diff --git a/web/ajax/alarm.php b/web/ajax/alarm.php
index dc1e4bca5..b9c1221b0 100644
--- a/web/ajax/alarm.php
+++ b/web/ajax/alarm.php
@@ -12,9 +12,9 @@ header("Content-type: text/plain" );
 
 if ( canEdit( 'Monitors' ) )
 {
-    $zmu_command = getZmuCommand( " -m ".$_REQUEST['id'] );
+    $zmu_command = getZmuCommand( " -m ".validInt($_REQUEST['id']) );
 
-    switch ( $_REQUEST['command'] )
+    switch ( validJsStr($_REQUEST['command']) )
     {
         case "disableAlarms" :
         {
@@ -39,7 +39,7 @@ if ( canEdit( 'Monitors' ) )
         default :
         {
             $response['result'] = 'Error';
-            $response['message'] = "Unexpected command '".$_REQUEST['command']."'";
+            $response['message'] = "Unexpected command '".validJsStr($_REQUEST['command'])."'";
             echo jsValue( $response );
             exit;
         }
diff --git a/web/ajax/control.php b/web/ajax/control.php
index aaa28718d..67edd66ab 100644
--- a/web/ajax/control.php
+++ b/web/ajax/control.php
@@ -14,7 +14,7 @@ if ( !$_REQUEST['id'] )
     return;
 }
 
-$monitor = dbFetchOne( "select C.*,M.* from Monitors as M inner join Controls as C on (M.ControlId = C.Id ) where M.Id = '".$_REQUEST['id']."'" );
+$monitor = dbFetchOne( "select C.*,M.* from Monitors as M inner join Controls as C on (M.ControlId = C.Id ) where M.Id = '".dbEscape($_REQUEST['id'])."'" );
 
 $ctrlCommand = ZM_PATH_BIN."/zmcontrol.pl";
 
@@ -1010,15 +1010,15 @@ if ( $_REQUEST['control'] != 'null' )
         //error_log( "Command: $ctrlCommand" );
 
         // Can't connect so use script
-        $ctrl_status = '';
-        $ctrl_output = array();
-        exec( escapeshellcmd( $ctrlCommand ), $ctrl_output, $ctrl_status );
-        //error_log( "Status: $ctrl_status" );
-        //error_log( "Output: ".join( "\n", $ctrl_output ) );
-        if ( !$ctrl_status )
+        $ctrlStatus = '';
+        $ctrlOutput = array();
+        exec( escapeshellcmd( $ctrlCommand ), $ctrlOutput, $ctrlStatus );
+        //error_log( "Status: $ctrlStatus" );
+        //error_log( "Output: ".join( "\n", $ctrlOutput ) );
+        if ( !$ctrlStatus )
             $response = array( 'result' => "Ok", 'message' => 'Used script' );
         else
-            $response = array( 'result' => "Error", 'status' => $ctrl_status, 'message' => join( "\n", $ctrl_output ) );
+            $response = array( 'result' => "Error", 'status' => $ctrlStatus, 'message' => join( "\n", $ctrlOutput ) );
     }
 }
 else
diff --git a/web/ajax/status.php b/web/ajax/status.php
index 00ec126bc..cd24713af 100644
--- a/web/ajax/status.php
+++ b/web/ajax/status.php
@@ -72,8 +72,8 @@ $statusData = array(
             "MinEventId" => array( "sql" => "min(Events.Id)", "table" => "Events", "join" => "Events.MonitorId = Monitors.Id", "group" => "Events.MonitorId" ),
             "MaxEventId" => array( "sql" => "max(Events.Id)", "table" => "Events", "join" => "Events.MonitorId = Monitors.Id", "group" => "Events.MonitorId" ),
             "TotalEvents" => array( "sql" => "count(Events.Id)", "table" => "Events", "join" => "Events.MonitorId = Monitors.Id", "group" => "Events.MonitorId" ),
-            "Status" => array( "zmu" => "-m ".$_REQUEST['id'][0]." -s" ),
-            "FrameRate" => array( "zmu" => "-m ".$_REQUEST['id'][0]." -f" ),
+            "Status" => array( "zmu" => "-m ".escapeshellarg($_REQUEST['id'][0])." -s" ),
+            "FrameRate" => array( "zmu" => "-m ".escapeshellarg($_REQUEST['id'][0])." -f" ),
         ),
     ),
     "events" => array(
@@ -174,7 +174,7 @@ function collectData()
 {
     global $statusData;
 
-    $entitySpec = &$statusData[strtolower($_REQUEST['entity'])];
+    $entitySpec = &$statusData[strtolower(validJsStr($_REQUEST['entity']))];
     #print_r( $entitySpec );
     if ( !canView( $entitySpec['permission'] ) )
     {
@@ -201,12 +201,12 @@ function collectData()
         if ( !isset($_REQUEST['id']) )
             $_REQUEST['id'] = array_keys( $id );
         else if ( !is_array($_REQUEST['id']) )
-            $_REQUEST['id'] = array( $_REQUEST['id'] );
+            $_REQUEST['id'] = array( validJsStr($_REQUEST['id']) );
 
         if ( !isset($_REQUEST['element']) )
             $_REQUEST['element'] = array_keys( $elements );
         else if ( !is_array($_REQUEST['element']) )
-            $_REQUEST['element'] = array( $_REQUEST['element'] );
+            $_REQUEST['element'] = array( validJsStr($_REQUEST['element']) );
 
         if ( isset($entitySpec['selector']) )
         {
@@ -220,7 +220,7 @@ function collectData()
         foreach ( $_REQUEST['element'] as $element )
         {
             if ( !($elementData = $lc_elements[strtolower($element)]) )
-                throwError( "Bad ".$_REQUEST['entity']." element ".$element );
+                throwError( "Bad ".validJsStr($_REQUEST['entity'])." element ".$element );
             if ( isset($elementData['func']) )
                 $data[$element] = eval( "return( ".$elementData['func']." );" );
             else if ( isset($elementData['postFunc']) )
@@ -324,9 +324,9 @@ switch( $_REQUEST['layout'] )
     case 'json' :
     {
         header("Content-type: text/plain" );
-        $response = array( 'result'=>'Ok', strtolower($_REQUEST['entity']) => $data );
+        $response = array( 'result'=>'Ok', strtolower(validJsStr($_REQUEST['entity'])) => $data );
         if ( isset($_REQUEST['loopback']) )
-            $response['loopback'] = $_REQUEST['loopback'];
+            $response['loopback'] = validJsStr($_REQUEST['loopback']);
         echo jsValue( $response );
         break;
     }
@@ -390,7 +390,7 @@ function getNearEvents()
     else
         $midSql = '';
 
-    $sql = "select E.Id as Id from Events as E inner join Monitors as M on E.MonitorId = M.Id where $sortColumn ".($sortOrder=='asc'?'<=':'>=')." '".$event[$_REQUEST['sort_field']]."'".$_REQUEST['filter']['sql'].$midSql." order by $sortColumn ".($sortOrder=='asc'?'desc':'asc');
+    $sql = "select E.Id as Id from Events as E inner join Monitors as M on E.MonitorId = M.Id where ".dbEscape($sortColumn)." ".($sortOrder=='asc'?'<=':'>=')." '".$event[$_REQUEST['sort_field']]."'".$_REQUEST['filter']['sql'].$midSql." order by $sortColumn ".($sortOrder=='asc'?'desc':'asc');
     $result = dbQuery( $sql );
     while ( $id = dbFetchNext( $result, 'Id' ) )
     {
diff --git a/web/ajax/stream.php b/web/ajax/stream.php
index e4b1d7cf1..48cb2b3c8 100644
--- a/web/ajax/stream.php
+++ b/web/ajax/stream.php
@@ -59,8 +59,8 @@ if ( !@socket_sendto( $socket, $msg, strlen($msg), 0, $remSockFile ) )
     return;
 }
 
