj->freigabebis)>time())
 						echo " <a href='studentenansicht.php?uid=$user&lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&stsem=$stsem&deleteabgabe=1'>[del]</a></td>";
 					echo "</tr>";
-				}				
-		
+				}
+
 				if($datum_obj->mktime_fromtimestamp($uebung_obj->freigabevon)<time() && $datum_obj->mktime_fromtimestamp($uebung_obj->freigabebis)>time())
 				{
 					echo "	<tr>\n";
 					echo "	<form accept-charset='UTF-8' method='POST' action='studentenansicht.php?uid=$user&lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&stsem=$stsem' enctype='multipart/form-data' name='kl_angabe'>\n";
 					echo "		<td>\n";
 					echo "			<input type='file' name='abgabedatei'> <input type='submit' name='abgabe' value='".$p->t('benotungstool/abgeben')."'>";
-					echo "		</td>\n";	
+					echo "		</td>\n";
 					echo "	</form>\n";
 					echo "</tr>\n";
-					
+
 				}
 				echo "</table>";
 			}
-			
+
 			echo "</td><td valign='top' algin='right'>";
-			
+
 			//Gesamtpunkte diese Kreuzerlliste
 			$qry = "SELECT sum(punkte) as punktegesamt FROM campus.tbl_beispiel WHERE uebung_id=".$db->db_add_param($uebung_id, FHC_INTEGER);
 			$punkte_gesamt=0;
 			if($result=$db->db_query($qry))
 				if($row = $db->db_fetch_object($result))
 					$punkte_gesamt = $row->punktegesamt;
-			
+
 			//Eingetragen diese Kreuzerlliste
 			$qry = "SELECT sum(punkte) as punkteeingetragen FROM campus.tbl_beispiel JOIN campus.tbl_studentbeispiel USING(beispiel_id) WHERE uebung_id=".$db->db_add_param($uebung_id, FHC_INTEGER)." AND student_uid=".$db->db_add_param($user)." AND vorbereitet=true";
 			$punkte_eingetragen=0;
 			if($result=$db->db_query($qry))
 				if($row = $db->db_fetch_object($result))
 					$punkte_eingetragen = ($row->punkteeingetragen!=''?$row->punkteeingetragen:0);
-			
+
 			//Gesamtpunkte alle Kreuzerllisten in dieser Übung
 			$ueb_help = new uebung($uebung_id);
 			$liste_id = $ueb_help->liste_id;
@@ -772,19 +783,19 @@ if (!isset($_GET["notenuebersicht"]))
 			if($result=$db->db_query($qry))
 				if($row = $db->db_fetch_object($result))
 					$punkte_gesamt_alle = $row->punktegesamt_alle;
-			
+
 			//Eingetragen alle Kreuzerllisten
 			$qry = "SELECT sum(tbl_beispiel.punkte) as punkteeingetragen_alle FROM campus.tbl_beispiel, campus.tbl_studentbeispiel, campus.tbl_uebung
 					WHERE tbl_beispiel.beispiel_id = tbl_studentbeispiel.beispiel_id AND
 					tbl_uebung.uebung_id=tbl_beispiel.uebung_id AND
 					tbl_uebung.lehreinheit_id=".$db->db_add_param($lehreinheit_id, FHC_INTEGER)." AND
-					tbl_uebung.liste_id = ".$db->db_add_param($liste_id, FHC_INTEGER)." AND 
+					tbl_uebung.liste_id = ".$db->db_add_param($liste_id, FHC_INTEGER)." AND
 					tbl_studentbeispiel.student_uid=".$db->db_add_param($user)." AND vorbereitet=true";
 			$punkte_eingetragen_alle=0;
 			if($result=$db->db_query($qry))
 				if($row = $db->db_fetch_object($result))
 					$punkte_eingetragen_alle = ($row->punkteeingetragen_alle!=''?$row->punkteeingetragen_alle:0);
-			
+
 			//Mitarbeitspunkte
 			$qry = "SELECT sum(mitarbeitspunkte) as mitarbeitspunkte FROM campus.tbl_studentuebung JOIN campus.tbl_uebung USING(uebung_id)
 					WHERE lehreinheit_id=".$db->db_add_param($lehreinheit_id, FHC_INTEGER)." AND student_uid=".$db->db_add_param($user)." AND liste_id = ".$db->db_add_param($liste_id, FHC_INTEGER);
@@ -792,7 +803,7 @@ if (!isset($_GET["notenuebersicht"]))
 			if($result=$db->db_query($qry))
 				if($row = $db->db_fetch_object($result))
 					$mitarbeit_alle = ($row->mitarbeitspunkte!=''?$row->mitarbeitspunkte:0);
-			
+
 			//Mitarbeitspunkte
 			$qry = "SELECT mitarbeitspunkte FROM campus.tbl_studentuebung
 					WHERE uebung_id=".$db->db_add_param($uebung_id, FHC_INTEGER)." AND student_uid=".$db->db_add_param($user);
@@ -801,7 +812,7 @@ if (!isset($_GET["notenuebersicht"]))
 				if($row = $db->db_fetch_object($result))
 					$mitarbeit = $row->mitarbeitspunkte;
 			echo "
-			
+
 				<table border='1' width='210'>
 				<tr>
 					<td colspan='2' class='ContentHeader2'>".$p->t('benotungstool/dieseKreuzerlliste').":</td>
@@ -844,16 +855,16 @@ if (!isset($_GET["notenuebersicht"]))
 				</tr>
 				</table>
 				";
-			
-			
+
+
 			echo "
 			</td></tr>
-			
+
 			</table>
-			
+
 			</form>
 			";
-			
+
 			//**********STATISTIK***************
 			if($uebung_obj->statistik)
 			{
@@ -878,7 +889,7 @@ if (!isset($_GET["notenuebersicht"]))
 						$qry_cnt = "SELECT distinct student_uid FROM campus.tbl_studentbeispiel JOIN campus.tbl_beispiel USING(beispiel_id) WHERE uebung_id=".$db->db_add_param($uebung_id)." GROUP BY student_uid";
 							if($result_cnt = $db->db_query($qry_cnt))
 									$gesamt=$db->db_num_rows($result_cnt);
-			
+
 						foreach ($beispiel_obj->beispiele as $row)
 						{
 							$i++;
@@ -888,12 +899,12 @@ if (!isset($_GET["notenuebersicht"]))
 							if($result_cnt = $db->db_query($qry_cnt))
 								if($row_cnt = $db->db_fetch_object($result_cnt))
 									$solved = $row_cnt->anzahl;
-			
-			
-			
+
+
+
 							if($solved>0)
 								$psolved = $solved/$gesamt*100;
-			
+
 							echo '<tr>
 				            		<td '.($i%2?'class="MarkLine"':'').' valign="top" height="10" width="200"><font size="2" face="Arial, Helvetica, sans-serif">
 				              			'.$row->bezeichnung.'
@@ -928,24 +939,24 @@ if (!isset($_GET["notenuebersicht"]))
 		}
 		else if ($uebung_obj->abgabe)
 		{
-			
+
 			echo "<table width='100%'>\n";
 			echo "<tr><td>".($note!=''?'<b>'.$p->t('benotungstool/note').': </b>'.$note.'<br><br>':'')."</td></tr>\n";
-			echo"	
+			echo"
 			<tr>
 					<td valign='top'>
 					".($anmerkung!=''?'<b>'.$p->t('global/anmerkungen').':</b><br> '.$anmerkung.'<br><br>':'')."
 					</td>";
 			echo "</tr>\n";
-		
+
 			echo "<tr><td><hr></td></tr>\n";
 			$uebung_obj->load_studentuebung($user, $uebung_id);
 			if ($uebung_obj->abgabe_id)
-			{		
-				$uebung_obj->load_abgabe($uebung_obj->abgabe_id);	
+			{
+				$uebung_obj->load_abgabe($uebung_obj->abgabe_id);
 				echo " <tr>";
 				echo"	<td>".$p->t('benotungstool/abgabedatei').": <a href='studentenansicht.php?uid=$user&lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&stsem=$stsem&download_abgabe=".$uebung_obj->abgabedatei."'>".$uebung_obj->abgabedatei."</a>";
-				if($datum_obj->mktime_fromtimestamp($uebung_obj->freigabevon)<time() && $datum_obj->mktime_fromtimestamp($uebung_obj->freigabebis)>time())	
+				if($datum_obj->mktime_fromtimestamp($uebung_obj->freigabevon)<time() && $datum_obj->mktime_fromtimestamp($uebung_obj->freigabebis)>time())
 					echo " <a href='studentenansicht.php?uid=$user&lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&stsem=$stsem&deleteabgabe=1'>[del]</a><br></td>";
 				echo "</tr>";
 			}
@@ -954,14 +965,14 @@ if (!isset($_GET["notenuebersicht"]))
 				echo "	<tr>\n";
 				echo "	<form accept-charset='UTF-8' method='POST' action='studentenansicht.php?uid=$user&lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&stsem=$stsem' enctype='multipart/form-data'>\n";
 				echo "		<td>\n";
-				echo "			<br>".$p->t('global/anmerkung').":<br><textarea name='abgabe_anmerkung' rows='3' cols='50'>".$uebung_obj->abgabe_anmerkung."</textarea><br>";				
+				echo "			<br>".$p->t('global/anmerkung').":<br><textarea name='abgabe_anmerkung' rows='3' cols='50'>".$uebung_obj->abgabe_anmerkung."</textarea><br>";
 				echo "			<br>".$p->t('global/datei').":<br><input type='file' name='abgabedatei'> <input type='submit' name='abgabe' value='".$p->t('benotungstool/abgeben')."'>";
-				echo "		</td>\n";	
+				echo "		</td>\n";
 				echo "	</form>\n";
 				echo "</tr>\n";
 			}
 			echo "</table>\n";
-						
+
 		}
 	}
 
@@ -974,7 +985,7 @@ else
 		$uid_arr = Array();
 		$vorname_arr = Array();
 		$nachname_arr = Array();
-				
+
 			$qry_stud_dd = "SELECT uid, vorname, nachname, matrikelnr FROM campus.vw_student_lehrveranstaltung JOIN campus.vw_student using(uid) WHERE  studiensemester_kurzbz = ".$db->db_add_param($stsem)." and lehreinheit_id = ".$db->db_add_param($lehreinheit_id, FHC_INTEGER)."  ORDER BY nachname, vorname";
             if($result_stud_dd = $db->db_query($qry_stud_dd))
 			{
@@ -983,43 +994,43 @@ else
 				{
 					$uid_arr[] = $row_stud_dd->uid;
 					$vorname_arr[] = $row_stud_dd->vorname;
-					$nachname_arr[] = $row_stud_dd->nachname;				
+					$nachname_arr[] = $row_stud_dd->nachname;
 
