diff --git a/index.php b/index.php
index 2f56510bfb..89c24cac52 100644
--- a/index.php
+++ b/index.php
@@ -29,7 +29,8 @@ var_dump( $_SESSION );
 if( OC_USER::isLoggedIn()){
 	if( $_GET["logout"] ){
 		OC_USER::logout();
-		OC_TEMPLATE::printGuestPage( "", "logout" );
+		header( "Location: $WEBROOT");
+		exit();
 	}
 	else{
 		header( "Location: ".OC_APPCONFIG::getValue( "core", "defaultpage", "files/index.php" ));
diff --git a/lib/ocs.php b/lib/ocs.php
index 2b1e706462..4e9e6522e8 100644
--- a/lib/ocs.php
+++ b/lib/ocs.php
@@ -400,16 +400,16 @@ class OC_OCS {
    * @return string xml/json
    */
   private static function activityGet($format,$page,$pagesize) {
-	global $CONFIG_DBTABLEPREFIX;
-
     $user=OC_OCS::checkpassword();
-
-    $result = OC_DB::query("select count(*) as co from {$CONFIG_DBTABLEPREFIX}log");
+    
+	$query = OC_DB::prepare('select count(*) as co from *PREFIX*log');
+    $result = $query->execute();
     $entry=$result->fetchRow();
     $totalcount=$entry['co'];
-    OC_DB::free_result($result);
-
-    $result = OC_DB::select("select id,timestamp,user,type,message from {$CONFIG_DBTABLEPREFIX}log order by timestamp desc limit " . ($page*$pagesize) . ",$pagesize");
+	
+	$query=OC_DB::prepare('select id,timestamp,user,type,message from *PREFIX*log order by timestamp desc limit ?,?');
+    $result = $query->execute(array(($page*$pagesize),$pagesize))->fetchAll();
+    
     $itemscount=count($result);
 
     $url='http://'.substr($_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'],0,-11).'';
@@ -512,24 +512,24 @@ class OC_OCS {
 	* @return array
 	*/
 	public static function getData($user,$app="",$key="",$like=false) {
-		global $CONFIG_DBTABLEPREFIX;
-		$user=OC_DB::escape($user);
-		$key=OC_DB::escape($key);
-		$app=OC_DB::escape($app);
 		$key="$user::$key";//ugly hack for the sake of keeping database scheme compatibiliy, needs to be replaced with a seperate user field the next time we break db compatibiliy
 		$compareFunction=($like)?'LIKE':'=';
 		
 		if($app){
 			if (!trim($key)) {
-				$result = OC_DB::select("select app, `key`,value,`timestamp` from {$CONFIG_DBTABLEPREFIX}privatedata where app='$app' order by `timestamp` desc");
+				$query = OC_DB::prepare('select app, `key`,value,`timestamp` from *PREFIX*privatedata where app=? order by `timestamp` desc');
+				$result=$query->execute(array($app))->fetchAll();
 			} else {
-				$result = OC_DB::select("select app, `key`,value,`timestamp` from {$CONFIG_DBTABLEPREFIX}privatedata where app='$app' and `key` $compareFunction '$key' order by `timestamp` desc");
+				$query = OC_DB::prepare("select app, `key`,value,`timestamp` from *PREFIX*privatedata where app=? and `key` $compareFunction ? order by `timestamp` desc");
+				$result=$query->execute(array($app,$key))->fetchAll();
 			}
 		}else{
 			if (!trim($key)) {
-				$result = OC_DB::select("select app, `key`,value,`timestamp` from {$CONFIG_DBTABLEPREFIX}privatedata order by `timestamp` desc");
+				$query = OC_DB::prepare('select app, `key`,value,`timestamp` from *PREFIX*privatedata order by `timestamp` desc');
+				$result=$query->execute()->fetchAll();
 			} else {
-				$result = OC_DB::select("select app, `key`,value,`timestamp` from {$CONFIG_DBTABLEPREFIX}privatedata where `key` $compareFunction '$key' order by `timestamp` desc");
+				$query = OC_DB::prepare("select app, `key`,value,`timestamp` from *PREFIX*privatedata where `key` $compareFunction ? order by `timestamp` desc");
+				$result=$query->execute(array($key))->fetchAll();
 			}
 		}
 		$result=self::trimKeys($result,$user);
@@ -545,20 +545,18 @@ class OC_OCS {
 	* @return bool
 	*/
 	public static function setData($user, $app, $key, $value) {