-$rSockets   = array( $socket );
-$wSockets  = NULL;
+$rSockets = array( $socket );
+$wSockets = NULL;
 $eSockets = NULL;
 $numSockets = socket_select( $rSockets, $wSockets, $eSockets, MSG_TIMEOUT );
 
diff --git a/web/ajax/zone.php b/web/ajax/zone.php
index d17804b18..c481c7212 100644
--- a/web/ajax/zone.php
+++ b/web/ajax/zone.php
@@ -45,10 +45,10 @@ if ( $response['result'] != 'Error' )
                 $wd = getcwd();
                 chdir( ZM_DIR_IMAGES );
                 $hicolor = "0x00ff00";
-                $command = getZmuCommand( " -m ".$_REQUEST['mid']." -z" );
+                $command = getZmuCommand( " -m ".escapeshellcmd($_REQUEST['mid'])." -z" );
                 if ( !isset($_REQUEST['zid']) )
                     $_REQUEST['zid'] = 0;
-                $command .= '"'.$_REQUEST['zid'].' '.$hicolor.' '.$_REQUEST['coords'].'"';
+                $command .= '"'.escapeshellarg($_REQUEST['zid']).' '.$hicolor.' '.escapeshellarg($_REQUEST['coords']).'"';
                 $status = exec( escapeshellcmd( $command ) );
                 chdir( $wd );
 
@@ -78,7 +78,6 @@ if ( $response['result'] != 'Error' )
         $response['message'] = 'Unrecognised action or insufficient permissions';
 }
 
-
 echo jsValue( $response );
 
 ?>
diff --git a/web/includes/actions.php b/web/includes/actions.php
index e3f5a674e..e326e4ccc 100644
--- a/web/includes/actions.php
+++ b/web/includes/actions.php
@@ -25,45 +25,63 @@ function getAffectedIds( $name )
     if ( isset($_REQUEST[$names]) || isset($_REQUEST[$name]) )
     {
         if ( isset($_REQUEST[$names]) )
-            $ids = $_REQUEST[$names];
+            $ids = validInt($_REQUEST[$names]);
         else if ( isset($_REQUEST[$name]) )
-            $ids[] = $_REQUEST[$name];
+            $ids[] = validInt($_REQUEST[$name]);
     }
     return( $ids );
 }
 
-if ( !empty($_REQUEST['action']) )
+if ( !empty($action) )
 {
     // General scope actions
-    if ( $_REQUEST['action'] == "login" && $_REQUEST['username'] && ( ZM_AUTH_TYPE == "remote" || $_REQUEST['password'] ) )
+    if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) )
     {
-        userLogin( $_REQUEST['username'], $_REQUEST['password'] );
+        $username = validStr( $_REQUEST['username'] );
+        $password = isset($_REQUEST['password'])?validStr($_REQUEST['password']):'';
+        userLogin( $username, $password );
     }
-    elseif ( $_REQUEST['action'] == "logout" )
+    elseif ( $action == "logout" )
     {
         userLogout();
-        $GLOBALS['refreshParent'] = true;
-        $_REQUEST['view'] = 'none';
+        $refreshParent = true;
+        $view = 'none';
     }
-    elseif ( $_REQUEST['action'] == "bandwidth" && $_REQUEST['newBandwidth'] )
+    elseif ( $action == "bandwidth" && isset($_REQUEST['newBandwidth']) )
     {
-        $_COOKIE['zmBandwidth'] = $_REQUEST['newBandwidth'];
-        setcookie( "zmBandwidth", $_REQUEST['newBandwidth'], time()+3600*24*30*12*10 );
-        $GLOBALS['refreshParent'] = true;
+        $_COOKIE['zmBandwidth'] = validStr($_REQUEST['newBandwidth']);
+        setcookie( "zmBandwidth", validStr($_REQUEST['newBandwidth']), time()+3600*24*30*12*10 );
+        $refreshParent = true;
     }
 