 				}
 			}
 
-		echo "<br><hr><br>";	
+		echo "<br><hr><br>";
 		echo $p->t('benotungstool/studentenAuswaehlen').": ";
 		$key = array_search($uid,$uid_arr);
 		$prev = $key-1;
 		$next = $key+1;
 		if ($key > 0)
-			echo "<a href='studentenansicht.php?lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&uid=$uid_arr[$prev]&stsem=$stsem&notenuebersicht=1'> &lt;&lt; </a>";	
-		echo "<SELECT name='stud_dd' onChange=\"MM_jumpMenu('self',this,0)\">\n";	
+			echo "<a href='studentenansicht.php?lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&uid=$uid_arr[$prev]&stsem=$stsem&notenuebersicht=1'> &lt;&lt; </a>";
+		echo "<SELECT name='stud_dd' onChange=\"MM_jumpMenu('self',this,0)\">\n";
 		for ($j = 0; $j < count($uid_arr); $j++)
-		{						
+		{
 				if ($uid_arr[$j] == $uid)
 					$selected = " selected";
 				else
 					$selected = "";
-			
+
 				echo "<option value='studentenansicht.php?lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&uid=$uid_arr[$j]&stsem=$stsem&notenuebersicht=1'$selected>$vorname_arr[$j] $nachname_arr[$j]</option>";
 		}
 		echo "</select>";
 		if ($key < count($uid_arr)-1)
-			echo "<a href='studentenansicht.php?lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&uid=$uid_arr[$next]&stsem=$stsem&notenuebersicht=1'> &gt;&gt; </a>";		
-	
+			echo "<a href='studentenansicht.php?lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&uid=$uid_arr[$next]&stsem=$stsem&notenuebersicht=1'> &gt;&gt; </a>";
+
 		echo "<br><hr><br>";
 	}
-	
-	echo "<br><b><a href='studentenansicht.php?uid=$user&lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id'>".$p->t('benotungstool/leistungsuebersichtNotenuebersichtFuer')." $name</b><br><br>";	
+
+	echo "<br><b><a href='studentenansicht.php?uid=$user&lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id'>".$p->t('benotungstool/leistungsuebersichtNotenuebersichtFuer')." $name</b><br><br>";
 	echo "<table><tr><td>";
-	
+
 	$uebung_obj = new uebung();
 	$uebung_obj->load_uebung($lehreinheit_id,1);
 	if(count($uebung_obj->uebungen)>0)
 	{
-		
+
 		echo "<table style='border: 1px #dddddd solid'>";
 		echo "	<tr>\n";
 		echo "		<th colspan='2'>".$p->t('benotungstool/aufgabe')."</th>\n";
@@ -1029,21 +1040,21 @@ else
 		echo "		<th>".$p->t('benotungstool/note')."</th>";
 		echo "	</tr>\n";
 		foreach ($uebung_obj->uebungen as $row)
-		{	
-			
+		{
+
 			$subuebung_obj = new uebung();
 			$subuebung_obj->load_uebung($lehreinheit_id,2,$row->uebung_id);
 			$l1note = new studentnote();
 			if(count($subuebung_obj->uebungen) >= 0)
 			{
-				
-				
+
+
 				$l1note->calc_l1_note($row->uebung_id, $user, $lehreinheit_id);
 				if ($l1note->negativ)
 					$l1_note = 5;
 				else
-					$l1_note = $l1note->l1_note;		
-				echo "	<tr>\n";			
+					$l1_note = $l1note->l1_note;
+				echo "	<tr>\n";
 				echo "		<td colspan='2'>";
 				echo $row->bezeichnung;
 				if ($row->positiv)
@@ -1051,23 +1062,23 @@ else
 				echo "		</td>\n";
 				echo "		<td align='center'>".$row->gewicht."</td>\n";
 				echo "		<td align='center'>";
-				if ($l1note->punkte_gesamt_l1 >0)		
+				if ($l1note->punkte_gesamt_l1 >0)
 					echo $l1note->punkte_gesamt_l1;
 				echo "</td>\n";
 				echo "<td align='center'></td>";
 				echo "<td align='center'>".$l1_note."</td>\n";
 				echo "	</tr>\n";
-				
+
 			}
-			
+
 			if(count($subuebung_obj->uebungen) > 0)
 			{
-				
+
 				foreach ($subuebung_obj->uebungen as $subrow)
 				{
-									
+
 					echo "	<tr>\n";
-					echo "		<td>- </td>";		
+					echo "		<td>- </td>";
 					echo "		<td>\n";
 					echo $subrow->bezeichnung;
 					if ($subrow->positiv)
@@ -1081,15 +1092,15 @@ else
 					{
 						$l1note->calc_punkte($subrow->uebung_id, $user);
 						echo "		<td align='center'>".$l1note->punkte_gesamt."</td>";
-						echo "		<td align='center'></td>\n";	
-						echo "		<td align='center'></td>\n";				
+						echo "		<td align='center'></td>\n";
+						echo "		<td align='center'></td>\n";
 					}
 					else if ($subrow->abgabe)
 					{
 						$l1note->calc_note($subrow->uebung_id, $user);
-						echo "		<td align='center'></td>\n";	
-						echo "		<td align='center'>".$l1note->note."</td>";	
-						echo "		<td align='center'></td>\n";		
+						echo "		<td align='center'></td>\n";
+						echo "		<td align='center'>".$l1note->note."</td>";
+						echo "		<td align='center'></td>\n";
 					}
 					echo "	</tr>\n";					/*
 					if($datum_obj->mktime_fromtimestamp($subrow->freigabevon)<time() && $datum_obj->mktime_fromtimestamp($subrow->freigabebis)>time())
@@ -1097,9 +1108,9 @@ else
 					else
 						echo ' - ';
 					*/
-					
+
 				}
-	
+
 			}
 		}
 		$l1note->calc_gesamtnote($lehreinheit_id, $stsem, $user);
@@ -1108,24 +1119,24 @@ else
 		else
 			$gesamtnote = $l1note->studentgesamtnote;
 		echo "<tr style='background-color:#dddddd;'><td colspan='5'>".$p->t('benotungstool/errechneteGesamtnote').": </td><td align='center'>".$gesamtnote."</td></tr>";
-	
-		
+
+
 		echo "</table>";
 		echo "<span style='font-size:8pt;'>".$p->t('benotungstool/mussPositivSein')."</span>";
 	}
-	
+
 	echo "</td><td valign='top'>";
-	
+
 	$legesamtnote = new legesamtnote($lehreinheit_id);
-	    			
+
 	if (!$legesamtnote->load($user, $lehreinheit_id))
-	{    				
+	{
 		$lenote = null;
 	}
 	else
 	{
 		$lenote = $legesamtnote->note;
-	} 
+	}
 	if ($lvgesamtnote = new lvgesamtnote($lvid,$user,$stsem))
 	{
 		$lvnote = $lvgesamtnote->note;
@@ -1138,7 +1149,7 @@ else
 	}
 	else
 		$znote = null;
-	
+
 	echo "<table style='border: 1px #dddddd solid'>\n";
 	echo "	<tr><th colspan='2'>".$p->t('benotungstool/eingetrageneNoten')."</th></tr>";
 	echo "<tr>\n";
@@ -1154,7 +1165,7 @@ else
 	echo "<td>".$znote."</td>";
 	echo "</tr>\n";
 	echo "</table>";
-	
+
 	echo "</td></tr></table>";
 }
 ?>
diff --git a/cis/private/lehre/benotungstool/studentenpunkteverwalten.php b/cis/private/lehre/benotungstool/studentenpunkteverwalten.php
index 3ddbfee9a..199b3a841 100644
--- a/cis/private/lehre/benotungstool/studentenpunkteverwalten.php
+++ b/cis/private/lehre/benotungstool/studentenpunkteverwalten.php
@@ -21,7 +21,7 @@
  */
 
 require_once('../../../../config/cis.config.inc.php');
-require_once('../../../../include/basis_db.class.php');		
+require_once('../../../../include/basis_db.class.php');
 require_once('../../../../include/functions.inc.php');
 require_once('../../../../include/lehrveranstaltung.class.php');
 require_once('../../../../include/studiengang.class.php');
@@ -34,9 +34,9 @@ require_once('../../../../include/studentnote.class.php');
 require_once('../../../../include/datum.class.php');
 require_once('functions.inc.php');
 require_once('../../../../include/phrasen.class.php');
-		
-$sprache = getSprache(); 
-$p = new phrasen($sprache); 
+
+$sprache = getSprache();
+$p = new phrasen($sprache);
 if (!$db = new basis_db())
 		die($p->t('global/fehlerBeimOeffnenDerDatenbankverbindung'));
 $user = get_uid();
@@ -102,9 +102,9 @@ if (isset($_GET["handbuch"])){
 
 if (isset($_FILES["abgabedatei"]))
 {
-	//echo $_FILES["abgabedatei"];	
+	//echo $_FILES["abgabedatei"];
 	$abgabedatei_up = $_FILES["abgabedatei"]["tmp_name"];
-					
+
 	if ($abgabedatei_up)
 	{
 		$student_uid = $uid;
@@ -112,13 +112,14 @@ if (isset($_FILES["abgabedatei"]))
 		$datumstr = ereg_replace(" ","_",$datum);
 		$name_up = pathinfo($_FILES["abgabedatei"]["name"]);
 		$name_neu = makeUploadName($db, $which='abgabe', $lehreinheit_id=$lehreinheit_id, $uebung_id=$uebung_id, $ss=$stsem,$uid=$student_uid, $date=$datumstr);
+		$name_neu = preg_replace('/[^A-Za-z0-9\-_]/', '',$name_neu);
 		$abgabedatei = $name_neu.".".$name_up["extension"];
-		$abgabepfad = BENOTUNGSTOOL_PATH."abgabe/".$abgabedatei;	
-			
+		$abgabepfad = BENOTUNGSTOOL_PATH."abgabe/".$abgabedatei;
+
 		$uebung_obj = new uebung();
 		$uebung_obj->load_studentuebung($student_uid, $uebung_id);
-	
-			
+
+
 		if ($uebung_obj->errormsg != "")
 		{
 			$uebung_obj->student_uid = $student_uid;
@@ -137,12 +138,12 @@ if (isset($_FILES["abgabedatei"]))
 			$uebung_obj->new = true;
 			$uebung_obj->studentuebung_save($new=true);
 			echo $uebung_obj->errormsg;
-			
+
 		}
 		if ($uebung_obj->abgabe_id != null)
-		{			
-			$uebung_obj->load_abgabe($uebung_obj->abgabe_id);			
-			unlink(BENOTUNGSTOOL_PATH."abgabe/".$uebung_obj->abgabedatei);			
+		{
+			$uebung_obj->load_abgabe($uebung_obj->abgabe_id);
+			unlink(BENOTUNGSTOOL_PATH."abgabe/".$uebung_obj->abgabedatei);
 			$uebung_obj->abgabedatei = $abgabedatei;
 			$uebung_obj->abgabezeit = 	$datum;
 			$uebung_obj->abgabe_anmerkung = "";
@@ -156,7 +157,7 @@ if (isset($_FILES["abgabedatei"]))
 			$uebung_obj->abgabe_save(true);
 		}
 		$uebung_obj->studentuebung_save(false);
-		//Abgabedatei ablegen				
+		//Abgabedatei ablegen
 		move_uploaded_file($_FILES['abgabedatei']['tmp_name'], $abgabepfad);
 	}
 }
@@ -217,11 +218,11 @@ $stsem_content.= "</SELECT>\n";
 //Lehreinheiten laden
 if($rechte->isBerechtigt('admin',0) || $rechte->isBerechtigt('admin',$lv_obj->studiengang_kz) || $rechte->isBerechtigt('lehre',$lv_obj->studiengang_kz))
 {
-	$qry = "SELECT 
-				distinct lehrfach.kurzbz as lfbez, tbl_lehreinheit.lehreinheit_id, tbl_lehreinheit.lehrform_kurzbz as lehrform_kurzbz 
-			FROM 
+	$qry = "SELECT
+				distinct lehrfach.kurzbz as lfbez, tbl_lehreinheit.lehreinheit_id, tbl_lehreinheit.lehrform_kurzbz as lehrform_kurzbz
+			FROM
 				lehre.tbl_lehreinheit, lehre.tbl_lehrveranstaltung as lehrfach, lehre.tbl_lehreinheitmitarbeiter
-			WHERE 
+			WHERE
 				tbl_lehreinheit.lehrveranstaltung_id=".$db->db_add_param($lvid, FHC_INTEGER)." AND
 				tbl_lehreinheit.lehrfach_id = lehrfach.lehrveranstaltung_id AND
 				tbl_lehreinheit.lehreinheit_id = tbl_lehreinheitmitarbeiter.lehreinheit_id AND
@@ -229,11 +230,11 @@ if($rechte->isBerechtigt('admin',0) || $rechte->isBerechtigt('admin',$lv_obj->st
 }
 else
 {
-	$qry = "SELECT 
-				distinct lehrfach.kurzbz as lfbez, tbl_lehreinheit.lehreinheit_id, tbl_lehreinheit.lehrform_kurzbz as lehrform_kurzbz 
-			FROM 
+	$qry = "SELECT
+				distinct lehrfach.kurzbz as lfbez, tbl_lehreinheit.lehreinheit_id, tbl_lehreinheit.lehrform_kurzbz as lehrform_kurzbz
+			FROM
 				lehre.tbl_lehreinheit, lehre.tbl_lehrveranstaltung as lehrfach, lehre.tbl_lehreinheitmitarbeiter
-			WHERE 
+			WHERE
 				tbl_lehreinheit.lehrveranstaltung_id=".$db->db_add_param($lvid, FHC_INTEGER)." AND
 				tbl_lehreinheit.lehrfach_id = lehrfach.lehrveranstaltung_id AND
 				tbl_lehreinheit.lehreinheit_id = tbl_lehreinheitmitarbeiter.lehreinheit_id AND
@@ -440,14 +441,14 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 		die($p->t('benotungstool/studentWurdeNichtGefunden'));
 
 	//echo "<b>$row_stud->vorname $row_stud->nachname</b><br>\n";
-	
 
-	
+
+
 	$uid_arr = Array();
 	$vorname_arr = Array();
 	$nachname_arr = Array();
 
-			// studentenquery					
+			// studentenquery
 			$qry_stud_dd = "SELECT uid, vorname, nachname, matrikelnr FROM campus.vw_student_lehrveranstaltung JOIN campus.vw_student using(uid) WHERE  studiensemester_kurzbz = ".$db->db_add_param($stsem)." and lehreinheit_id = ".$db->db_add_param($lehreinheit_id, FHC_INTEGER)."  ORDER BY nachname, vorname";
             if($result_stud_dd = $db->db_query($qry_stud_dd))
 			{
@@ -456,7 +457,7 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 				{
 					$uid_arr[] = $row_stud_dd->uid;
 					$vorname_arr[] = $row_stud_dd->vorname;
-					$nachname_arr[] = $row_stud_dd->nachname;				
+					$nachname_arr[] = $row_stud_dd->nachname;
 
 				}
 			}
@@ -467,22 +468,22 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 	$prev = $key-1;
 	$next = $key+1;
 	if ($key > 0)
-		echo "<a href='studentenpunkteverwalten.php?lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&uid=$uid_arr[$prev]&stsem=$stsem'> &lt;&lt; </a>";	
-	echo "<SELECT name='stud_dd' onChange=\"MM_jumpMenu('self',this,0)\">\n";	
+		echo "<a href='studentenpunkteverwalten.php?lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&uid=$uid_arr[$prev]&stsem=$stsem'> &lt;&lt; </a>";
+	echo "<SELECT name='stud_dd' onChange=\"MM_jumpMenu('self',this,0)\">\n";
 	for ($j = 0; $j < count($uid_arr); $j++)
-	{						
+	{
 			if ($uid_arr[$j] == $uid)
 				$selected = " selected";
 			else
 				$selected = "";
-		
+
 			echo "<option value='studentenpunkteverwalten.php?lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&uid=$uid_arr[$j]&stsem=$stsem'$selected>$vorname_arr[$j] $nachname_arr[$j]</option>";
 	}
 	echo "</select>";
 	if ($key < count($uid_arr)-1)
-		echo "<a href='studentenpunkteverwalten.php?lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&uid=$uid_arr[$next]&stsem=$stsem'> &gt;&gt; </a>";	
-	
-	
+		echo "<a href='studentenpunkteverwalten.php?lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&uid=$uid_arr[$next]&stsem=$stsem'> &gt;&gt; </a>";
+
+
 	$uebung_obj = new uebung();
 	$uebung_obj->load_uebung($lehreinheit_id,1);
 	if(count($uebung_obj->uebungen)>0)
@@ -492,15 +493,15 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 		echo "<option value='studentenpunkteverwalten.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uebung_id=&uid=$uid' selected></option>";
 		foreach ($uebung_obj->uebungen as $row)
 		{
-			
+
 			if($uebung_id == $row->uebung_id)
 				$selected = 'selected';
 			else
-				$selected = '';		
-					
+				$selected = '';
+
 			if($uebung_id=='')
 				$uebung_id=$row->uebung_id;
-			
+
 			$subuebung_obj = new uebung();
 			$subuebung_obj->load_uebung($lehreinheit_id,2,$row->uebung_id);
 			if(count($subuebung_obj->uebungen)>0)
@@ -510,46 +511,46 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 				}
 			else
 				$disabled = '';
-			
+
 			echo "<OPTION style='background-color:#cccccc;' value='studentenpunkteverwalten.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uebung_id=$row->uebung_id&uid=$uid' $selected $disabled>";
-			
-			
+
+
 			echo $row->bezeichnung;
 			echo '</OPTION>';
-			
+
 			if(count($subuebung_obj->uebungen)>0)
 			{
 				foreach ($subuebung_obj->uebungen as $subrow)
 				{
 					if($uebung_id=='')
 						$uebung_id=$subrow->uebung_id;
-		
+
 					if($uebung_id == $subrow->uebung_id)
 						$selected = 'selected';
 					else
 						$selected = '';
-					
+
 					echo "<OPTION value='studentenpunkteverwalten.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uebung_id=$subrow->uebung_id&uid=$uid' $selected>";
 