-		global $CONFIG_DBTABLEPREFIX;
-		$app=OC_DB::escape($app);
-		$key=OC_DB::escape($key);
-		$user=OC_DB::escape($user);
-		$value=OC_DB::escape($value);
 		$key="$user::$key";//ugly hack for the sake of keeping database scheme compatibiliy
-		//TODO: prepared statements, locking tables, fancy stuff, error checking/handling
-		$result=OC_DB::select("select count(*) as co from {$CONFIG_DBTABLEPREFIX}privatedata where `key` = '$key' and app = '$app'");
+		//TODO: locking tables, fancy stuff, error checking/handling
+		$query=OC_DB::prepare("select count(*) as co from *PREFIX*privatedata where `key` = ? and app = ?");
+		$result=$query->execute(array($key,$app))->fetchAll();
 		$totalcount=$result[0]['co'];
 		if ($totalcount != 0) {
-			$result = OC_DB::query("update {$CONFIG_DBTABLEPREFIX}privatedata set value='$value', `timestamp` = now() where `key` = '$key' and app = '$app'");
+			$query=OC_DB::prepare("update *PREFIX*privatedata set value=?, `timestamp` = now() where `key` = ? and app = ?");
+			
 		} else {
-			$result = OC_DB::query("insert into {$CONFIG_DBTABLEPREFIX}privatedata(app, `key`, value, `timestamp`) values('$app', '$key', '$value', now())");
+			$result = OC_DB::prepare("insert into *PREFIX*privatedata(value, `key`, app, `timestamp`) values(?, ?, ?, now())");
 		}
+		$result = $query->execute(array($value,$key,$app));
 		if (PEAR::isError($result)){
 			$entry='DB Error: "'.$result->getMessage().'"<br />';
 			error_log($entry);
@@ -576,13 +574,10 @@ class OC_OCS {
 	* @return string xml/json
 	*/
 	public static function deleteData($user, $app, $key) {
-		global $CONFIG_DBTABLEPREFIX;
-		$app=OC_DB::escape($app);
-		$key=OC_DB::escape($key);
-		$user=OC_DB::escape($user);
 		$key="$user::$key";//ugly hack for the sake of keeping database scheme compatibiliy
 		//TODO: prepared statements, locking tables, fancy stuff, error checking/handling
-		$result = OC_DB::query("delete from {$CONFIG_DBTABLEPREFIX}privatedata where `key` = '$key' and app = '$app'");
+		$query=OC_DB::prepare("delete from *PREFIX*privatedata where `key` = ? and app = ?");
+		$result = $query->execute(array($key,$app));
 		if (PEAR::isError($result)){
 			$entry='DB Error: "'.$result->getMessage().'"<br />';
 			error_log($entry);
diff --git a/plugins/publiclink/db_structure.xml b/plugins/publiclink/db_structure.xml
new file mode 100644
index 0000000000..de63b03f44
--- /dev/null
+++ b/plugins/publiclink/db_structure.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<database>
+	 <name>*dbname*</name>
+	 <create>true</create>
+	 <overwrite>false</overwrite>
+	 <charset>latin1</charset>
+	 <table>
+		<name>*dbprefix*publiclink</name>
+		<declaration>
+			<field>
+				<name>token</name>
+				<type>text</type>
+				<default></default>
+				<notnull>true</notnull>
+				<length>40</length>
+			</field>
+			<field>
+				<name>path</name>
+				<type>text</type>
+				<default></default>
+				<notnull>true</notnull>
+				<length>128</length>
+			</field>
+			<field>
+				<name>user</name>
+				<type>text</type>
+				<default>
+				</default>
+				<notnull>true</notnull>
+				<length>64</length>
+			 </field>
+			 <field>
+				<name>expire_time</name>
+				<type>timestamp</type>
+				<notnull>true</notnull>
+			</field>
+			<index>
+				<name>token</name>
+				<unique>true</unique>
+				<field>
+					<name>token</name>
+					<sorting>ascending</sorting>
+				</field>
+			</index>
+		</declaration>
+	</table>
+</database>
diff --git a/plugins/publiclink/getfile.php b/plugins/publiclink/getfile.php
new file mode 100644
index 0000000000..c579dc9246
--- /dev/null
+++ b/plugins/publiclink/getfile.php
@@ -0,0 +1,10 @@
+<?php
+$RUNTIME_NOAPPS=true; //no need to load the apps