     // Event scope actions, view permissions only required
     if ( canView( 'Events' ) )
     {
-        if ( $_REQUEST['action'] == "filter" )
+        if ( $action == "filter" )
         {
-            if ( $_REQUEST['subaction'] == "addterm" )
+            if ( isset($_REQUEST['subaction']) )
             {
-                $_REQUEST['filter'] = addFilterTerm( $_REQUEST['filter'], $_REQUEST['line'] );
+                if ( $_REQUEST['subaction'] == "addterm" )
+                    $_REQUEST['filter'] = addFilterTerm( $_REQUEST['filter'], $_REQUEST['line'] );
+                elseif ( $_REQUEST['subaction'] == "delterm" )
+                    $_REQUEST['filter'] = delFilterTerm( $_REQUEST['filter'], $_REQUEST['line'] );
             }
-            elseif ( $_REQUEST['subaction'] == "delterm" )
+            elseif ( canEdit( 'Events' ) )
             {
-                $_REQUEST['filter'] = delFilterTerm( $_REQUEST['filter'], $_REQUEST['line'] );
+                if ( !empty($_REQUEST['execute']) )
+                    $tempFilterName = "_TempFilter".time();
+                if ( $tempFilterName )
+                    $filterName = $tempFilterName;
+                elseif ( $newFilterName )
+                    $filterName = $newFilterName;
+                if ( !empty($filterName) )
+                {
+                    $_REQUEST['filter']['sort_field'] = validStr($_REQUEST['sort_field']);
+                    $_REQUEST['filter']['sort_asc'] .= validStr($_REQUEST['sort_asc']);
+                    $_REQUEST['filter']['limit'] = validInt($_REQUEST['limit']);
+                    dbQuery( "replace into Filters set Name = '".dbEscape($filterName)."', Query = '".dbEscape(serialize($_REQUEST['filter']))."', AutoArchive = '".dbEscape($_REQUEST['autoArchive'])."', AutoVideo = '".dbEscape($_REQUEST['autoVideo'])."', AutoUpload = '".dbEscape($_REQUEST['autoUpload'])."', AutoEmail = '".dbEscape($_REQUEST['autoEmail'])."', AutoMessage = '".dbEscape($_REQUEST['autoMessage'])."', AutoExecute = '".dbEscape($_REQUEST['autoExecute'])."', AutoExecuteCmd = '".dbEscape($_REQUEST['autoExecuteCmd'])."', AutoDelete = '".dbEscape($_REQUEST['autoDelete'])."', Background = '".dbEscape($_REQUEST['background'])."'" );
+                    $refreshParent = true;
+                }
             }
         }
     }
@@ -71,29 +89,29 @@ if ( !empty($_REQUEST['action']) )
     // Event scope actions, edit permissions required
     if ( canEdit( 'Events' ) )
     {
-        if ( $_REQUEST['action'] == "rename" && $_REQUEST['eventName'] && !empty($_REQUEST['eid']) )
+        if ( $action == "rename" && isset($_REQUEST['eventName']) && !empty($_REQUEST['eid']) )
         {
             dbQuery( "update Events set Name = '".dbEscape($_REQUEST['eventName'])."' where Id = '".dbEscape($_REQUEST['eid'])."'" );
         }
-        else if ( $_REQUEST['action'] == "eventdetail" )
+        else if ( $action == "eventdetail" )
         {
             if ( !empty($_REQUEST['eid']) )
             {
                 dbQuery( "update Events set Cause = '".dbEscape($_REQUEST['newEvent']['Cause'])."', Notes = '".dbEscape($_REQUEST['newEvent']['Notes'])."' where Id = '".dbEscape($_REQUEST['eid'])."'" );
-                $GLOBALS['refreshParent'] = true;
+                $refreshParent = true;
             }
             else
             {
                 foreach( getAffectedIds( 'markEid' ) as $markEid )
                 {
                     dbQuery( "update Events set Cause = '".dbEscape($_REQUEST['newEvent']['Cause'])."', Notes = '".dbEscape($_REQUEST['newEvent']['Notes'])."' where Id = '".dbEscape($markEid)."'" );
-                    $GLOBALS['refreshParent'] = true;
+                    $refreshParent = true;
                 }
             }
         }
-        elseif ( $_REQUEST['action'] == "archive" || $_REQUEST['action'] == "unarchive" )
+        elseif ( $action == "archive" || $action == "unarchive" )
         {
-            $archiveVal = ($_REQUEST['action'] == "archive")?1:0;
+            $archiveVal = ($action == "archive")?1:0;
             if ( !empty($_REQUEST['eid']) )
             {
                 dbQuery( "update Events set Archived = $archiveVal where Id = '".dbEscape($_REQUEST['eid'])."'" );
@@ -103,38 +121,21 @@ if ( !empty($_REQUEST['action']) )
                 foreach( getAffectedIds( 'markEid' ) as $markEid )
                 {
                     dbQuery( "update Events set Archived = $archiveVal where Id = '".dbEscape($markEid)."'" );
-                    $GLOBALS['refreshParent'] = true;
+                    $refreshParent = true;
                 }
             }
         }
-        elseif ( $_REQUEST['action'] == "filter" && empty($_REQUEST['subaction']) )
-        {
-            if ( !empty($_REQUEST['execute']) )
-                $tempFilterName = "_TempFilter".time();
-            if ( $tempFilterName )
-                $_REQUEST['filterName'] = $tempFilterName;
-            elseif ( $newFilterName )
-                $_REQUEST['filterName'] = $newFilterName;
-            if ( !empty($_REQUEST['filterName']) )
-            {
-                $_REQUEST['filter']['sort_field'] = $_REQUEST['sort_field'];
-                $_REQUEST['filter']['sort_asc'] .= $_REQUEST['sort_asc'];
-                $_REQUEST['filter']['limit'] = $_REQUEST['limit'];
-                dbQuery( "replace into Filters set Name = '".dbEscape($_REQUEST['filterName'])."', Query = '".dbEscape(serialize($_REQUEST['filter']))."', AutoArchive = '".dbEscape($_REQUEST['autoArchive'])."', AutoVideo = '".dbEscape($_REQUEST['autoVideo'])."', AutoUpload = '".dbEscape($_REQUEST['autoUpload'])."', AutoEmail = '".dbEscape($_REQUEST['autoEmail'])."', AutoMessage = '".dbEscape($_REQUEST['autoMessage'])."', AutoExecute = '".dbEscape($_REQUEST['autoExecute'])."', AutoExecuteCmd = '".dbEscape($_REQUEST['autoExecuteCmd'])."', AutoDelete = '".dbEscape($_REQUEST['autoDelete'])."', Background = '".dbEscape($_REQUEST['background'])."'" );
-                $GLOBALS['refreshParent'] = true;
-            }
-        }
-        elseif ( $_REQUEST['action'] == "delete" )
+        elseif ( $action == "delete" )
         {
             foreach( getAffectedIds( 'markEid' ) as $markEid )
             {
                 deleteEvent( $markEid );
-                $GLOBALS['refreshParent'] = true;
+                $refreshParent = true;
             }
             if ( !empty($_REQUEST['fid']) )
             {
-                dbQuery( "delete from Filters where Name = '".$_REQUEST['fid']."'" );
-                //$GLOBALS['refreshParent'] = true;
+                dbQuery( "delete from Filters where Name = '".dbEscape($_REQUEST['fid'])."'" );
+                //$refreshParent = true;
             }
         }
     }
@@ -142,18 +143,24 @@ if ( !empty($_REQUEST['action']) )
     // Monitor control actions, require a monitor id and control view permissions for that monitor
     if ( !empty($_REQUEST['mid']) && canView( 'Control', $_REQUEST['mid'] ) )
     {
-        if ( $_REQUEST['action'] == "control" )
+        $mid = validInt($_REQUEST['mid']);
+        if ( $action == "control" )
         {
-            $monitor = dbFetchOne( "select C.*,M.* from Monitors as M inner join Controls as C on (M.ControlId = C.Id) where M.Id = '".$_REQUEST['mid']."'" );
+            $control = validStr($_REQUEST['control']);
+
+            $monitor = dbFetchOne( "select C.*,M.* from Monitors as M inner join Controls as C on (M.ControlId = C.Id) where M.Id = '".dbEscape($mid)."'" );
 
             $ctrlCommand = ZM_PATH_BIN."/zmcontrol.pl";
 
             if ( isset($_REQUEST['x']) && isset($_REQUEST['y']) )
             {
-                if ( $_REQUEST['control'] == "moveMap" )
+                $x = validInt($_REQUEST['x']);
+                $y = validInt($_REQUEST['y']);
+                $scale = validInt($_REQUEST['scale']);
+                if ( $control == "moveMap" )
                 {
-                    $_REQUEST['x'] = deScale( $_REQUEST['x'], $_REQUEST['scale'] );
-                    $_REQUEST['y'] = deScale( $_REQUEST['y'], $_REQUEST['scale'] );
+                    $x = deScale( $x, $scale );
+                    $y = deScale( $y, $scale );
                     switch ( $monitor['Orientation'] )
                     {
                         case '0' :
@@ -172,42 +179,42 @@ if ( !empty($_REQUEST['action']) )
                     switch ( $monitor['Orientation'] )
                     {
                         case '90' :
-                            $tempY = $_REQUEST['y'];
-                            $_REQUEST['y'] = $height - $_REQUEST['x'];
-                            $_REQUEST['x'] = $tempY;
+                            $tempY = $y;
+                            $y = $height - $x;
+                            $x = $tempY;
                             break;
                         case '180' :
-                            $_REQUEST['x'] = $width - $_REQUEST['x'];
-                            $_REQUEST['y'] = $height - $_REQUEST['y'];
+                            $x = $width - $x;
+                            $y = $height - $y;
                             break;
                         case '270' :
-                            $tempX = $_REQUEST['x'];
-                            $_REQUEST['x'] = $width - $_REQUEST['y'];
-                            $_REQUEST['y'] = $tempX;
+                            $tempX = $x;
+                            $x = $width - $y;
+                            $y = $tempX;
                             break;
                         case 'hori' :
-                            $_REQUEST['x'] = $width - $_REQUEST['x'];
+                            $x = $width - $x;
                             break;
                         case 'vert' :
-                            $_REQUEST['y'] = $height - $_REQUEST['y'];
+                            $y = $height - $y;
                             break;
                     }
-                    $ctrlCommand .= " --xcoord=".$_REQUEST['x']." --ycoord=".$_REQUEST['y']." --width=".$width." --height=".$height;
+                    $ctrlCommand .= " --xcoord=".$x." --ycoord=".$y." --width=".$width." --height=".$height;
                 }
-                elseif ( $_REQUEST['control'] == "movePseudoMap" )
+                elseif ( $control == "movePseudoMap" )
                 {
-                    $_REQUEST['x'] = deScale( $_REQUEST['x'], $_REQUEST['scale'] );
-                    $_REQUEST['y'] = deScale( $_REQUEST['y'], $_REQUEST['scale'] );
+                    $x = deScale( $x, $scale );
+                    $y = deScale( $y, $scale );
                     