-					
+
 					//Freigegeben = +
 					//Nicht Freigegeben = -
 					if($datum_obj->mktime_fromtimestamp($subrow->freigabevon)<time() && $datum_obj->mktime_fromtimestamp($subrow->freigabebis)>time())
 						echo ' + ';
 					else
 						echo ' - ';
-					
+
 					echo $subrow->bezeichnung;
 					echo '</OPTION>';
-					
+
 				}
 			}
 		}
-		
+
 		echo '</SELECT>';
-		
+
 		echo '</td>';
-		
+
 		echo "<td>
 			<table>
 			<tr>
@@ -581,7 +582,7 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 		$mitarbeit = 0;
 		$note = '';
 	}
-	
+
 	if ($ueb_obj->beispiele && is_numeric($_GET['uebung_id']))
 	{
 		echo "
@@ -598,10 +599,10 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 		    <td class='ContentHeader2'>".$p->t('benotungstool/probleme')."</td>
 		    <td class='ContentHeader2'>".$p->t('benotungstool/punkte')."</td>
 		</tr>";
-	
+
 		$bsp_obj = new beispiel();
 		$bsp_obj->load_beispiel($uebung_id);
-	
+
 		foreach ($bsp_obj->beispiele as $row)
 		{
 			$stud_bsp_obj = new beispiel();
@@ -623,14 +624,14 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 					<td align='center'>$row->punkte</td>
 				</tr>";
 		}
-	
+
 		echo "</table>";
-		
-		
-		
+
+
+
 		$ueb_obj->load_studentuebung($uid, $uebung_id);
-		if ($ueb_obj->abgabe_id)	
-		{	
+		if ($ueb_obj->abgabe_id)
+		{
 			$ueb_obj->load_abgabe($ueb_obj->abgabe_id);
 			$filename = $ueb_obj->abgabedatei;
 		}
@@ -639,27 +640,27 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 
 		if ($filename != '')
 			echo "<br>".$p->t('benotungstool/abgabedatei').": <a href='studentenpunkteverwalten.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&uid=$uid&download_abgabe=$filename'>".$filename."</a><br><br>";
-		
 
-		
+
+
 		echo "
 		</td><td valign='top' algin='right'>";
-	
+
 		//Gesamtpunkte diese Kreuzerlliste
 		$qry = "SELECT sum(punkte) as punktegesamt FROM campus.tbl_beispiel WHERE uebung_id=".$db->db_add_param($uebung_id, FHC_INTEGER);
 		$punkte_gesamt=0;
 		if($result=$db->db_query($qry))
 			if($row = $db->db_fetch_object($result))
 				$punkte_gesamt = $row->punktegesamt;
-	
+
 		//Eingetragen diese Kreuzerlliste
 		$qry = "SELECT sum(punkte) as punkteeingetragen FROM campus.tbl_beispiel JOIN campus.tbl_studentbeispiel USING(beispiel_id) WHERE uebung_id=".$db->db_add_param($uebung_id, FHC_INTEGER)." AND student_uid=".$db->db_add_param($uid)." AND vorbereitet=true";
 		$punkte_eingetragen=0;
 		if($result=$db->db_query($qry))
 			if($row = $db->db_fetch_object($result))
 				$punkte_eingetragen = ($row->punkteeingetragen!=''?$row->punkteeingetragen:0);
-	
-		
+
+
 		//Gesamtpunkte alle Kreuzerllisten in dieser Übung
 		$ueb_help = new uebung($uebung_id);
 		$liste_id = $ueb_help->liste_id;
@@ -670,19 +671,19 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 		if($result=$db->db_query($qry))
 			if($row = $db->db_fetch_object($result))
 				$punkte_gesamt_alle = $row->punktegesamt_alle;
-	
+
 		//Eingetragen alle Kreuzerllisten
 		$qry = "SELECT sum(tbl_beispiel.punkte) as punkteeingetragen_alle FROM campus.tbl_beispiel, campus.tbl_studentbeispiel, campus.tbl_uebung
 				WHERE tbl_beispiel.beispiel_id = tbl_studentbeispiel.beispiel_id AND
 				tbl_uebung.uebung_id=tbl_beispiel.uebung_id AND
 				tbl_uebung.lehreinheit_id=".$db->db_add_param($lehreinheit_id)." AND
-				tbl_uebung.liste_id = ".$db->db_add_param($liste_id)." AND 
+				tbl_uebung.liste_id = ".$db->db_add_param($liste_id)." AND
 				tbl_studentbeispiel.student_uid=".$db->db_add_param($uid)." AND vorbereitet=true";
 		$punkte_eingetragen_alle=0;
 		if($result=$db->db_query($qry))
 			if($row = $db->db_fetch_object($result))
 				$punkte_eingetragen_alle = ($row->punkteeingetragen_alle!=''?$row->punkteeingetragen_alle:0);
-	
+
 		//Mitarbeitspunkte
 		$qry = "SELECT sum(mitarbeitspunkte) as mitarbeitspunkte FROM campus.tbl_studentuebung JOIN campus.tbl_uebung USING(uebung_id)
 				WHERE lehreinheit_id=".$db->db_add_param($lehreinheit_id, FHC_INTEGER)." AND student_uid=".$db->db_add_param($uid)." and liste_id=".$db->db_add_param($liste_id);
@@ -690,7 +691,7 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 		if($result=$db->db_query($qry))
 			if($row = $db->db_fetch_object($result))
 				$mitarbeit_alle = ($row->mitarbeitspunkte!=''?$row->mitarbeitspunkte:0);
-	
+
 		//Mitarbeitspunkte
 		$qry = "SELECT mitarbeitspunkte FROM campus.tbl_studentuebung
 				WHERE uebung_id=".$db->db_add_param($uebung_id, FHC_INTEGER)." AND student_uid=".$db->db_add_param($uid);
@@ -742,8 +743,8 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 			</tr>
 			</table>
 			";
-	
-	
+
+
 		echo "
 		</td></tr>
 		<tr>
@@ -752,18 +753,18 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 				<input type='button' value='".$p->t('global/zurueck')."' onclick='history.back();'>
 				<input type='submit' value='".$p->t('global/speichern')."' name='submit'>
 			</td>
-	
+
 		</tr>
 		</table>
-	
+
 		</form>
 		";
 	}
 	else if (is_numeric($_GET['uebung_id']))
 	{
 		$ueb_obj->load_studentuebung($uid, $uebung_id);
-		if ($ueb_obj->abgabe_id)	
-		{	
+		if ($ueb_obj->abgabe_id)
+		{
 			$ueb_obj->load_abgabe($ueb_obj->abgabe_id);
 			$filename = $ueb_obj->abgabedatei;
 		}
@@ -790,28 +791,28 @@ if(isset($_GET['uid']) && $_GET['uid']!='')
 		<tr>
 			<td colspan='2'>
 				<input type='button' value='".$p->t('global/zurueck')."' onclick='history.back();'>
-				<input type='submit' value='".$p->t('global/speichern')."' name='submit'>	
+				<input type='submit' value='".$p->t('global/speichern')."' name='submit'>
 			</td>
-	
+
 		</tr>
 		</table>
 		</form>";
 
 	}
-	echo "</td></tr></table>";	
-	echo "<table>\n";		
+	echo "</td></tr></table>";
+	echo "<table>\n";
 	echo "	<tr>\n";
 	echo "	<form accept-charset='UTF-8' method='POST' action='studentenpunkteverwalten.php?lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&stsem=$stsem&uid=$uid' enctype='multipart/form-data'>\n";
 	echo "		<td>\n";
 	echo "			<b>".$p->t('benotungstool/studentenabgabedatei').":</b><br><input type='file' name='abgabedatei'> <input type='submit' name='abgabe' value='".$p->t('benotungstool/abgeben')."'>";
-	echo "		</td>\n";	
+	echo "		</td>\n";
 	echo "	</form>\n";
 	echo "</tr>\n";
 	echo "</table>";
 }
 else
 {
-	
+
 	//Übungen benoten
 	$uebung_obj = new uebung();
 	$uebung_obj->load_uebung($lehreinheit_id,1);
@@ -822,15 +823,15 @@ else
 		echo "<option value='studentenpunkteverwalten.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uebung_id=&uid=$uid' selected></option>";
 		foreach ($uebung_obj->uebungen as $row)
 		{
-			
+
 			if($uebung_id == $row->uebung_id)
 				$selected = 'selected';
 			else
-				$selected = '';		
-					
+				$selected = '';
+
 			if($uebung_id=='')
 				$uebung_id=$row->uebung_id;
-			
+
 			$subuebung_obj = new uebung();
 			$subuebung_obj->load_uebung($lehreinheit_id,2,$row->uebung_id);
 			if(count($subuebung_obj->uebungen)>0)
@@ -840,61 +841,62 @@ else
 				}
 			else
 				$disabled = '';
-			
+
 			echo "<OPTION style='background-color:#cccccc;' value='studentenpunkteverwalten.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uebung_id=$row->uebung_id&uid=$uid' $selected $disabled>";
-			
-			
+
+
 			echo $row->bezeichnung;
 			echo '</OPTION>';
-			
+
 			if(count($subuebung_obj->uebungen)>0)
 			{
 				foreach ($subuebung_obj->uebungen as $subrow)
 				{
 					if($uebung_id=='')
 						$uebung_id=$subrow->uebung_id;
-		
+
 					if($uebung_id == $subrow->uebung_id)
 						$selected = 'selected';
 					else
 						$selected = '';
-					
+
 					echo "<OPTION value='studentenpunkteverwalten.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uebung_id=$subrow->uebung_id&uid=$uid' $selected>";
 
-					
+
 					//Freigegeben = +
 					//Nicht Freigegeben = -
 					if($datum_obj->mktime_fromtimestamp($subrow->freigabevon)<time() && $datum_obj->mktime_fromtimestamp($subrow->freigabebis)>time())
 						echo ' + ';
 					else
 						echo ' - ';
-					
+
 					echo $subrow->bezeichnung;
 					echo '</OPTION>';
-					
+
 				}
 			}
 		}
-		
+
 		echo '</SELECT>';
 		echo "<a href='anwesenheitsliste.php?output=html&uebung_id=$uebung_id&lehreinheit_id=$lehreinheit_id&stsem=$stsem' target='_blank'> [".$p->t('benotungstool/benoten')."]</a>";
 		$abgabe_obj = new uebung($uebung_id);
 		if ($abgabe_obj->abgabe && glob(BENOTUNGSTOOL_PATH."abgabe/*_[WS]S[0-9][0-9][0-9][0-9]_".$uebung_id."_*"))
 		{
-		   $date = date('Y-m-d_H:i:s');
+			$date = date('Y-m-d_H:i:s');
 			$downloadname = makeUploadName($db, $which="zip", $lehreinheit_id, $uebung_id, $stsem, $uid=null, $date);
-			$downloadname = mb_ereg_replace($uebung_id, ereg_replace(" ","_",$abgabe_obj->bezeichnung), $downloadname);
+			$downloadname = str_replace($uebung_id, str_replace(" ","_",$abgabe_obj->bezeichnung), $downloadname);
+			$downloadname = preg_replace('/[^A-Za-z0-9\-_]/', '',$downloadname);
 			echo "<a href='zipdownload_benotungstool.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&downloadname=$downloadname'> [".$p->t('benotungstool/abgabenDownloaden')."]</a>";
 		}
 		else
 			echo "[".$p->t('benotungstool/keineAbgabenVerfuegbar')."]";
-		
+
 		echo '</td></tr></table>';
 	}
-	
-	
-	
-	
+
+
+
+
 	echo "<br><hr><br>";
 	//Studentenliste
 	echo $p->t('benotungstool/bitteWaehlenSieDenStudentenAus')."<br>";
@@ -907,14 +909,14 @@ else
 					<td>&nbsp;</td>
 					<td>&nbsp;</td>
 					<td>&nbsp;</td>
-					
+
 				</tr>
 				<tr>
 					<td class='ContentHeader2'>".$p->t('global/uid')."</td>
 					<td class='ContentHeader2'>".$p->t('global/nachname')."</td>
 					<td class='ContentHeader2'>".$p->t('global/vorname')."</td>
 					<td class='ContentHeader2'>".$p->t('benotungstool/studentenansicht')."</td>
-					
+
 				</tr>
 				<tr>
 					<td>&nbsp;</td>
@@ -922,7 +924,7 @@ else
 					<td>&nbsp;</td>
 					<td>&nbsp;</td>
 				</tr>";
-			/*			
+			/*
 			if($row_grp->gruppe_kurzbz!='')
 			{
 					echo "
@@ -945,16 +947,16 @@ else
 					            " ORDER BY nachname, vorname";
 			}
 			*/
-			// studentenquery		
+			// studentenquery
 			$qry_stud = "SELECT uid, vorname, nachname, matrikelnr FROM campus.vw_student_lehrveranstaltung JOIN campus.vw_student using(uid) WHERE  studiensemester_kurzbz = '".$stsem."' and lehreinheit_id = '".$lehreinheit_id."' ORDER BY nachname, vorname";
             if($result_stud = $db->db_query($qry_stud))
 			{
 				$i=1;
 				while($row_stud = $db->db_fetch_object($result_stud))
 				{
-        			
 