+
+require_once '../../lib/base.php';
+
+require_once 'lib_public.php';
+
+$token=$_GET['token'];
+OC_PublicLink::downloadFile($token);
+?>
\ No newline at end of file
diff --git a/plugins/publiclink/lib_public.php b/plugins/publiclink/lib_public.php
new file mode 100644
index 0000000000..494f84fdb7
--- /dev/null
+++ b/plugins/publiclink/lib_public.php
@@ -0,0 +1,77 @@
+<?php
+class OC_PublicLink{
+	/**
+	 * create a new public link
+	 * @param string path
+	 * @param int (optional) expiretime time the link expires, as timestamp
+	 */
+	public function __construct($path,$expiretime=0){
+		if($path && OC_FILESYSTEM::file_exists($path)){
+			$token=sha1("$path-$expiretime");
+			$user=$_SESSION['user_id'];
+			$query=OC_DB::prepare("INSERT INTO *PREFIX*publiclink VALUES(?,?,?,?)");
+			$result=$query->execute(array($token,$path,$user,$expiretime));
+			if( PEAR::isError($result)) {
+				$entry = 'DB Error: "'.$result->getMessage().'"<br />';
+				$entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
+				error_log( $entry );
+				die( $entry );
+			}
+			$this->token=$token;
+		}
+	}
+	
+	/**
+	 * download a file shared by a public link
+	 * @param string token
+	 */
+	public static function downloadFile($token){
+		//remove expired links
+		$query=OC_DB::prepare("DELETE FROM *PREFIX*publiclink WHERE expire_time < NOW() AND expire_time!=0");
+		$query->execute();
+		
+		//get the path and the user
+		$query=OC_DB::prepare("SELECT user,path FROM *PREFIX*publiclink WHERE token=?");
+		$result=$query->execute(array($token));
+		$data=$result->fetchAll();
+		if(count($data)>0){
+			$path=$data[0]['path'];
+			$user=$data[0]['user'];
+			
+			//login
+			$_SESSION['user_id']=$user;
+			
+			//prepare the filesystem
+			OC_UTIL::setupFS();
+			
+			//get time mimetype and set the headers
+			$mimetype=OC_FILESYSTEM::getMimeType($path);
+	// 		header('Content-Disposition: attachment; filename="'.basename($path).'"');
+			header('Content-Transfer-Encoding: binary');
+			header('Expires: 0');
+			header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+			header('Pragma: public');
+			header('Content-Type: ' . $mimetype);
+			header('Content-Length: ' . OC_FILESYSTEM::filesize($path));
+			
+			//download the file
+			ob_clean();
+			OC_FILESYSTEM::readfile($path);
+		}else{
+			header("HTTP/1.0 404 Not Found");
+			echo '404 Not Found';
+			die();
+		}
+	}
+	
+	/**
+	 * get the token for the public link
+	 * @return string
+	 */
+	public function getToken(){
+		return $this->token;
+	}
+	
+	private $token;
+}
+?>
\ No newline at end of file
diff --git a/plugins/publiclink/makelink.php b/plugins/publiclink/makelink.php
new file mode 100644
index 0000000000..1de65e7ec6
--- /dev/null
+++ b/plugins/publiclink/makelink.php
@@ -0,0 +1,13 @@
+<?php
+$RUNTIME_NOAPPS=true; //no need to load the apps
+
+require_once '../../lib/base.php';
+
+require_once 'lib_public.php';
+
+$path=$_GET['path'];
+$expire=(isset($_GET['expire']))?$_GET['expire']:0;
+
+$link=new OC_PublicLink($path,$expire);
+echo $link->getToken();
+?>
\ No newline at end of file
diff --git a/plugins/publiclink/plugin.xml b/plugins/publiclink/plugin.xml
new file mode 100755
index 0000000000..75abed6cf0
--- /dev/null
+++ b/plugins/publiclink/plugin.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<plugin version="1.0">
+	<info>
+		<id>publiclink</id>
+		<name>Simple file sharing by creating a public link to a file</name>
+		<version>0.1</version>
+		<licence>AGPL</licence>
+		<author>Robin Appelman</author>
+		<require>1.1</require>
+	</info>
+	<runtime>
+		<include>lib_public.php</include>
+	</runtime>
+	<install>
+		<database>db_structure.xml</database>
+	</install>
+</plugin>