                     $halfWidth = $monitor['Width'] / 2;
                     $halfHeight = $monitor['Height'] / 2;
-                    $xFactor = ($_REQUEST['x'] - $halfWidth)/$halfWidth;
-                    $yFactor = ($_REQUEST['y'] - $halfHeight)/$halfHeight;
+                    $xFactor = ($x - $halfWidth)/$halfWidth;
+                    $yFactor = ($y - $halfHeight)/$halfHeight;
 
                     switch ( $monitor['Orientation'] )
                     {
                         case '90' :
-                            $tempYFactor = $_REQUEST['y'];
+                            $tempYFactor = $y;
                             $yFactor = -$xFactor;
                             $xFactor = $tempYFactor;
                             break;
@@ -216,7 +223,7 @@ if ( !empty($_REQUEST['action']) )
                             $yFactor = -$yFactor;
                             break;
                         case '270' :
-                            $tempXFactor = $_REQUEST['x'];
+                            $tempXFactor = $x;
                             $xFactor = -$yFactor;
                             $yFactor = $tempXFactor;
                             break;
@@ -254,11 +261,11 @@ if ( !empty($_REQUEST['action']) )
                     if ( !$dirn )
                     {
                         // No command, probably in blind spot in middle
-                        $_REQUEST['control'] = 'null';
+                        $control = 'null';
                     }
                     else
                     {
-                        $_REQUEST['control'] = 'moveRel'.$dirn;
+                        $control = 'moveRel'.$dirn;
                         $xFactor = abs($xFactor);
                         $yFactor = abs($yFactor);
 
@@ -312,20 +319,20 @@ if ( !empty($_REQUEST['action']) )
                         }
                     }
                 }
-                elseif ( $_REQUEST['control'] == "moveConMap" )
+                elseif ( $control == "moveConMap" )
                 {
-                    $_REQUEST['x'] = deScale( $_REQUEST['x'], $_REQUEST['scale'] );
-                    $_REQUEST['y'] = deScale( $_REQUEST['y'], $_REQUEST['scale'] );
+                    $x = deScale( $x, $scale );
+                    $y = deScale( $y, $scale );
                     
                     $halfWidth = $monitor['Width'] / 2;
                     $halfHeight = $monitor['Height'] / 2;
-                    $xFactor = ($_REQUEST['x'] - $halfWidth)/$halfWidth;
-                    $yFactor = ($_REQUEST['y'] - $halfHeight)/$halfHeight;
+                    $xFactor = ($x - $halfWidth)/$halfWidth;
+                    $yFactor = ($y - $halfHeight)/$halfHeight;
 
                     switch ( $monitor['Orientation'] )
                     {
                         case '90' :
-                            $tempYFactor = $_REQUEST['y'];
+                            $tempYFactor = $y;
                             $yFactor = -$xFactor;
                             $xFactor = $tempYFactor;
                             break;
@@ -334,7 +341,7 @@ if ( !empty($_REQUEST['action']) )
                             $yFactor = -$yFactor;
                             break;
                         case '270' :
-                            $tempXFactor = $_REQUEST['x'];
+                            $tempXFactor = $x;
                             $xFactor = -$yFactor;
                             $yFactor = $tempXFactor;
                             break;
@@ -373,11 +380,11 @@ if ( !empty($_REQUEST['action']) )
                     if ( !$dirn )
                     {
                         // No command, probably in blind spot in middle
-                        $_REQUEST['control'] = 'moveStop';
+                        $control = 'moveStop';
                     }
                     else
                     {
-                        $_REQUEST['control'] = 'moveCon'.$dirn;
+                        $control = 'moveCon'.$dirn;
                         $xFactor = abs($xFactor);
                         $yFactor = abs($yFactor);
 
@@ -446,7 +453,7 @@ if ( !empty($_REQUEST['action']) )
                     $shortX = 32;
                     $shortY = 32;
 
-                    if ( preg_match( '/^([a-z]+)([A-Z][a-z]+)([A-Z][a-z]+)$/', $_REQUEST['control'], $matches ) )
+                    if ( preg_match( '/^([a-z]+)([A-Z][a-z]+)([A-Z][a-z]+)$/', $control, $matches ) )
                     {
                         $command = $matches[1];
                         $mode = $matches[2];
@@ -460,12 +467,12 @@ if ( !empty($_REQUEST['action']) )
                                 {
                                     case 'Near' :
                                     {
-                                        $factor = ($longY-($_REQUEST['y']+1))/$longY;
+                                        $factor = ($longY-($y+1))/$longY;
                                         break;
                                     }
                                     case 'Far' :
                                     {
-                                        $factor = ($_REQUEST['y']+1)/$longY;
+                                        $factor = ($y+1)/$longY;
                                         break;
                                     }
                                 }
@@ -504,12 +511,12 @@ if ( !empty($_REQUEST['action']) )
                                 {
                                     case 'Tele' :
                                     {
-                                        $factor = ($longY-($_REQUEST['y']+1))/$longY;
+                                        $factor = ($longY-($y+1))/$longY;
                                         break;
                                     }
                                     case 'Wide' :
                                     {
-                                        $factor = ($_REQUEST['y']+1)/$longY;
+                                        $factor = ($y+1)/$longY;
                                         break;
                                     }
                                 }
@@ -548,12 +555,12 @@ if ( !empty($_REQUEST['action']) )
                                 {
                                     case 'Open' :
                                     {
-                                        $factor = ($longY-($_REQUEST['y']+1))/$longY;
+                                        $factor = ($longY-($y+1))/$longY;
                                         break;
                                     }
                                     case 'Close' :
                                     {
-                                        $factor = ($_REQUEST['y']+1)/$longY;
+                                        $factor = ($y+1)/$longY;
                                         break;
                                     }
                                 }
@@ -580,12 +587,12 @@ if ( !empty($_REQUEST['action']) )
                                 {
                                     case 'In' :
                                     {
-                                        $factor = ($longY-($_REQUEST['y']+1))/$longY;
+                                        $factor = ($longY-($y+1))/$longY;
                                         break;
                                     }
                                     case 'Out' :
                                     {
-                                        $factor = ($_REQUEST['y']+1)/$longY;
+                                        $factor = ($y+1)/$longY;
                                         break;
                                     }
                                 }
@@ -612,12 +619,12 @@ if ( !empty($_REQUEST['action']) )
                                 {
                                     case 'Up' :
                                     {
-                                        $factor = ($longY-($_REQUEST['y']+1))/$longY;
+                                        $factor = ($longY-($y+1))/$longY;
                                         break;
                                     }
                                     case 'Down' :
                                     {
-                                        $factor = ($_REQUEST['y']+1)/$longY;
+                                        $factor = ($y+1)/$longY;
                                         break;
                                     }
                                 }
@@ -645,19 +652,19 @@ if ( !empty($_REQUEST['action']) )
 