-					
+
+
 					echo "
 					<tr class='liste".($i%2)."'>
 						<td><a href='studentenpunkteverwalten.php?lvid=$lvid&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&uid=$row_stud->uid&stsem=$stsem' class='Item'>$row_stud->uid</a></td>
diff --git a/cis/private/lehre/benotungstool/verwaltung_listen.php b/cis/private/lehre/benotungstool/verwaltung_listen.php
index 57a149caa..85b1c016e 100644
--- a/cis/private/lehre/benotungstool/verwaltung_listen.php
+++ b/cis/private/lehre/benotungstool/verwaltung_listen.php
@@ -36,11 +36,11 @@ require_once('functions.inc.php');
 require_once('../../../../include/phrasen.class.php');
 
 $sprache = getSprache();
-$p = new phrasen($sprache); 
+$p = new phrasen($sprache);
 
 if (!$db = new basis_db())
 	die($p->t('global/fehlerBeimOeffnenDerDatenbankverbindung'));
-		
+
 function microtime_float()
 {
     list($usec, $sec) = explode(" ", microtime());
@@ -64,7 +64,7 @@ if(isset($_GET['lehreinheit_id']) && is_numeric($_GET['lehreinheit_id'])) //Lehr
 	$lehreinheit_id = $_GET['lehreinheit_id'];
 else
 	$lehreinheit_id = '';
-	
+
 //Angabedatei ausliefern
 if (isset($_GET["download"])){
 	$file=$_GET["download"];
@@ -100,7 +100,7 @@ if (isset($_GET["download"])){
 	{
 		return confirm('<?php echo $p->t('gesamtnote/wollenSieWirklichLoeschen');?>');
 	}
-	
+
 	function set_notenschluessel_prozent()
 	{
 		document.ns.schluessel_punkte_1.value=89;
@@ -156,7 +156,7 @@ if (isset($_FILES["angabedatei"]))
 	$angabedatei_up = $_FILES["angabedatei"]["tmp_name"];
 else
 	$angabedatei_up = null;
-	
+
 $beispiel_id = (isset($_GET['beispiel_id'])?$_GET['beispiel_id']:'');
 $uebung_id = (isset($_GET['uebung_id'])?$_GET['uebung_id']:'');
 
@@ -223,11 +223,11 @@ $stsem_content.= "</SELECT>\n";
 //Lehreinheiten laden
 if($rechte->isBerechtigt('admin',0) || $rechte->isBerechtigt('admin',$lv_obj->studiengang_kz) || $rechte->isBerechtigt('lehre',$lv_obj->studiengang_kz))
 {
-	$qry = "SELECT 
-				distinct lehrfach.kurzbz as lfbez, tbl_lehreinheit.lehreinheit_id, tbl_lehreinheit.lehrform_kurzbz as lehrform_kurzbz 
-			FROM 
+	$qry = "SELECT
+				distinct lehrfach.kurzbz as lfbez, tbl_lehreinheit.lehreinheit_id, tbl_lehreinheit.lehrform_kurzbz as lehrform_kurzbz
+			FROM
 				lehre.tbl_lehreinheit, lehre.tbl_lehrveranstaltung as lehrfach, lehre.tbl_lehreinheitmitarbeiter
-			WHERE 
+			WHERE
 				tbl_lehreinheit.lehrveranstaltung_id=".$db->db_add_param($lvid, FHC_INTEGER)." AND
 				tbl_lehreinheit.lehrfach_id = lehrfach.lehrveranstaltung_id AND
 				tbl_lehreinheit.lehreinheit_id = tbl_lehreinheitmitarbeiter.lehreinheit_id AND
@@ -235,11 +235,11 @@ if($rechte->isBerechtigt('admin',0) || $rechte->isBerechtigt('admin',$lv_obj->st
 }
 else
 {
-	$qry = "SELECT 
-				distinct lehrfach.kurzbz as lfbez, tbl_lehreinheit.lehreinheit_id, tbl_lehreinheit.lehrform_kurzbz as lehrform_kurzbz 
-			FROM 
+	$qry = "SELECT
+				distinct lehrfach.kurzbz as lfbez, tbl_lehreinheit.lehreinheit_id, tbl_lehreinheit.lehrform_kurzbz as lehrform_kurzbz
+			FROM
 				lehre.tbl_lehreinheit, lehre.tbl_lehrveranstaltung as lehrfach, lehre.tbl_lehreinheitmitarbeiter
-			WHERE 
+			WHERE
 				tbl_lehreinheit.lehrveranstaltung_id=".$db->db_add_param($lvid, FHC_INTEGER)." AND
 				tbl_lehreinheit.lehrfach_id = lehrfach.lehrveranstaltung_id AND
 				tbl_lehreinheit.lehreinheit_id = tbl_lehreinheitmitarbeiter.lehreinheit_id AND
@@ -384,7 +384,7 @@ if(isset($_POST['uebung_neu']) || isset($_POST['abgabe_neu']))
 				$error_anzahlderbeispiele = "<span class='error'>".$p->t('benotungstool/anzahlDerBeispieleKleiner100')."</span>";
 				$error=true;
 			}
-	
+
 			if ($maxstd != '')
 			{
 				if(!is_numeric($maxstd))
@@ -405,7 +405,7 @@ if(isset($_POST['uebung_neu']) || isset($_POST['abgabe_neu']))
 			}
 			else
 				$maxstd = null;
-			
+
 			if ($maxbsp != '')
 			{
 				if(!is_numeric($maxbsp))
@@ -427,7 +427,7 @@ if(isset($_POST['uebung_neu']) || isset($_POST['abgabe_neu']))
 			else
 				$maxbsp = null;
 		}
-		
+
 		$freigabevon_sav = $datum_obj->mktime_datumundzeit($freigabevon);
 		$freigabebis_sav = $datum_obj->mktime_datumundzeit($freigabebis);
 
@@ -462,7 +462,7 @@ if(isset($_POST['uebung_neu']) || isset($_POST['abgabe_neu']))
 			$uebung_obj->freigabebis = date('Y-m-d H:i',$freigabebis_sav);
 			if (isset($_POST["uebung_neu"]))
 			{
-				if (isset($_POST["kl_abgabe"]))				
+				if (isset($_POST["kl_abgabe"]))
 					$uebung_obj->abgabe=true;
 				else
 					$uebung_obj->abgabe=false;
@@ -487,12 +487,12 @@ if(isset($_POST['uebung_neu']) || isset($_POST['abgabe_neu']))
 			$uebung_obj->maxbsp = $maxbsp;
 			$uebung_obj->gewicht = $gewicht;
 			$uebung_obj->get_next_nummer();
-			$uebung_obj->nummer = $uebung_obj->next_nummer;	
+			$uebung_obj->nummer = $uebung_obj->next_nummer;
 
 			if($uebung_obj->save(true))
 			{
 				$uebung_id = $uebung_obj->uebung_id;
-				
+
 				//Angabedatei ablegen
 				if ($angabedatei_up)
 				{
@@ -503,12 +503,12 @@ if(isset($_POST['uebung_neu']) || isset($_POST['abgabe_neu']))
 					//Find occurence of extensions ending with ".tar."
 					if (in_array(substr($_FILES["angabedatei"]["name"], strripos($_FILES["angabedatei"]["name"], '.tar.')), $ext_array))
 						$extension = substr($_FILES["angabedatei"]["name"], strripos($_FILES["angabedatei"]["name"]+1, '.tar.'));
-					else 
+					else
 						$extension = $name_up["extension"];
 
 					$name_neu = makeUploadName($db, $which='angabe', $lehreinheit_id=$lehreinheit_id, $uebung_id=$uebung_id, $ss=$stsem);
 					$angabedatei = $name_neu.".".$extension;
-					
+
 					$angabepfad = BENOTUNGSTOOL_PATH."angabe/".$angabedatei;
 					//$angabepfad = BENOTUNGSTOOL_PATH.$angabedatei;
 					//unlink($angabepfad);
@@ -518,7 +518,7 @@ if(isset($_POST['uebung_neu']) || isset($_POST['abgabe_neu']))
 					$uebung_obj->save(false);
 				}
 				//Beispiele anlegen
-				
+
 				$error_msg='';
 				for($i=0;$i<$anzahlderbeispiele;$i++)
 				{
@@ -625,7 +625,7 @@ if(isset($_POST['uebung_edit']))
 		}
 		else
 			$maxstd = null;
-		
+
 		if ($maxbsp != '')
 		{
 			if(!is_numeric($maxbsp))
@@ -646,7 +646,7 @@ if(isset($_POST['uebung_edit']))
 		}
 		else
 			$maxbsp = null;
-	
+
 	if($freigabevon_sav>$freigabebis_sav)
 	{
 		echo "<span class='error'>".$p->t('benotungstool/vonDatumNichtGroesserAlsBisDatum')."</span>";
@@ -680,7 +680,7 @@ if(isset($_POST['uebung_edit']))
 				$extension = $name_up["extension"];
 			$name_neu = makeUploadName($db, $which='angabe', $lehreinheit_id=$lehreinheit_id, $uebung_id=$uebung_id, $ss=$stsem);
 			$angabedatei_neu = $name_neu.".".$extension;
-			
+
 			$angabepfad = BENOTUNGSTOOL_PATH."angabe/".$angabedatei_neu;
 			//$angabepfad = BENOTUNGSTOOL_PATH.$angabedatei;
 			//unlink($angabepfad);
@@ -690,7 +690,7 @@ if(isset($_POST['uebung_edit']))
 			move_uploaded_file($_FILES['angabedatei']['tmp_name'], $angabepfad);
 		}
 		else
-		{	
+		{
 			$uebung_akt = new uebung();
 			$uebung_akt->load($uebung_id);
 			$angabedatei_neu = $uebung_akt->angabedatei;
@@ -702,7 +702,7 @@ if(isset($_POST['uebung_edit']))
 		$uebung_obj->angabedatei=$angabedatei_neu;
 		$uebung_obj->freigabevon = date('Y-m-d H:i',$freigabevon_sav);
 		$uebung_obj->freigabebis = date('Y-m-d H:i',$freigabebis_sav);
-		if ($uebung_obj->beispiele)		
+		if ($uebung_obj->beispiele)
 			$uebung_obj->abgabe = (isset($_POST['kl_abgabe'])?true:false);
 		//$uebung_obj->beispiele=true;
 		$uebung_obj->bezeichnung=$thema;
@@ -749,11 +749,11 @@ if(isset($_POST['liste_edit']))
 		echo "<span class='error'>".$p->t('benotungstool/gewichtMussEineZahlSein')."</span>";
 		$error = true;
 	}
-	
+
 