                                 if ( preg_match( '/^Up/', $dirn ) )
                                 {
-                                    $yFactor = ($shortY-($_REQUEST['y']+1))/$shortY;
+                                    $yFactor = ($shortY-($y+1))/$shortY;
                                 }
                                 elseif ( preg_match( '/^Down/', $dirn ) )
                                 {
-                                    $yFactor = ($_REQUEST['y']+1)/$shortY;
+                                    $yFactor = ($y+1)/$shortY;
                                 }
                                 if ( preg_match( '/Left$/', $dirn ) )
                                 {
-                                    $xFactor = ($shortX-($_REQUEST['x']+1))/$shortX;
+                                    $xFactor = ($shortX-($x+1))/$shortX;
                                 }
                                 elseif ( preg_match( '/Right$/', $dirn ) )
                                 {
-                                    $xFactor = ($_REQUEST['x']+1)/$shortX;
+                                    $xFactor = ($x+1)/$shortX;
                                 }
 
                                 if ( $monitor['Orientation'] != '0' )
@@ -715,7 +722,7 @@ if ( !empty($_REQUEST['action']) )
                                         ),
                                     );
                                     $newDirn = $conversions[$monitor['Orientation']][$dirn];
-                                    $_REQUEST['control'] = preg_replace( "/_$dirn\$/", "_$newDirn", $_REQUEST['control'] );
+                                    $control = preg_replace( "/_$dirn\$/", "_$newDirn", $control );
                                     $dirn = $newDirn;
                                 }
 
@@ -797,37 +804,35 @@ if ( !empty($_REQUEST['action']) )
             }
             else
             {
-                if ( preg_match( '/^presetGoto(\d+)$/', $_REQUEST['control'], $matches ) )
+                if ( preg_match( '/^presetGoto(\d+)$/', $control, $matches ) )
                 {
-                    $_REQUEST['control'] = 'presetGoto';
+                    $control = 'presetGoto';
                     $ctrlCommand .= " --preset=".$matches[1];
                 }
-                elseif ( $_REQUEST['control'] == "presetSet" )
+                elseif ( $control == "presetSet" )
                 {
                     if ( canEdit( 'Control' ) )
                     {
-                        $row = dbFetchOne( "select * from ControlPresets where MonitorId = '".$monitor['Id']."' and Preset = '".$preset."'" );
+                        $preset = validInt($_REQUEST['preset']);
+                        $newLabel = validJsStr($_REQUEST['newLabel']);
+                        $row = dbFetchOne( "select * from ControlPresets where MonitorId = '".$monitor['Id']."' and Preset = '".dbEscape($preset)."'" );
                         if ( $newLabel != $row['Label'] )
                         {
                             if ( $newLabel )
-                                $sql = "replace into ControlPresets ( MonitorId, Preset, Label ) values ( '".$monitor['Id']."', '".$preset."', '".dbEscape($newLabel)."' )";
+                                $sql = "replace into ControlPresets ( MonitorId, Preset, Label ) values ( '".$monitor['Id']."', '".dbEscape($preset)."', '".dbEscape($newLabel)."' )";
                             else
-                                $sql = "delete from ControlPresets where MonitorId = '".$monitor['Id']."' and Preset = '".$preset."'";
+                                $sql = "delete from ControlPresets where MonitorId = '".$monitor['Id']."' and Preset = '".dbEscape($preset)."'";
                             dbQuery( $sql );
-                            $GLOBALS['refreshParent'] = true;
+                            $refreshParent = true;
                         }
+                        $ctrlCommand .= " --preset=".$preset;
                     }
-                    $ctrlCommand .= " --preset=".$preset;
-                    $_REQUEST['view'] = 'none';
-                }
-                elseif ( $_REQUEST['control'] == "moveMap" )
-                {
-                    $ctrlCommand .= " --xcoord=".$_REQUEST['x']." --ycoord=".$_REQUEST['y'];
+                    $view = 'none';
                 }
             }
-            if ( $_REQUEST['control'] != 'null' )
+            if ( $control != 'null' )
             {
-                $ctrlCommand .= " --command=".$_REQUEST['control'];
+                $ctrlCommand .= " --command=".$control;
                 $socket = socket_create( AF_UNIX, SOCK_STREAM, 0 );
                 if ( $socket < 0 )
                 {
@@ -860,19 +865,19 @@ if ( !empty($_REQUEST['action']) )
                 }
             }
         }
-        elseif ( $_REQUEST['action'] == "settings" )
+        elseif ( $action == "settings" )
         {
-            $zmuCommand = getZmuCommand( " -m ".$_REQUEST['mid']." -B".$_REQUEST['newBrightness']." -C".$_REQUEST['newContrast']." -H".$_REQUEST['newHue']." -O".$_REQUEST['newColour'] );
+            $zmuCommand = getZmuCommand( " -m ".$mid." -B".$_REQUEST['newBrightness']." -C".$_REQUEST['newContrast']." -H".$_REQUEST['newHue']." -O".$_REQUEST['newColour'] );
             $zmuOutput = exec( escapeshellcmd( $zmuCommand ) );
             list( $brightness, $contrast, $hue, $colour ) = split( ' ', $zmuOutput );
-            dbQuery( "update Monitors set Brightness = '".$brightness."', Contrast = '".$contrast."', Hue = '".$hue."', Colour = '".$colour."' where Id = '".$_REQUEST['mid']."'" );
+            dbQuery( "update Monitors set Brightness = '".$brightness."', Contrast = '".$contrast."', Hue = '".$hue."', Colour = '".$colour."' where Id = '".$mid."'" );
         }
     }
 
     // Control capability actions, require control edit permissions
     if ( canEdit( 'Control' ) )
     {
-        if ( $_REQUEST['action'] == "controlcap" )
+        if ( $action == "controlcap" )
         {
             if ( !empty($_REQUEST['cid']) )
             {
@@ -903,17 +908,17 @@ if ( !empty($_REQUEST['action']) )
                 if ( !empty($_REQUEST['cid']) )
                 {
                     dbQuery( "update Controls set ".implode( ", ", $changes )." where Id = '".dbEscape($_REQUEST['cid'])."'" );
-                    $GLOBALS['refreshParent'] = true;
+                    $refreshParent = true;
                 }
                 else
                 {
                     dbQuery( "insert into Controls set ".implode( ", ", $changes ) );
                     //$_REQUEST['cid'] = dbInsertId();
                 }
-                $GLOBALS['refreshParent'] = true;
+                $refreshParent = true;
             }
         }
-        elseif ( $_REQUEST['action'] == "delete" )
+        elseif ( $action == "delete" )
         {
             if ( isset($_REQUEST['markCids']) )
             {
@@ -921,7 +926,7 @@ if ( !empty($_REQUEST['action']) )
                 {
                     dbQuery( "delete from Controls where Id = '".dbEscape($markCid)."'" );
                     dbQuery( "update Monitors set Controllable = 0, ControlId = 0 where ControlId = '".dbEscape($markCid)."'" );
-                    $GLOBALS['refreshParent'] = true;
+                    $refreshParent = true;
                 }
             }
         }
@@ -930,35 +935,39 @@ if ( !empty($_REQUEST['action']) )
     // Monitor edit actions, require a monitor id and edit permissions for that monitor
     if ( !empty($_REQUEST['mid']) && canEdit( 'Monitors', $_REQUEST['mid'] ) )
     {
-        if ( $_REQUEST['action'] == "function" )
+        $mid = validInt($_REQUEST['mid']);
+        if ( $action == "function" )
         {
-            $monitor = dbFetchOne( "select * from Monitors where Id = '".$_REQUEST['mid']."'" );
+            $monitor = dbFetchOne( "select * from Monitors where Id = '".$mid."'" );
 
+            $newFunction = validStr($_REQUEST['newFunction']);
+            $newEnabled = validStr($_REQUEST['newEnabled']);
             $oldFunction = $monitor['Function'];
             $oldEnabled = $monitor['Enabled'];
-            if ( $_REQUEST['newFunction'] != $oldFunction || $_REQUEST['newEnabled'] != $oldEnabled )
+            if ( $newFunction != $oldFunction || $newEnabled != $oldEnabled )
             {
-                dbQuery( "update Monitors set Function = '".dbEscape($_REQUEST['newFunction'])."', Enabled = '".$_REQUEST['newEnabled']."' where Id = '".dbEscape($_REQUEST['mid'])."'" );
+                dbQuery( "update Monitors set Function = '".dbEscape($newFunction)."', Enabled = '".$newEnabled."' where Id = '".$mid."'" );
 
-                $monitor['Function'] = $_REQUEST['newFunction'];
-                $monitor['Enabled'] = $_REQUEST['newEnabled'];
+                $monitor['Function'] = $newFunction;
+                $monitor['Enabled'] = $newEnabled;
                 //if ( $cookies ) session_write_close();
                 if ( daemonCheck() )
                 {
-                    $GLOBALS['restart'] = ($oldFunction == 'None') || ($_REQUEST['newFunction'] == 'None') || ($_REQUEST['newEnabled'] != $oldEnabled);
-                    zmcControl( $monitor, $GLOBALS['restart']?"restart":"" );
+                    $restart = ($oldFunction == 'None') || ($newFunction == 'None') || ($newEnabled != $oldEnabled);
+                    zmcControl( $monitor, $restart?"restart":"" );
                     zmaControl( $monitor, "reload" );
                 }
-                $GLOBALS['refreshParent'] = true;
+                $refreshParent = true;
             }
         }
-        elseif ( $_REQUEST['action'] == "zone" && isset( $_REQUEST['zid'] ) )
+        elseif ( $action == "zone" && isset( $_REQUEST['zid'] ) )
         {
-            $monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($_REQUEST['mid'])."'" );
+            $zid = validInt($_REQUEST['zid']);
+            $monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($mid)."'" );
 
-            if ( !empty($_REQUEST['zid']) )
+            if ( !empty($zid) )
             {
-                $zone = dbFetchOne( "select * from Zones where MonitorId = '".dbEscape($_REQUEST['mid'])."' and Id = '".dbEscape($_REQUEST['zid'])."'" );
+                $zone = dbFetchOne( "select * from Zones where MonitorId = '".dbEscape($mid)."' and Id = '".dbEscape($zid)."'" );
             }
             else
             {
@@ -985,43 +994,44 @@ if ( !empty($_REQUEST['action']) )
 
             if ( count( $changes ) )
             {
-                if ( $_REQUEST['zid'] > 0 )
+                if ( $zid > 0 )
                 {
-                    $sql = "update Zones set ".implode( ", ", $changes )." where MonitorId = '".dbEscape($_REQUEST['mid'])."' and Id = '".dbEscape($_REQUEST['zid'])."'";
+                    $sql = "update Zones set ".implode( ", ", $changes )." where MonitorId = '".dbEscape($mid)."' and Id = '".dbEscape($zid)."'";
                 }
                 else
                 {
-                    $sql = "insert into Zones set MonitorId = '".dbEscape($_REQUEST['mid'])."', ".implode( ", ", $changes );
+                    $sql = "insert into Zones set MonitorId = '".dbEscape($mid)."', ".implode( ", ", $changes );
                 }
                 dbQuery( $sql );
                 //if ( $cookies ) session_write_close();
                 if ( daemonCheck() )
                 {
-                    zmaControl( $_REQUEST['mid'], "restart" );
+                    zmaControl( $mid, "restart" );
                 }
-                $GLOBALS['refreshParent'] = true;
+                $refreshParent = true;
             }
-            $_REQUEST['view'] = 'none';
+            $view = 'none';
         }
-        elseif ( $_REQUEST['action'] == "sequence" && isset($_REQUEST['smid']) )
+        elseif ( $action == "sequence" && isset($_REQUEST['smid']) )
         {
-            $monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($_REQUEST['mid'])."'" );
-            $smonitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($_REQUEST['smid'])."'" );
+            $smid = validInt($_REQUEST['smid']);
+            $monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($mid)."'" );
+            $smonitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($smid)."'" );
 
             dbQuery( "update Monitors set Sequence = '".$smonitor['Sequence']."' where Id = '".$monitor['Id']."'" );
             dbQuery( "update Monitors set Sequence = '".$monitor['Sequence']."' where Id = '".$smonitor['Id']."'" );
 
-            $GLOBALS['refreshParent'] = true;
+            $refreshParent = true;
             fixSequences();
         }
-        if ( $_REQUEST['action'] == "delete" )
+        if ( $action == "delete" )
         {
             if ( isset($_REQUEST['markZids']) )
             {
                 $deletedZid = 0;
                 foreach( $_REQUEST['markZids'] as $markZid )
                 {
-                    dbQuery( "delete from Zones where MonitorId = '".dbEscape($_REQUEST['mid'])."' && Id = '".dbEscape($markZid)."'" );
+                    dbQuery( "delete from Zones where MonitorId = '".dbEscape($mid)."' && Id = '".dbEscape($markZid)."'" );
                     $deletedZid = 1;
                 }
                 if ( $deletedZid )
@@ -1029,8 +1039,8 @@ if ( !empty($_REQUEST['action']) )
                     //if ( $cookies )
                         //session_write_close();
                     if ( daemonCheck() )
-                        zmaControl( $_REQUEST['mid'], "restart" );
-                    $GLOBALS['refreshParent'] = true;
+                        zmaControl( $mid, "restart" );
+                    $refreshParent = true;
                 }
             }
         }
@@ -1039,15 +1049,16 @@ if ( !empty($_REQUEST['action']) )
     // Monitor edit actions, monitor id derived, require edit permissions for that monitor
     if ( canEdit( 'Monitors' ) )
     {
-        if ( $_REQUEST['action'] == "monitor" )
+        if ( $action == "monitor" )
         {
             if ( !empty($_REQUEST['mid']) )
             {
-                $monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($_REQUEST['mid'])."'" );
+                $mid = validInt($_REQUEST['mid']);
+                $monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($mid)."'" );
 
                 if ( ZM_OPT_X10 )
                 {
-                    $x10Monitor = dbFetchOne( "select * from TriggersX10 where MonitorId = '".dbEscape($_REQUEST['mid'])."'" );
+                    $x10Monitor = dbFetchOne( "select * from TriggersX10 where MonitorId = '".dbEscape($mid)."'" );
                     if ( !$x10Monitor )
                         $x10Monitor = array();
                 }
@@ -1075,7 +1086,8 @@ if ( !empty($_REQUEST['action']) )
             {
                 if ( !empty($_REQUEST['mid']) )
                 {
-                    $sql = "update Monitors set ".implode( ", ", $changes )." where Id = '".dbEscape($_REQUEST['mid'])."'";
+                    $mid = validInt($_REQUEST['mid']);
+                    $sql = "update Monitors set ".implode( ", ", $changes )." where Id = '".dbEscape($mid)."'";
                     dbQuery( $sql );
                     if ( $changes['Name'] )
                     {
@@ -1090,7 +1102,7 @@ if ( !empty($_REQUEST['action']) )
                         $oldH = $monitor['Height'];
                         $oldA = $oldW * $oldH;
 