 	if(!$error)
 	{
-		
+
 		$uebung_obj = new uebung();
 		$uebung_obj->load($_GET['liste_id']);
 		$uebung_obj->gewicht=$gewicht;
@@ -804,7 +804,7 @@ if(isset($_POST['beispiel_neu']) || isset($_POST['beispiel_edit']))
 					$beispiel_obj = new beispiel();
 					if(isset($_POST['beispiel_edit']))
 					{
-						$beispiel_obj->load($beispiel_id);					
+						$beispiel_obj->load($beispiel_id);
 						$beispiel_obj->beispiel_id= $beispiel_id;
 						$beispiel_obj->new=false;
 					}
@@ -845,7 +845,7 @@ if(isset($_POST['beispiel_neu']) || isset($_POST['beispiel_edit']))
 //Uebersichtstabelle
 if(isset($_GET["uebung_id"]) && $_GET["uebung_id"]!='')
 {
-	
+
 	echo "<table><tr><td valign='top'>";
 	//Bearbeiten der ausgewaehlten Uebung
 	echo "<form accept-charset='UTF-8' action='verwaltung_listen.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&liste_id=$liste_id' method=POST enctype='multipart/form-data'>\n";
@@ -857,23 +857,24 @@ if(isset($_GET["uebung_id"]) && $_GET["uebung_id"]!='')
 	//$downloadname = mb_ereg_replace($uebung_id,ereg_replace(' ','_',$uebung_obj->bezeichnung), $uebung_obj->angabedatei);
 	$downloadname = mb_str_replace(' ', '_', $uebung_obj->bezeichnung);
 	$downloadname = mb_str_replace($uebung_id, $downloadname, $uebung_obj->angabedatei);
+	$downloadname = preg_replace('/[^A-Za-z0-9\-_.]/', '',$downloadname);
 	echo "
 	<tr><td>".$p->t('benotungstool/thema')."</td><td align='right'><input type='text' name='thema'  maxlength='32' value='".htmlentities($uebung_obj->bezeichnung,ENT_QUOTES,'UTF-8')."'></td><td>$error_thema</td></tr>
 	<tr><td>".$p->t('benotungstool/freigabe')."</td><td align='right'>von <input type='text' size='16' name='freigabevon' value='".date('d.m.Y H:i',$datum_obj->mktime_fromtimestamp($uebung_obj->freigabevon))."'></td></tr>
 	<tr><td>".$p->t('benotungstool/format')."</td><td align='right'>bis <input type='text' size='16' name='freigabebis' value='".date('d.m.Y H:i',$datum_obj->mktime_fromtimestamp($uebung_obj->freigabebis))."'></td></tr>";
-	
+
 	if ($uebung_obj->beispiele){
 		echo "<tr><td>".$p->t('benotungstool/maxStudentenBeispiel')."</td><td align='right'><input type='text' name='maxstd' value='$uebung_obj->maxstd'></td><td>$error_maxstd</td></tr>
 	<tr><td>".$p->t('benotungstool/maxBeispieleStudent')."</td><td align='right'><input type='text' name='maxbsp' value='$uebung_obj->maxbsp'></td><td>$error_maxbsp</td></tr>";
 		echo"<tr><td>".$p->t('benotungstool/abgabe')." </td><td><input type='checkbox' name='kl_abgabe' ".($uebung_obj->abgabe?'checked':'')."></td></tr>";
 		echo "<input type='hidden' size='16' name='gewicht' value='0'>";
-	}	
+	}
 	else if ($uebung_obj->abgabe)
 	{
 		echo "<tr><td>".$p->t('benotungstool/gewicht')."</td><td align='right'><input type='text' size='16' name='gewicht' value='$uebung_obj->gewicht'></td><td>$error_gewicht</td></tr>";
 		echo "<tr><td>".$p->t('benotungstool/positiv')." </td><td><input type='checkbox' name='positiv' ".($uebung_obj->positiv?'checked':'')."></td></tr>";
 	}
-	if ($uebung_obj->beispiele)	
+	if ($uebung_obj->beispiele)
 		echo"<tr><td>".$p->t('benotungstool/statistikFuerStudentenAnzeigen')." </td><td><input type='checkbox' name='statistik' ".($uebung_obj->statistik?'checked':'')."></td></tr>";
 	echo "<tr>";
 	echo "<td>".$p->t('benotungstool/angabeidatei')."</td>";
@@ -900,25 +901,25 @@ if(isset($_GET["uebung_id"]) && $_GET["uebung_id"]!='')
 		echo "<form accept-charset='UTF-8' action='verwaltung_listen.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&liste_id=$liste_id' method=POST>\n";
 		echo "<table width='340'><tr><td colspan='3' class='ContentHeader3'>".$p->t('benotungstool/neuesBeispielAnlegen')."</td></tr>\n";
 		echo "<tr><td>&nbsp;</td><td></td></tr>\n\n";
-	
+
 		echo "<tr><td>".$p->t('global/bezeichnung')." <input type='text' name='bezeichnung' maxlength='32' value='".$p->t('benotungstool/beispiel')." ".($anzahl<9?'0'.($anzahl+1):($anzahl+1))."'>";
 		echo "&nbsp;".$p->t('benotungstool/punkte')." <input type='text' size='2' name='punkte' value='1'></td></tr>";
 		echo "<tr><td align='right'><input type='submit' name='beispiel_neu' value='".$p->t('benotungstool/anlegen')."'></td></tr>";
-	
+
 		echo "</table>
 		</form>";
 	}
-	
+
 	echo "</td></tr><tr><td valign='top'>";
-	
-	
+
+
 	//Uebersicht der Beispiele
 	if ($uebung_obj->beispiele)
 	{
 		echo "<form accept-charset='UTF-8' action='verwaltung_listen.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&uebung_id=$uebung_id&liste_id=$liste_id' method=POST>\n";
 		echo "<table width='340'><tr><td colspan='3' class='ContentHeader3'>".$p->t('benotungstool/vorhandeneBeispiele')."</td></tr>\n";
 		echo "<tr><td>&nbsp;</td><td></td><td></td></tr>\n\n";
-	
+
 		if($anzahl>0)
 		{
 			echo "<tr><th>".$p->t('benotungstool/beispiel')."</th><th>".$p->t('benotungstool/punkte')."</th><th>".$p->t('benotungstool/auswahl')."</th></tr>\n";
@@ -932,7 +933,7 @@ if(isset($_GET["uebung_id"]) && $_GET["uebung_id"]!='')
 		}
 		else
 			echo "<tr><td colspan='3'>".$p->t('benotungstool/keineBeispieleAngelegt')."</td><td></td></tr>";
-	
+
 		echo "</table></form>";
 	}
 	echo "</td><td valign='top'>";
@@ -969,10 +970,10 @@ else
 		echo "<form accept-charset='UTF-8' action='verwaltung_listen.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&liste_id=$liste_id' method=POST>\n";
 		echo "<table><tr><td colspan='2' width='340' class='ContentHeader3'>".$p->t('benotungstool/uebungBearbeiten')."</td><td>&nbsp;</td></tr>\n";
 		echo "<tr><td>&nbsp;</td><td></td></tr>";
-	
+
 		$liste_obj = new uebung();
 		$liste_obj->load($liste_id);
-	
+
 		echo "
 		<tr><td>".$p->t('benotungstool/thema')."</td><td align='right'><input type='text' name='thema'  maxlength='32' value='".htmlentities($liste_obj->bezeichnung,ENT_QUOTES,'UTF-8')."'></td><td>$error_thema</td></tr><tr><td>".$p->t('benotungstool/gewicht')."</td><td align='right'><input type='text' size='16' name='gewicht' value='$liste_obj->gewicht'></td><td>$error_gewicht</td></tr>
 		<tr><td>".$p->t('benotungstool/positiv')." </td><td><input type='checkbox' name='positiv' ".($liste_obj->positiv?'checked':'')."></td></tr>
@@ -980,13 +981,13 @@ else
 		</table>
 		</form>";
 	}
-	
+
 	//Gesamtuebersicht ueber alle Listen innerhalb der Uebung
 	echo "<table><tr><td valign='top'>";
 	echo "<form accept-charset='UTF-8' action='verwaltung_listen.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&liste_id=$liste_id' method=POST>";
 	echo "<table width='440'>";
 	$studentuebung = new uebung();
-	if (!$studentuebung->check_studentuebung($liste_id))	
+	if (!$studentuebung->check_studentuebung($liste_id))
 		echo "<tr><td colspan='3' class='ContentHeader3'>".$p->t('benotungstool/vorhandeneAufgabeBearbeiten')."</td></tr>";
 
 	$uebung_obj = new uebung();
@@ -1138,10 +1139,10 @@ else
 		$maxstudentenprobeispiel = '';
 		$maxbeispieleprostudent = '';
 		$gewicht = 1;
-		
+
 	}
 	echo "</td><td valign='top'>";
-	
+
 	if ($anzeigen != 'abgabe' && $anzeigen != 'nada')
 	{
 		echo "
@@ -1181,27 +1182,27 @@ else
 				}
 			}
 		}
-		
+
 		if ($anzeigen != "beide")
-		{	
+		{
 			if ($liste_obj->prozent == 't')
 			{
 				$einheit = " %";
 				$einheit_link = $p->t('benotungstool/notenschluesselInProzent')." / <a href='verwaltung_listen.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&liste_id=$liste_id&notenschluessel=punkte'>".$p->t('benotungstool/punkten')."</a>";
-			}			
+			}
 			else
 			{
 				$einheit=" ".$p->t('benotungstool/punkte');
 				$einheit_link = $p->t('benotungstool/notenschluesselIn')." <a href='verwaltung_listen.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&liste_id=$liste_id&notenschluessel=prozent'>".$p->t('benotungstool/prozentPunkten');
 			}
-			
+
 			echo "<form accept-charset='UTF-8' action='verwaltung_listen.php?lvid=$lvid&stsem=$stsem&lehreinheit_id=$lehreinheit_id&liste_id=$liste_id' method='POST' name='ns'>\n";
 			echo "<table><tr><td colspan='3' class='ContentHeader3'>".$p->t('benotungstool/notenschluesselDefinieren')."</td></tr>\n";
 			echo "<tr>";
 			echo "<td colspan='3'>";
 			echo $einheit_link;
-			echo "</td>";			
-			echo "</tr>";			
+			echo "</td>";
+			echo "</tr>";
 			echo "<tr><td colspan='3'>&nbsp;</td></tr>\n";
 			echo "<tr><td>".$p->t('benotungstool/note')."</td><td>".$p->t('benotungstool/minimum')."</td></tr>";
 			echo "<tr><td><input type='text' name='schluessel_note_1' maxlength='2' size='2' value='1' readonly></td><td><input type='text' size='4' name='schluessel_punkte_1' value='$notenschluessel[1]'>$einheit</td></tr>";
@@ -1215,14 +1216,14 @@ else
 				echo "<input type='button' onclick='set_notenschluessel_prozent();' value='".$p->t('benotungstool/standardwerteSetzen')."'><br>";
 			echo "<input type='submit' name='schluessel' value='".$p->t('global/speichern')."'></td>";
 			echo "</tr>";
-		
+
 			echo "</table>
 			</form>";
 		}
 	}
 	if(!isset($_POST['uebung_neu']))
 		$thema = "Abgabe ".($anzahl<9?'0'.($anzahl+1):($anzahl+1));
-	
+
 	if ($anzeigen != 'beispiele' && $anzeigen != 'nada')
 	{
 		echo "
diff --git a/cis/private/lehre/benotungstool/zipdownload_benotungstool.php b/cis/private/lehre/benotungstool/zipdownload_benotungstool.php
index e3b9a9f27..9e177dba7 100755
--- a/cis/private/lehre/benotungstool/zipdownload_benotungstool.php
+++ b/cis/private/lehre/benotungstool/zipdownload_benotungstool.php
@@ -15,7 +15,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
  *
- * Authors: Christian Paminger <christian.paminger@technikum-wien.at>, 
+ * Authors: Christian Paminger <christian.paminger@technikum-wien.at>,
  *          Andreas Oesterreicher <andreas.oesterreicher@technikum-wien.at>
  *          Rudolf Hangl 		< rudolf.hangl@technikum-wien.at >
  *          Gerald Simane-Sequens 	< gerald.simane-sequens@technikum-wien.at >
@@ -28,12 +28,12 @@
 require_once('../../../../config/cis.config.inc.php');
 require_once('../../../../include/functions.inc.php');
 
-$user = get_uid(); 
+$user = get_uid();
 
 if(!check_lektor($user))
 	die('Sie haben keine Berechtigung fuer diese Seite');
 
-//Gueltigkeit der Parameter pruefen		
+//Gueltigkeit der Parameter pruefen
 if(!isset($_GET['uebung_id']) || !is_numeric($_GET['uebung_id']))
 {
 	die('Fehler bei der Parameteruebergabe');
@@ -62,24 +62,30 @@ if(mb_strstr($downloadname,'..'))
 //Pfade bauen
 $pfad = BENOTUNGSTOOL_PATH.'abgabe/';
 $filename = 'download_'.$user.'_'.$downloadname.'.zip';
+$filename_tmp = 'download_'.$user.'_'.$uebung_id.'.zip';
 
-if(!check_filename($filename))
+if(!check_filename($filename) || !check_filename($filename_tmp))
 	die('Ungueltiger Parameter gefunden');
 
 //Pfad wechseln
-chdir($pfad);
+if(chdir($pfad))
+{
+	//File loeschen falls es existiert
+	//if(file_exists("download_".$user."*"))
+	exec('rm download_'.$user.'*');
 
-//File loeschen falls es existiert
-//if(file_exists("download_".$user."*"))
-exec('rm download_'.$user.'*');
-	
-//Zip File erstellen
-exec("zip -r ".escapeshellarg($filename).' *_[WS]S[0-9][0-9][0-9][0-9]_'.$uebung_id.'_*');
+	//Zip File erstellen
+	exec("zip -r ".escapeshellarg($filename_tmp).' *_[WS]S[0-9][0-9][0-9][0-9]_'.$uebung_id.'_*');
 
-//Auf Zip File Verweisen
-//header("Location: $pfad$filename");
-header('Content-Type: application/octet-stream');
-header('Content-disposition: attachment; filename="'.$filename.'"');
-readfile($filename);
-unlink($filename);
+	//Auf Zip File Verweisen
+	//header("Location: $pfad$filename");
+	header('Content-Type: application/octet-stream');
+	header('Content-disposition: attachment; filename="'.$filename.'"');
+	readfile($filename_tmp);
+	unlink($filename_tmp);
+}
+else
+{
+	die('Path change failed');
+}
 ?>
diff --git a/cis/private/tools/projektabgabe.php b/cis/private/tools/projektabgabe.php
index 7e2e7aaab..afbdf3bd7 100644
--- a/cis/private/tools/projektabgabe.php
+++ b/cis/private/tools/projektabgabe.php
@@ -22,7 +22,7 @@
  */
 /*******************************************************************************************************
  *				projektabgabe
- * 		projektabgabe ermöglicht den Download aller Abgaben eines Stg. 
+ * 		projektabgabe ermöglicht den Download aller Abgaben eines Stg.
  * 			fuer Diplom- und Bachelorarbeiten
  *******************************************************************************************************/
 
@@ -53,12 +53,12 @@ if(!is_numeric($stg_kz) && $stg_kz!='')
 