-                        $zones = dbFetchAll( "select * from Zones where MonitorId = '".dbEscape($_REQUEST['mid'])."'" );
+                        $zones = dbFetchAll( "select * from Zones where MonitorId = '".dbEscape($mid)."'" );
                         foreach ( $zones as $zone )
                         {
                             $newZone = $zone;
@@ -1113,7 +1125,7 @@ if ( !empty($_REQUEST['action']) )
 
                             if ( count( $changes ) )
                             {
-                                dbQuery( "update Zones set ".implode( ", ", $changes )." where MonitorId = '".dbEscape($_REQUEST['mid'])."' and Id = '".$zone['Id']."'" );
+                                dbQuery( "update Zones set ".implode( ", ", $changes )." where MonitorId = '".dbEscape($mid)."' and Id = '".$zone['Id']."'" );
                             }
                         }
                     }
@@ -1124,14 +1136,14 @@ if ( !empty($_REQUEST['action']) )
                     $changes[] = "Sequence = ".($maxSeq+1);
 
                     dbQuery( "insert into Monitors set ".implode( ", ", $changes ) );
-                    $_REQUEST['mid'] = dbInsertId();
+                    $mid = dbInsertId();
                     $zoneArea = $_REQUEST['newMonitor']['Width'] * $_REQUEST['newMonitor']['Height'];
-                    dbQuery( "insert into Zones set MonitorId = ".dbEscape($_REQUEST['mid']).", Name = 'All', Type = 'Active', Units = 'Percent', NumCoords = 4, Coords = '".sprintf( "%d,%d %d,%d %d,%d %d,%d", 0, 0, $_REQUEST['newMonitor']['Width']-1, 0, $_REQUEST['newMonitor']['Width']-1, $_REQUEST['newMonitor']['Height']-1, 0, $_REQUEST['newMonitor']['Height']-1 )."', Area = ".$zoneArea.", AlarmRGB = 0xff0000, CheckMethod = 'Blobs', MinPixelThreshold = 25, MinAlarmPixels = ".intval(($zoneArea*3)/100).", MaxAlarmPixels = ".intval(($zoneArea*75)/100).", FilterX = 3, FilterY = 3, MinFilterPixels = ".intval(($zoneArea*3)/100).", MaxFilterPixels = ".intval(($zoneArea*75)/100).", MinBlobPixels = ".intval(($zoneArea*2)/100).", MinBlobs = 1" );
-                    //$_REQUEST['view'] = 'none';
-                    mkdir( ZM_DIR_EVENTS.'/'.$_REQUEST['mid'], 0755 );
-                    symlink( $_REQUEST['mid'], ZM_DIR_EVENTS.'/'.$_REQUEST['newMonitor']['Name'] );
+                    dbQuery( "insert into Zones set MonitorId = ".dbEscape($mid).", Name = 'All', Type = 'Active', Units = 'Percent', NumCoords = 4, Coords = '".sprintf( "%d,%d %d,%d %d,%d %d,%d", 0, 0, $_REQUEST['newMonitor']['Width']-1, 0, $_REQUEST['newMonitor']['Width']-1, $_REQUEST['newMonitor']['Height']-1, 0, $_REQUEST['newMonitor']['Height']-1 )."', Area = ".$zoneArea.", AlarmRGB = 0xff0000, CheckMethod = 'Blobs', MinPixelThreshold = 25, MinAlarmPixels = ".intval(($zoneArea*3)/100).", MaxAlarmPixels = ".intval(($zoneArea*75)/100).", FilterX = 3, FilterY = 3, MinFilterPixels = ".intval(($zoneArea*3)/100).", MaxFilterPixels = ".intval(($zoneArea*75)/100).", MinBlobPixels = ".intval(($zoneArea*2)/100).", MinBlobs = 1" );
+                    //$view = 'none';
+                    mkdir( ZM_DIR_EVENTS.'/'.$mid, 0755 );
+                    symlink( $mid, ZM_DIR_EVENTS.'/'.$_REQUEST['newMonitor']['Name'] );
                 }
-                $GLOBALS['restart'] = true;
+                $restart = true;
             }
 
             if ( ZM_OPT_X10 )
@@ -1155,11 +1167,11 @@ if ( !empty($_REQUEST['action']) )
                             dbQuery( "delete from TriggersX10 where MonitorId = '".dbEscape($_REQUEST['mid'])."'" );
                         }
                     }
-                    $GLOBALS['restart'] = true;
+                    $restart = true;
                 }
             }
 
-            if ( $GLOBALS['restart'] )
+            if ( $restart )
             {
                 $monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($_REQUEST['mid'])."'" );
                 fixDevices();
@@ -1171,11 +1183,11 @@ if ( !empty($_REQUEST['action']) )
                     zmaControl( $monitor, "restart" );
                 }
                 //daemonControl( 'restart', 'zmwatch.pl' );
-                $GLOBALS['refreshParent'] = true;
+                $refreshParent = true;
             }
-            $_REQUEST['view'] = 'none';
+            $view = 'none';
         }
-        if ( $_REQUEST['action'] == "delete" )
+        if ( $action == "delete" )
         {
             if ( isset($_REQUEST['markMids']) && !$user['MonitorIds'] )
             {
@@ -1213,7 +1225,7 @@ if ( !empty($_REQUEST['action']) )
     // Device view actions
     if ( canEdit( 'Devices' ) )
     {
-        if ( $_REQUEST['action'] == "device" )
+        if ( $action == "device" )
         {
             if ( !empty($_REQUEST['command']) )
             {
@@ -1229,18 +1241,18 @@ if ( !empty($_REQUEST['action']) )
                 {
                     dbQuery( "insert into Devices set Name = '".dbEscape($_REQUEST['newDevice']['Name'])."', KeyString = '".dbEscape($_REQUEST['newDevice']['KeyString'])."'" );
                 }
-                $GLOBALS['refreshParent'] = true;
-                $_REQUEST['view'] = 'none';
+                $refreshParent = true;
+                $view = 'none';
             }
         }
-        elseif ( $_REQUEST['action'] == "delete" )
+        elseif ( $action == "delete" )
         {
             if ( isset($_REQUEST['markDids']) )
             {
                 foreach( $_REQUEST['markDids'] as $markDid )
                 {
                     dbQuery( "delete from Devices where Id = '".dbEscape($markDid)."'" );
-                    $GLOBALS['refreshParent'] = true;
+                    $refreshParent = true;
                 }
             }
         }
@@ -1249,24 +1261,24 @@ if ( !empty($_REQUEST['action']) )
     // System view actions
     if ( canView( 'System' ) )
     {
-        if ( $_REQUEST['action'] == "setgroup" )
+        if ( $action == "setgroup" )
         {
             if ( !empty($_REQUEST['gid']) )
             {
-                setcookie( "zmGroup", $_REQUEST['gid'], time()+3600*24*30*12*10 );
+                setcookie( "zmGroup", validInt($_REQUEST['gid']), time()+3600*24*30*12*10 );
             }
             else
             {
                 setcookie( "zmGroup", "", time()-3600*24*2 );
             }
-            $GLOBALS['refreshParent'] = true;
+            $refreshParent = true;
         }
     }
 