 $abgabetyp=(isset($_REQUEST['abgabetyp'])?$_REQUEST['abgabetyp']:'');
 $termin=(isset($_REQUEST['termin'])?$_REQUEST['termin']:'');
-	
+
 $htmlstr='';
 $datum_obj = new datum();
 $user = get_uid();
 $rechte =  new benutzerberechtigung();
-$rechte->getBerechtigungen($user);	
+$rechte->getBerechtigungen($user);
 $berechtigung_kurzbz = 'lehre/abgabetool:download';
 
 if(isset($_GET['id']) && isset($_GET['uid']))
@@ -67,14 +67,14 @@ if(isset($_GET['id']) && isset($_GET['uid']))
 	{
 		if(!is_numeric($_GET['id']) || $_GET['id']=='')
 			die($p->t('global/fehlerBeiDerParameteruebergabe'));
-		
+
 		$file = $_GET['id'].'_'.$_GET['uid'].'.pdf';
 		$filename = PAABGABE_PATH.$file;
 		header('Content-Type: application/octet-stream');
 		header('Content-disposition: attachment; filename="'.$file.'"');
 		readfile($filename);
 	}
-	else 
+	else
 	{
 		die($p->t('global/keineBerechtigungFuerDieseSeite'));
 	}
@@ -84,8 +84,7 @@ if(isset($_GET['id']) && isset($_GET['uid']))
 
 if($aktion!='zip')
 {
-	echo '
-	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+	echo '<!DOCTYPE HTML>
 	<html>
 	<head>
 		<title>'.$p->t('abgabetool/projektabgabeUebersicht').'</title>
@@ -97,22 +96,22 @@ if($aktion!='zip')
 		<script src="../../../include/js/jquery.autocomplete.js" type="text/javascript"></script>
 		<script src="../../../include/js/jquery.autocomplete.min.js" type="text/javascript"></script>
 		<script language="JavaScript" type="text/javascript">
-		$(document).ready(function() 
-		{ 
+		$(document).ready(function()
+		{
 			$("#t1").tablesorter(
 			{
 				sortList: [[5,0]],
 				widgets: ["zebra"]
-			}); 		
+			});
 		});
 		</script>
 	</head>
 	<body>
 	<H1>'.$p->t('abgabetool/projektabgabeUebersicht').'</H1>';
-	
+
 	$s = new studiengang();
 	$s->loadArray($rechte->getStgKz($berechtigung_kurzbz),'typ,kurzbz');
-		
+
 	echo'<form method="GET" action="'.$_SERVER['PHP_SELF'].'" name="abgabeFrm">';
 
 	echo $p->t('global/studiengang').": <SELECT onchange='set_termin();' id='stg_kz' name='stg_kz'>";
@@ -135,27 +134,24 @@ if($aktion!='zip')
 		}
 	}
 	echo "</SELECT>";
-	
-	
-	$qry_termin="	SELECT distinct campus.tbl_paabgabe.datum as termin , to_char(campus.tbl_paabgabe.datum, 'DD-MM-YYYY') as termin_anzeige 
-					FROM lehre.tbl_projektarbeit 
-							JOIN campus.tbl_paabgabe USING(projektarbeit_id)
-							LEFT JOIN public.tbl_benutzer ON(uid=student_uid) 
-							LEFT JOIN public.tbl_person ON(tbl_benutzer.person_id=tbl_person.person_id)
-							LEFT JOIN lehre.tbl_lehreinheit USING(lehreinheit_id) 
-							LEFT JOIN lehre.tbl_lehrveranstaltung USING(lehrveranstaltung_id) 
-							LEFT JOIN public.tbl_studiengang USING(studiengang_kz)
-							WHERE (projekttyp_kurzbz='Bachelor' OR projekttyp_kurzbz='Diplom') 
-							
-						";
-					//AND public.tbl_benutzer.aktiv 
-			if ($stg_kz!='')
-				$qry_termin.=" AND public.tbl_studiengang.studiengang_kz='$stg_kz'";
-			if ($abgabetyp!='')
-				$qry_termin.=" AND campus.tbl_paabgabe.paabgabetyp_kurzbz='$abgabetyp'";
-			$qry_termin.=" ORDER BY termin desc";	
 
-	
+	$qry_termin="	SELECT distinct campus.tbl_paabgabe.datum as termin , to_char(campus.tbl_paabgabe.datum, 'DD-MM-YYYY') as termin_anzeige
+					FROM lehre.tbl_projektarbeit
+							JOIN campus.tbl_paabgabe USING(projektarbeit_id)
+							LEFT JOIN public.tbl_benutzer ON(uid=student_uid)
+							LEFT JOIN public.tbl_person ON(tbl_benutzer.person_id=tbl_person.person_id)
+							LEFT JOIN lehre.tbl_lehreinheit USING(lehreinheit_id)
+							LEFT JOIN lehre.tbl_lehrveranstaltung USING(lehrveranstaltung_id)
+							LEFT JOIN public.tbl_studiengang USING(studiengang_kz)
+							WHERE (projekttyp_kurzbz='Bachelor' OR projekttyp_kurzbz='Diplom')
+						";
+					//AND public.tbl_benutzer.aktiv
+			if ($stg_kz!='')
+				$qry_termin.=" AND public.tbl_studiengang.studiengang_kz=".$db->db_add_param($stg_kz, FHC_INTEGER);
+			if ($abgabetyp!='')
+				$qry_termin.=" AND campus.tbl_paabgabe.paabgabetyp_kurzbz=".$db->db_add_param($abgabetyp);
+			$qry_termin.=" ORDER BY termin desc";
+
 	echo '&nbsp;'.$p->t('abgabetool/termin').'&nbsp;<select name="termin" id="termin">
 				<option value=""  '. (!isset($_REQUEST['termin']) || empty($termin)?' selected ':'') .'>-'.$p->t('global/alle').'-</option> ';
 	if($result_termin=$db->db_query($qry_termin))
@@ -166,37 +162,37 @@ if($aktion!='zip')
 		}
 	}
 	echo	'</select>';
-	
+
 	?>
-					<script type="text/javascript">
-						function set_termin()
+	<script type="text/javascript">
+		function set_termin()
+		{
+			$('#termin').children().remove().end();
+			$.ajax
+			(
+				{
+					type: "POST",
+					url: 'projektabgabe_autocomplete.php',
+					dataType: 'json',
+					data: "work=work_termin_select" + "&stg_kz=" + $('#stg_kz').val()  + "&abgabetyp=" +  $('#abgabetyp').val(),
+					success: function(json)
+					{
+						var output = '';
+						for (p in json)
 						{
-							$('#termin').children().remove().end();
-							$.ajax
-							(
-								{
-									type: "POST",
-									url: 'projektabgabe_autocomplete.php',
-									dataType: 'json',
-									data: "work=work_termin_select" + "&stg_kz=" + $('#stg_kz').val()  + "&abgabetyp=" +  $('#abgabetyp').val(),
-									success: function(json)
-									{
-										var output = '';
-										for (p in json) 
-										{
-											output += '<option value=\"' + json[p].oTermin + '\">' + json[p].oTerminAnzeige + '<\/option>\n';
-										}
-										$('#termin').html(output);
-										$('#termin').result(function(event, data, formatted) {}).focus();
-									}
-								}
-							);
+							output += '<option value=\"' + json[p].oTermin + '\">' + json[p].oTerminAnzeige + '<\/option>\n';
 						}
-					</script>	
+						$('#termin').html(output);
+						$('#termin').result(function(event, data, formatted) {}).focus();
+					}
+				}
+			);
+		}
+	</script>
 <?php
 	echo "&nbsp;<INPUT type='submit' name='ok' value='".$p->t('global/anzeigen')."' onclick=\"f=document.abgabeFrm;f.aktion.value='';\">&nbsp;<INPUT type='button' value='ZIP' onclick=\"f=document.abgabeFrm;f.aktion.value='zip';f.submit();\"></FORM><br>";
 	}
-	
+
 ##if($stg_kz!='' || $abgabetyp!='' || $termin!='')
 
 if(isset($_REQUEST['ok']) || (isset($_REQUEST['aktion']) && $_REQUEST['aktion']=='zip'))
@@ -207,20 +203,20 @@ if(isset($_REQUEST['ok']) || (isset($_REQUEST['aktion']) && $_REQUEST['aktion']=
 	{
 		die($p->t('global/studiengangKonnteNichtGefundenWerden'));
 	}
-	
+
 	if($rechte->isBerechtigt('admin') || $rechte->isBerechtigt($berechtigung_kurzbz, $s->oe_kurzbz))
 	{
 		$qry="";
- 
-		$qry.="	SELECT public.tbl_studiengang.bezeichnung as stgbez, campus.tbl_paabgabe.datum as termin,* FROM lehre.tbl_projektarbeit 
+
+		$qry.="	SELECT public.tbl_studiengang.bezeichnung as stgbez, campus.tbl_paabgabe.datum as termin,* FROM lehre.tbl_projektarbeit
 			JOIN campus.tbl_paabgabe USING(projektarbeit_id)
-			LEFT JOIN public.tbl_benutzer ON(uid=student_uid) 
+			LEFT JOIN public.tbl_benutzer ON(uid=student_uid)
 			LEFT JOIN public.tbl_person ON(tbl_benutzer.person_id=tbl_person.person_id)
-			LEFT JOIN lehre.tbl_lehreinheit USING(lehreinheit_id) 
-			LEFT JOIN lehre.tbl_lehrveranstaltung USING(lehrveranstaltung_id) 
+			LEFT JOIN lehre.tbl_lehreinheit USING(lehreinheit_id)
+			LEFT JOIN lehre.tbl_lehrveranstaltung USING(lehrveranstaltung_id)
 			LEFT JOIN public.tbl_studiengang USING(studiengang_kz)
-			WHERE (projekttyp_kurzbz='Bachelor' OR projekttyp_kurzbz='Diplom') 
-			 			
+			WHERE (projekttyp_kurzbz='Bachelor' OR projekttyp_kurzbz='Diplom')
+
 			";
 
 			if ($stg_kz!='')
@@ -233,7 +229,7 @@ if(isset($_REQUEST['ok']) || (isset($_REQUEST['aktion']) && $_REQUEST['aktion']=
 
 		if($stg_kz=='' && $abgabetyp=='' && $termin=='')
 		{
-			$qry.=" limit 100 ";				
+			$qry.=" limit 100 ";
 		}
 
 		if(!$erg=$db->db_query($qry))
@@ -261,7 +257,7 @@ if(isset($_REQUEST['ok']) || (isset($_REQUEST['aktion']) && $_REQUEST['aktion']=
 				{
 					$htmlstr .= "		<td align=center><a href='".$_SERVER['PHP_SELF']."?id=".$row->paabgabe_id."&amp;uid=$row->uid' target='_blank'><img src='../../../skin/images/pdf.ico' alt='PDF' title='abgegebene Datei' border=0></a></td>";
 				}
-				else 
+				else
 				{
 					$htmlstr .= "		<td>&nbsp;&nbsp;&nbsp;&nbsp;</td>";
 				}
@@ -279,16 +275,16 @@ if(isset($_REQUEST['ok']) || (isset($_REQUEST['aktion']) && $_REQUEST['aktion']=
 					{
 						$zipfile = $row->paabgabe_id.'_'.$row->uid.'.pdf';
 					}
-					else 
+					else
 					{
 						$zipfile .= " ".$row->paabgabe_id.'_'.$row->uid.'.pdf';
-					}					
+					}
  				}
 			}
 			$htmlstr .= "</tbody></table>";
 		}
-	} 
-	else 
+	}
+	else
 	{
 		die($p->t('global/keineBerechtigungFuerDieseSeite'));
 	}
@@ -317,18 +313,18 @@ else
 		header('Content-Type: application/octet-stream');
 		header('Content-disposition: attachment; filename="Abgabe_'.$s->kuerzel.'.zip"');
 		$handle = fopen($zipausgabe, "rb");
-		
-		while (!feof($handle)) 
+
+		while (!feof($handle))
 		{
 			echo fread($handle, 1024);
 		}
-		
+
 		fclose($handle);
 
 		//echo file_get_contents($zipausgabe);
-		unlink($zipausgabe);	
+		unlink($zipausgabe);
 	}
-	else 
+	else
 	{
 		echo $p->t('global/dateiExistiertNicht');
 	}
diff --git a/cms/menu/menu_addon_freifaecher.inc.php b/cms/menu/menu_addon_freifaecher.inc.php
index 33e04abc4..1e34b05a3 100755
--- a/cms/menu/menu_addon_freifaecher.inc.php
+++ b/cms/menu/menu_addon_freifaecher.inc.php
@@ -25,6 +25,7 @@
 require_once(dirname(__FILE__).'/menu_addon.class.php');
 require_once(dirname(__FILE__).'/../../include/functions.inc.php');
 require_once(dirname(__FILE__).'/../../include/lehrveranstaltung.class.php');
+require_once(dirname(__FILE__).'/../../include/studiensemester.class.php');
 
 class menu_addon_freifaecher extends menu_addon
 {
@@ -35,6 +36,8 @@ class menu_addon_freifaecher extends menu_addon
 		$this->link=false;
 		
 		$sprache = getSprache();
+		$stsem = new studiensemester();
+		$stsem = $stsem->getAktOrNext();
 
 		$lv_obj = new lehrveranstaltung();
 		if(!$lv_obj->load_lva('0',null, null,true,false,'bezeichnung'))
@@ -44,7 +47,7 @@ class menu_addon_freifaecher extends menu_addon
 		{
 			$this->items[] = array('title'=>$row->bezeichnung_arr[$sprache],
 						 'target'=>'content',
-						 'link'=>'private/lehre/lesson.php?lvid='.$row->lehrveranstaltung_id,
+						 'link'=>'private/lehre/lesson.php?lvid='.$row->lehrveranstaltung_id.'&studiensemester_kurzbz='.$stsem,
 						 'name'=>'<span '.(!$row->aktiv?' style="" ':' style=""').'>'.(!$row->aktiv?' <img src="../skin/images/ampel_rot.png" height="8px" height="8px"> ':' <img src="../skin/images/ampel_gruen.png" height="8px"> ').' '.$this->CutString($row->bezeichnung_arr[$sprache], 21).'</span>'
 						);
 		}
@@ -70,4 +73,4 @@ class menu_addon_freifaecher extends menu_addon
 }
 
 new menu_addon_freifaecher();
-?>
\ No newline at end of file
+?>
diff --git a/include/benutzerfunktion.class.php b/include/benutzerfunktion.class.php
index 9a08a1b0b..08270da67 100644
--- a/include/benutzerfunktion.class.php
+++ b/include/benutzerfunktion.class.php
@@ -131,9 +131,15 @@ class benutzerfunktion extends basis_db
 	 */
 	public function getBenutzerFunktion($uid, $funktion_kurzbz, $oe_kurzbz)
 	{
-		$qry = "SELECT * FROM public.tbl_benutzerfunktion
-				WHERE uid=".$this->db_add_param($uid)." AND funktion_kurzbz=".$this->db_add_param($funktion_kurzbz)."
-				AND oe_kurzbz=".$this->db_add_param($oe_kurzbz);
+		$qry = "SELECT 
+					bfunk.*, stg.studiengang_kz
+				FROM 
+					public.tbl_benutzerfunktion AS bfunk
+					INNER JOIN public.tbl_studiengang AS stg ON(stg.oe_kurzbz = bfunk.oe_kurzbz)
+				WHERE 
+					bfunk.uid=".$this->db_add_param($uid)." 
+					AND bfunk.funktion_kurzbz=".$this->db_add_param($funktion_kurzbz)."
+					AND bfunk.oe_kurzbz=".$this->db_add_param($oe_kurzbz);
 
 		if($result = $this->db_query($qry))
 		{
diff --git a/include/vendor_custom/easyui/icon.css b/include/vendor_custom/easyui/icon.css
index 0b15469c2..38967a835 100755
--- a/include/vendor_custom/easyui/icon.css
+++ b/include/vendor_custom/easyui/icon.css
@@ -1,12 +1,12 @@
 .icon-fhc-chart{
-	background:url('../../../skin/images/Graphs_clip_art.svg') no-repeat center center;
+	background:url('../../../skin/images/Chart.svg') no-repeat center center;
   background-size: 16px 16px;
 }
 .icon-fhc-report{
-	background:url('../../../skin/images/x-office-presentation.svg') no-repeat center center;
+	background:url('../../../skin/images/Report.svg') no-repeat center center;
   background-size: 16px 16px;
 }
 .icon-fhc-statistik{
-	background:url('../../../skin/images/x-office-spreadsheet.svg') no-repeat center center;
+	background:url('../../../skin/images/Statistik.svg') no-repeat center center;
   background-size: 16px 16px;
 }
diff --git a/skin/images/Chart.svg b/skin/images/Chart.svg
new file mode 100644
index 000000000..91beaf369
--- /dev/null
+++ b/skin/images/Chart.svg
@@ -0,0 +1,165 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="100mm"
+   height="100mm"
+   viewBox="0 0 100 100"
+   version="1.1"
+   id="svg4517"
+   inkscape:version="0.92pre2 r"
+   sodipodi:docname="Chart.svg">
+  <defs
+     id="defs4511">
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient5781">
+      <stop
+         style="stop-color:#bb8a8a;stop-opacity:1"
+         offset="0"
+         id="stop5777" />
+      <stop
+         style="stop-color:#121212;stop-opacity:1"
+         offset="1"
+         id="stop5779" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5414-8"
+       inkscape:collect="always">
+      <stop
+         id="stop5515"
+         offset="0"
+         style="stop-color:#ce2121;stop-opacity:1" />
+      <stop
+         id="stop5517"
+         offset="1"
+         style="stop-color:#d7a98e;stop-opacity:0" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5414-8"
+       id="linearGradient5416"
+       x1="15.893733"
+       y1="291.10629"
+       x2="84.106262"
+       y2="202.89375"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5781"
+       id="linearGradient5783"
+       x1="77.190254"
+       y1="208.05676"
+       x2="22.4"
+       y2="277"
+       gradientUnits="userSpaceOnUse" />
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="0.98994949"
+     inkscape:cx="-619.33207"
+     inkscape:cy="89.602917"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     inkscape:window-width="2497"
+     inkscape:window-height="1016"
+     inkscape:window-x="63"
+     inkscape:window-y="27"
+     inkscape:window-maximized="1"
+     showguides="false" />
+  <metadata
+     id="metadata4514">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Ebene 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-197)">
+    <rect
+       style="fill:url(#linearGradient5416);fill-opacity:1;fill-rule:nonzero;stroke:#474747;stroke-width:1.78746629;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945;opacity:1"
+       id="rect5081"
+       width="68.212532"
+       height="88.21254"
+       x="15.893733"
+       y="202.89375" />
+    <g
+       id="g5775"
+       style="fill-opacity:1;fill:url(#linearGradient5783)">
+      <rect
+         y="227"
+         x="22.4"
+         height="50"
+         width="5"
+         id="rect5693"
+         style="opacity:1;fill:url(#linearGradient5783);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3.43855953;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="207"
+         x="32.399998"
+         height="70"
+         width="5"
+         id="rect5693-8"
+         style="opacity:1;fill:url(#linearGradient5783);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:4.06855869;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="217"
+         x="42.399998"
+         height="60"
+         width="5"
+         id="rect5693-8-5"
+         style="opacity:1;fill:url(#linearGradient5783);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3.76675367;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="227"
+         x="52.399998"
+         height="50"
+         width="5"
+         id="rect5693-8-5-2"
+         style="opacity:1;fill:url(#linearGradient5783);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3.43856001;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="237"
+         x="62.399998"
+         height="40"
+         width="5"
+         id="rect5693-8-5-1"
+         style="opacity:1;fill:url(#linearGradient5783);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3.0755415;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="227"
+         x="72.399963"
+         height="50"
+         width="5"
+         id="rect5693-8-5-9"
+         style="opacity:1;fill:url(#linearGradient5783);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3.43856001;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+    </g>
+    <g
+       aria-label="C"
+       transform="matrix(0.26458333,0,0,0.26458333,-58.26189,200.08014)"
+       style="font-style:normal;font-weight:normal;font-size:40px;line-height:25px;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       id="flowRoot5418">
+      <path
+         d="m 531.46827,321.41028 -6.144,-13.248 c -8.064,5.184 -19.584,8.64 -31.68,8.64 -30.72,0 -48.576,-23.424 -48.576,-54.336 0,-30.912 17.856,-55.104 48.576,-55.104 12.096,0 24.576,3.84 31.68,8.64 l 6.144,-13.248 c -8.448,-5.184 -22.08,-9.408 -37.824,-9.408 -38.4,0 -64.512,30.72 -64.512,69.12 0,38.4 26.112,68.352 64.512,68.352 12.864,0 26.688,-3.072 37.824,-9.408 z"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:192px;font-family:Cantarell;-inkscape-font-specification:Cantarell;fill:#000000;fill-opacity:1"
+         id="path4485" />
+    </g>
+  </g>
+</svg>
diff --git a/skin/images/Filter.svg b/skin/images/Filter.svg
new file mode 100644
index 000000000..7667ca554
--- /dev/null
+++ b/skin/images/Filter.svg
@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="100mm"
+   height="100mm"
+   viewBox="0 0 100 100"
+   version="1.1"
+   id="svg4517"
+   inkscape:version="0.92pre2 r"
+   sodipodi:docname="Filter.svg">
+  <defs
+     id="defs4511">
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient5821">
+      <stop
+         style="stop-color:#f9f9f9;stop-opacity:0.063"
+         offset="0"
+         id="stop5817" />
+      <stop
+         style="stop-color:#000000;stop-opacity:1"
+         offset="1"
+         id="stop5819" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5414-8"
+       inkscape:collect="always">
+      <stop
+         id="stop5515"
+         offset="0"
+         style="stop-color:#4f5fab;stop-opacity:1" />
+      <stop
+         id="stop5517"
+         offset="1"
+         style="stop-color:#d7a98e;stop-opacity:0" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5414-8"
+       id="linearGradient5416"
+       x1="15.893733"
+       y1="291.10629"
+       x2="84.106262"
+       y2="202.89375"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5821"
+       id="linearGradient5823"
+       x1="22.550903"
+       y1="284.15033"
+       x2="74.819145"
+       y2="212.27556"
+       gradientUnits="userSpaceOnUse" />
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="0.98994949"
+     inkscape:cx="-120.31671"
+     inkscape:cy="95.663832"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     inkscape:window-width="2497"
+     inkscape:window-height="1016"
+     inkscape:window-x="63"
+     inkscape:window-y="27"
+     inkscape:window-maximized="1"
+     showguides="false" />
+  <metadata
+     id="metadata4514">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Ebene 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-197)">
+    <rect
+       style="fill:url(#linearGradient5416);fill-opacity:1;fill-rule:nonzero;stroke:#474747;stroke-width:1.78746629;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945;opacity:1"
+       id="rect5081"
+       width="68.212532"
+       height="88.21254"
+       x="15.893733"
+       y="202.89375" />
+    <g
+       aria-label="F"
+       transform="matrix(0.26458333,0,0,0.26458333,-53.451039,202.48557)"
+       style="font-style:normal;font-weight:normal;font-size:40px;line-height:25px;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       id="flowRoot5418">
+      <path
+         d="m 450.82827,210.05028 h 61.056 v -14.016 h -76.992 v 132.864 h 15.936 v -61.632 h 55.488 v -14.016 h -55.488 z"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:192px;font-family:Cantarell;-inkscape-font-specification:Cantarell;fill:#000000;fill-opacity:1"
+         id="path5829" />
+    </g>
+    <path
+       style="fill:url(#linearGradient5823);fill-rule:evenodd;stroke:#595959;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;fill-opacity:1"
+       d="m 44.819142,242.27556 v 40 l 10,-10 v -30 l 20,-30 h -50 z"
+       id="path5813"
+       inkscape:connector-curvature="0"
+       sodipodi:nodetypes="ccccccc" />
+  </g>
+</svg>
diff --git a/skin/images/Report.svg b/skin/images/Report.svg
new file mode 100644
index 000000000..422faa343
--- /dev/null
+++ b/skin/images/Report.svg
@@ -0,0 +1,480 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="100mm"
+   height="100mm"
+   viewBox="0 0 100 100"
+   version="1.1"
+   id="svg4517"
+   inkscape:version="0.92pre2 r"
+   sodipodi:docname="Report.svg">
+  <defs
+     id="defs4511">
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient4922">
+      <stop
+         style="stop-color:#030303;stop-opacity:1"
+         offset="0"
+         id="stop4918" />
+      <stop
+         style="stop-color:#e9e9e9;stop-opacity:1"
+         offset="1"
+         id="stop4920" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient5414">
+      <stop
+         style="stop-color:#af86af;stop-opacity:1"
+         offset="0"
+         id="stop5410" />
+      <stop
+         style="stop-color:#faf4f1;stop-opacity:1"
+         offset="1"
+         id="stop5412" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5414"
+       id="linearGradient5416"
+       x1="15.893733"
+       y1="291.10629"
+       x2="84.106262"
+       y2="202.89375"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient4922"
+       id="linearGradient4924"
+       x1="79.720238"
+       y1="205.70483"
+       x2="20.657738"
+       y2="281.67804"
+       gradientUnits="userSpaceOnUse" />
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1.4"
+     inkscape:cx="36.830519"
+     inkscape:cy="159.96607"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     inkscape:window-width="2497"
+     inkscape:window-height="1016"
+     inkscape:window-x="63"
+     inkscape:window-y="27"
+     inkscape:window-maximized="1"
+     showguides="false"
+     inkscape:snap-grids="false"
+     inkscape:snap-to-guides="false"
+     inkscape:snap-others="false"
+     inkscape:object-nodes="false"
+     inkscape:snap-nodes="false"
+     inkscape:snap-global="false" />
+  <metadata
+     id="metadata4514">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Ebene 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-197)">
+    <rect
+       style="fill:url(#linearGradient5416);fill-opacity:1;fill-rule:nonzero;stroke:#474747;stroke-width:1.78746629;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+       id="rect5081"
+       width="68.212532"
+       height="88.21254"
+       x="15.893733"
+       y="202.89375" />
+    <g
+       id="g4895"
+       style="fill-opacity:1;fill:url(#linearGradient4924)">
+      <g
+         transform="translate(35.71875,-3.7797619)"
+         id="g4685"
+         style="fill-opacity:1;fill:url(#linearGradient4924)">
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25962421;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100"
+           width="0.23874897"
+           height="26.136824"
+           x="23.709431"
+           y="209.80672" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801665;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-6"
+           width="0.23874897"
+           height="25.814148"
+           x="26.09692"
+           y="210.12939" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801665;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-7"
+           width="0.23874897"
+           height="25.814148"
+           x="28.484411"
+           y="210.12939" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801665;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-5"
+           width="0.23874897"
+           height="25.814148"
+           x="30.871897"
+           y="210.12939" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801665;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3"
+           width="0.23874897"
+           height="25.814148"
+           x="33.259388"
+           y="210.12939" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801665;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-56"
+           width="0.23874897"
+           height="25.814148"
+           x="38.034367"
+           y="210.12939" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801665;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-2"
+           width="0.23874897"
+           height="25.814148"
+           x="35.646873"
+           y="210.12939" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801665;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-9"
+           width="0.23874897"
+           height="25.814148"
+           x="40.421856"
+           y="210.12939" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25962424;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-1"
+           width="0.23874897"
+           height="26.136824"
+           x="42.809345"
+           y="209.80672" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25962427;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2"
+           width="19.338667"
+           height="0.32267687"
+           x="23.709431"
+           y="235.62086" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-7"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="214.64687" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-0"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="216.26025" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-9"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="211.4201" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-3"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="213.03348" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-6"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="217.87364" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-06"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="219.48701" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-2"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="221.1004" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-61"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="227.55394" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-8"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="230.7807" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-79"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="234.00748" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-20"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="222.71378" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-23"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="225.94055" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-75"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="224.32718" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-92"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="229.16731" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25801668;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-28"
+           width="19.099916"
+           height="0.32267687"
+           x="23.709431"
+           y="232.39409" />
+        <rect
+           style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.25962427;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-97"
+           width="19.338667"
+           height="0.32267687"
+           x="23.709431"
+           y="209.80672" />
+      </g>
+      <rect
+         y="246"
+         x="20"
+         height="1"
+         width="60"
+         id="rect5100-3-2-3-3"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.80505168;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="241"
+         x="20"
+         height="1"
+         width="60"
+         id="rect5100-3-2-3-3-6"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.80505168;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="236"
+         x="20"
+         height="1"
+         width="60"
+         id="rect5100-3-2-3-3-6-7"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.80505168;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="251"
+         x="45"
+         height="1"
+         width="35"
+         id="rect5100-3-2-3-3-5"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.6148684;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="256"
+         x="45"
+         height="1"
+         width="35"
+         id="rect5100-3-2-3-3-3"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.6148684;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="261"
+         x="45"
+         height="1"
+         width="35"
+         id="rect5100-3-2-3-3-56"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.6148684;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="266"
+         x="45"
+         height="1"
+         width="35"
+         id="rect5100-3-2-3-3-2"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.6148684;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="276"
+         x="45"
+         height="1"
+         width="35"
+         id="rect5100-3-2-3-3-9"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.6148684;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="231"
+         x="20"
+         height="1"
+         width="35"
+         id="rect5100-3-2-3-3-1"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.61486834;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="281"
+         x="45"
+         height="1"
+         width="35"
+         id="rect5100-3-2-3-3-27"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.6148684;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="271"
+         x="45"
+         height="1"
+         width="35"
+         id="rect5100-3-2-3-3-0"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.6148684;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="226"
+         x="20"
+         height="1"
+         width="35"
+         id="rect5100-3-2-3-3-1-9"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.61486834;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="221"
+         x="20"
+         height="1"
+         width="35"
+         id="rect5100-3-2-3-3-1-3"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.61486834;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="211"
+         x="20"
+         height="1"
+         width="35"
+         id="rect5100-3-2-3-3-1-6"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.61486834;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="206"
+         x="20"
+         height="1"
+         width="35"
+         id="rect5100-3-2-3-3-1-0"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.61486834;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <rect
+         y="216"
+         x="20"
+         height="1"
+         width="35"
+         id="rect5100-3-2-3-3-1-62"
+         style="fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.61486834;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945" />
+      <g
+         transform="matrix(0.41143708,0,0,0.41143708,10.886928,168.17075)"
+         style="fill:url(#linearGradient4924);fill-opacity:1"
+         id="g5775">
+        <rect
+           style="opacity:1;fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3.43855953;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5693"
+           width="5"
+           height="50"
+           x="22.4"
+           y="227" />
+        <rect
+           style="opacity:1;fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:4.06855869;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5693-8"
+           width="5"
+           height="70"
+           x="32.399998"
+           y="207" />
+        <rect
+           style="opacity:1;fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3.76675367;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5693-8-5"
+           width="5"
+           height="60"
+           x="42.399998"
+           y="217" />
+        <rect
+           style="opacity:1;fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3.43856001;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5693-8-5-2"
+           width="5"
+           height="50"
+           x="52.399998"
+           y="227" />
+        <rect
+           style="opacity:1;fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3.0755415;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5693-8-5-1"
+           width="5"
+           height="40"
+           x="62.399998"
+           y="237" />
+        <rect
+           style="opacity:1;fill:url(#linearGradient4924);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3.43856001;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5693-8-5-9"
+           width="5"
+           height="50"
+           x="72.399963"
+           y="227" />
+      </g>
+    </g>
+    <g
+       aria-label="P"
+       transform="matrix(0.26458333,0,0,0.26458333,-56.852009,201.21407)"
+       style="font-style:normal;font-weight:normal;font-size:40px;line-height:25px;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       id="flowRoot5418">
+      <g
+         aria-label="R"
+         style="font-style:normal;font-weight:normal;font-size:40px;line-height:25px;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+         id="text4505">
+        <path
+           d="m 507.0968,325.40009 h 18.432 l -37.824,-56.64 c 18.24,-4.992 30.528,-19.968 30.528,-37.44 0,-22.848 -13.248,-38.784 -39.552,-38.784 h -48.768 v 132.864 h 15.936 v -54.72 h 25.344 z m -33.984,-68.736 h -27.264 v -50.112 h 27.264 c 17.28,0 29.184,3.648 29.184,24.768 0,19.968 -13.44,25.344 -29.184,25.344 z"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:192px;font-family:cantarell;-inkscape-font-specification:cantarell;fill:#000000;fill-opacity:1"
+           id="path4905" />
+      </g>
+    </g>
+  </g>
+</svg>
diff --git a/skin/images/Statistik.svg b/skin/images/Statistik.svg
new file mode 100644
index 000000000..8df81c229
--- /dev/null
+++ b/skin/images/Statistik.svg
@@ -0,0 +1,571 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="100mm"
+   height="100mm"
+   viewBox="0 0 100 100"
+   version="1.1"
+   id="svg4517"
+   inkscape:version="0.92pre2 r"
+   sodipodi:docname="Statistik.svg">
+  <defs
+     id="defs4511">
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient912">
+      <stop
+         style="stop-color:#000000;stop-opacity:1;"
+         offset="0"
+         id="stop908" />
+      <stop
+         style="stop-color:#000000;stop-opacity:0;"
+         offset="1"
+         id="stop910" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient5414">
+      <stop
+         style="stop-color:#e9bf1c;stop-opacity:1"
+         offset="0"
+         id="stop5410" />
+      <stop
+         style="stop-color:#d7a98e;stop-opacity:0"
+         offset="1"
+         id="stop5412" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient5365">
+      <stop
+         style="stop-color:#ffffff;stop-opacity:1"
+         offset="0"
+         id="stop5361" />
+      <stop
+         style="stop-color:#000000;stop-opacity:0;"
+         offset="1"
+         id="stop5363" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5365"
+       id="linearGradient5367"
+       x1="10"
+       y1="286"
+       x2="91"
+       y2="207"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5414"
+       id="linearGradient5416"
+       x1="15.893733"
+       y1="291.10629"
+       x2="84.106262"
+       y2="202.89375"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient914"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4509"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4511"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4513"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4515"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4517"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4519"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4521"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4523"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4525"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4527"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4529"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4531"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4533"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4535"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4537"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4539"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4541"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4543"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4545"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4547"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4549"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4551"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4553"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4555"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4557"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient912"
+       id="linearGradient4559"
+       gradientUnits="userSpaceOnUse"
+       x1="10"
+       y1="246.5"
+       x2="91"
+       y2="246.5" />
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1.979899"
+     inkscape:cx="-160.90502"
+     inkscape:cy="173.2425"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     inkscape:window-width="2497"
+     inkscape:window-height="1016"
+     inkscape:window-x="63"
+     inkscape:window-y="27"
+     inkscape:window-maximized="1"
+     showguides="false" />
+  <metadata
+     id="metadata4514">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Ebene 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-197)">
+    <rect
+       style="fill:url(#linearGradient5416);fill-opacity:1;fill-rule:nonzero;stroke:#474747;stroke-width:1.78746629;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+       id="rect5081"
+       width="68.212532"
+       height="88.21254"
+       x="15.893733"
+       y="202.89375" />
+    <g
+       id="g5359"
+       transform="matrix(0.60187871,0,0,0.77835028,19.992816,48.488095)"
+       style="fill:url(#linearGradient5367);fill-opacity:1">
+      <g
+         id="g906"
+         style="opacity:0.64200003;fill:#000000;fill-opacity:1;stroke:url(#linearGradient914)"
+         transform="translate(0,7.3826591)">
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4509);stroke-width:0.93538535;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100"
+           width="1"
+           height="81"
+           x="10"
+           y="206" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4511);stroke-width:0.9295935;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-6"
+           width="1"
+           height="80"
+           x="20"
+           y="207" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4513);stroke-width:0.9295935;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-7"
+           width="1"
+           height="80"
+           x="30"
+           y="207" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4515);stroke-width:0.9295935;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-5"
+           width="1"
+           height="80"
+           x="40"
+           y="207" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4517);stroke-width:0.9295935;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3"
+           width="1"
+           height="80"
+           x="50"
+           y="207" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4519);stroke-width:0.9295935;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-56"
+           width="1"
+           height="80"
+           x="70"
+           y="207" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4521);stroke-width:0.9295935;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-2"
+           width="1"
+           height="80"
+           x="60"
+           y="207" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4523);stroke-width:0.9295935;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-9"
+           width="1"
+           height="80"
+           x="80"
+           y="207" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4525);stroke-width:0.93538541;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-1"
+           width="1"
+           height="81"
+           x="90"
+           y="206" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4527);stroke-width:0.93538553;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2"
+           width="81"
+           height="1"
+           x="10"
+           y="286" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4529);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-7"
+           width="80"
+           height="1"
+           x="10"
+           y="221" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4531);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-0"
+           width="80"
+           height="1"
+           x="10"
+           y="226" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4533);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-9"
+           width="80"
+           height="1"
+           x="10"
+           y="211" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4535);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-3"
+           width="80"
+           height="1"
+           x="10"
+           y="216" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4537);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-6"
+           width="80"
+           height="1"
+           x="10"
+           y="231" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4539);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-06"
+           width="80"
+           height="1"
+           x="10"
+           y="236" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4541);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-2"
+           width="80"
+           height="1"
+           x="10"
+           y="241" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4543);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-61"
+           width="80"
+           height="1"
+           x="10"
+           y="261" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4545);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-8"
+           width="80"
+           height="1"
+           x="10"
+           y="271" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4547);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-79"
+           width="80"
+           height="1"
+           x="10"
+           y="281" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4549);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-20"
+           width="80"
+           height="1"
+           x="10"
+           y="246" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4551);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-23"
+           width="80"
+           height="1"
+           x="10"
+           y="256" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4553);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-75"
+           width="80"
+           height="1"
+           x="10"
+           y="251" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4555);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-92"
+           width="80"
+           height="1"
+           x="10"
+           y="266" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4557);stroke-width:0.92959362;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-28"
+           width="80"
+           height="1"
+           x="10"
+           y="276" />
+        <rect
+           style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:url(#linearGradient4559);stroke-width:0.93538553;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.97089945"
+           id="rect5100-3-2-97"
+           width="81"
+           height="1"
+           x="10"
+           y="206" />
+      </g>
+    </g>
+    <g
+       aria-label="P"
+       transform="matrix(0.26458333,0,0,0.26458333,-54.77314,200.08014)"
+       style="font-style:normal;font-weight:normal;font-size:40px;line-height:25px;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       id="flowRoot5418">
+      <g
+         aria-label="S"
+         style="font-style:normal;font-weight:normal;font-size:40px;line-height:25px;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+         id="text4505">
+        <path
+           d="m 466.5848,327.32009 c 28.032,0 48.96,-14.976 48.96,-36.096 0,-43.008 -73.344,-35.904 -73.344,-65.28 0,-13.824 11.712,-22.08 30.528,-22.08 10.752,0 24.96,3.456 32.064,8.64 l 6.144,-13.248 c -10.368,-5.952 -22.656,-9.408 -38.592,-9.408 -24.768,0 -46.08,10.56 -46.08,36.096 0,43.008 73.344,35.904 73.344,65.28 0,11.136 -12.48,22.08 -32.64,22.08 -15.168,0 -30.144,-5.76 -37.632,-10.56 l -6.144,13.248 c 10.368,5.76 23.04,11.328 43.392,11.328 z"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:192px;font-family:cantarell;-inkscape-font-specification:cantarell;fill:#000000;fill-opacity:1"
+           id="path4504" />
+      </g>
+    </g>
+  </g>
+</svg>
diff --git a/vilesci/bis/studentenmeldung.php b/vilesci/bis/studentenmeldung.php
index b51a8b0ad..4693f1c55 100644
--- a/vilesci/bis/studentenmeldung.php
+++ b/vilesci/bis/studentenmeldung.php
@@ -927,7 +927,7 @@ function GenerateXMLStudentBlock($row)
 				$gsblock.="
 			<GS>
 				<MobilitaetsProgrammCode>".$rowgs->mobilitaetsprogramm_code."</MobilitaetsProgrammCode>
-				<ProgrammNr>".sprintf('%04s',$rowgs->programm_code)."</ProgrammNr>
+				<ProgrammNr>".$rowgs->programm_code."</ProgrammNr>
 				<StudTyp>".$studtyp."</StudTyp>
 				<PartnerCode>".$rowgs->partner_code."</PartnerCode>
 				<Ausbildungssemester>".$rowgs->ausbildungssemester."</Ausbildungssemester>
diff --git a/vilesci/statistik/filter_overview.php b/vilesci/statistik/filter_overview.php
index eda34f67c..fa716399f 100644
--- a/vilesci/statistik/filter_overview.php
+++ b/vilesci/statistik/filter_overview.php
@@ -117,7 +117,7 @@ if (!$filter->loadAll())
 								<?php echo $filter->filter_id ?>
 							</a>
 							<a href="filter_vorschau.php?filter_id=<?php echo $filter->filter_id ?>" target="_blank">
-								<img src="../../skin/images/x-office-presentation.png" class="mini-icon" />
+								<img src="../../skin/images/Filter.svg" class="mini-icon" />
 							</a>
 						</td>
 						<td>