     // System edit actions
     if ( canEdit( 'System' ) )
     {
-        if ( $_REQUEST['action'] == "version" && isset($option) )
+        if ( $action == "version" && isset($option) )
         {
             switch( $option )
             {
@@ -1307,7 +1319,7 @@ if ( !empty($_REQUEST['action']) )
                 }
             }
         }
-        if ( $_REQUEST['action'] == "donate" && isset($option) )
+        if ( $action == "donate" && isset($option) )
         {
             switch( $option )
             {
@@ -1349,7 +1361,7 @@ if ( !empty($_REQUEST['action']) )
                 }
             }
         }
-        if ( $_REQUEST['action'] == "options" && isset( $_REQUEST['tab'] ) )
+        if ( $action == "options" && isset( $_REQUEST['tab'] ) )
         {
             $configCat = $configCats[$_REQUEST['tab']];
             $changed = false;
@@ -1374,7 +1386,7 @@ if ( !empty($_REQUEST['action']) )
                     case "system" :
                     case "config" :
                     case "paths" :
-                        $GLOBALS['restart'] = true;
+                        $restart = true;
                         break;
                     case "web" :
                     case "tools" :
@@ -1383,7 +1395,7 @@ if ( !empty($_REQUEST['action']) )
                     case "network" :
                     case "mail" :
                     case "ftp" :
-                        $GLOBALS['restart'] = true;
+                        $restart = true;
                         break;
                     case "highband" :
                     case "medband" :
@@ -1394,7 +1406,7 @@ if ( !empty($_REQUEST['action']) )
             }
             loadConfig( false );
         }
-        elseif ( $_REQUEST['action'] == "user" )
+        elseif ( $action == "user" )
         {
             if ( !empty($_REQUEST['uid']) )
                 $dbUser = dbFetchOne( "select * from Users where Id = '".dbEscape($_REQUEST['uid'])."'" );
@@ -1420,22 +1432,22 @@ if ( !empty($_REQUEST['action']) )
                     $sql = "insert into Users set ".implode( ", ", $changes );
                 }
                 dbQuery( $sql );
-                $GLOBALS['refreshParent'] = true;
+                $refreshParent = true;
                 if ( $dbUser['Username'] == $user['Username'] )
                     userLogin( $dbUser['Username'], $dbUser['Password'] );
             }
-            $_REQUEST['view'] = 'none';
+            $view = 'none';
         }
-        elseif ( $_REQUEST['action'] == "state" )
+        elseif ( $action == "state" )
         {
             if ( !empty($_REQUEST['runState']) )
             {
                 //if ( $cookies ) session_write_close();
                 packageControl( $_REQUEST['runState'] );
-                $GLOBALS['refreshParent'] = true;
+                $refreshParent = true;
             }
         }
-        elseif ( $_REQUEST['action'] == "save" )
+        elseif ( $action == "save" )
         {
             if ( !empty($_REQUEST['runState']) || !empty($_REQUEST['newState']) )
             {
@@ -1451,7 +1463,7 @@ if ( !empty($_REQUEST['action']) )
                 dbQuery( "replace into States set Name = '".dbEscape($_REQUEST['runState'])."', Definition = '".dbEscape($definition)."'" );
             }
         }
-        elseif ( $_REQUEST['action'] == "group" )
+        elseif ( $action == "group" )
         {
             if ( !empty($_REQUEST['gid']) )
             {
@@ -1462,10 +1474,10 @@ if ( !empty($_REQUEST['action']) )
                 $sql = "insert into Groups set Name = '".dbEscape($_REQUEST['newGroup']['Name'])."', MonitorIds = '".dbEscape(join(',',$_REQUEST['newGroup']['MonitorIds']))."'";
             }
             dbQuery( $sql );
-            $GLOBALS['refreshParent'] = true;
-            $_REQUEST['view'] = 'none';
+            $refreshParent = true;
+            $view = 'none';
         }
-        elseif ( $_REQUEST['action'] == "delete" )
+        elseif ( $action == "delete" )
         {
             if ( isset($_REQUEST['runState']) )
                 dbQuery( "delete from States where Name = '".dbEscape($_REQUEST['runState'])."'" );
@@ -1484,14 +1496,14 @@ if ( !empty($_REQUEST['action']) )
                 {
                     unset( $_COOKIE['zmGroup'] );
                     setcookie( "zmGroup", "", time()-3600*24*2 );
-                    $GLOBALS['refreshParent'] = true;
+                    $refreshParent = true;
                 }
             }
         }
     }
     else
     {
-        if ( ZM_USER_SELF_EDIT && $_REQUEST['action'] == "user" )
+        if ( ZM_USER_SELF_EDIT && $action == "user" )
         {
             $uid = $user['Id'];
 
@@ -1500,21 +1512,21 @@ if ( !empty($_REQUEST['action']) )
             $types = array();
             $changes = getFormChanges( $dbUser, $_REQUEST['newUser'], $types );
 
-            if ( $_REQUEST['newUser']['Password'] )
-                $changes['Password'] = "Password = password('".$_REQUEST['newUser']['Password']."')";
+            if ( !empty($_REQUEST['newUser']['Password']) )
+                $changes['Password'] = "Password = password('".dbEscape($_REQUEST['newUser']['Password'])."')";
             else
                 unset( $changes['Password'] );
             if ( count( $changes ) )
             {
                 $sql = "update Users set ".implode( ", ", $changes )." where Id = '".dbEscape($uid)."'";
                 dbQuery( $sql );
-                $GLOBALS['refreshParent'] = true;
+                $refreshParent = true;
             }
-            $_REQUEST['view'] = 'none';
+            $view = 'none';
         }
     }
 
-    if ( $_REQUEST['action'] == "reset" )
+    if ( $action == "reset" )
     {
         $_SESSION['zmEventResetTime'] = strftime( STRF_FMT_DATETIME_DB );
         setcookie( "zmEventResetTime", $_SESSION['zmEventResetTime'], time()+3600*24*30*12*10 );
diff --git a/web/includes/functions.php b/web/includes/functions.php
index 2a8a80f60..3a1bedb3d 100644
--- a/web/includes/functions.php
+++ b/web/includes/functions.php
@@ -37,16 +37,16 @@ function userLogin( $username, $password="" )
         global $_SESSION, $_SERVER;
     }
 
-    $db_username = dbEscape($username);
-    $db_password = dbEscape($password);
+    $dbUsername = dbEscape($username);
+    $dbPassword = dbEscape($password);
 
     if ( ZM_AUTH_TYPE == "builtin" )
     {
-        $sql = "select * from Users where Username = '$db_username' and Password = password('$db_password') and Enabled = 1";
+        $sql = "select * from Users where Username = '$dbUsername' and Password = password('$dbPassword') and Enabled = 1";
     }
     else
     {
-        $sql = "select * from Users where Username = '$db_username' and Enabled = 1";
+        $sql = "select * from Users where Username = '$dbUsername' and Enabled = 1";
     }
     $_SESSION['username'] = $username;
     if ( ZM_AUTH_RELAY == "plain" )
@@ -54,13 +54,13 @@ function userLogin( $username, $password="" )
         // Need to save this in session
         $_SESSION['password'] = $password;
     }
-    $_SESSION['remote_addr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking
-    if ( $db_user = dbFetchOne( $sql ) )
+    $_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking
+    if ( $dbUser = dbFetchOne( $sql ) )
     {
-        $_SESSION['user'] = $user = $db_user;
+        $_SESSION['user'] = $user = $dbUser;
         if ( ZM_AUTH_TYPE == "builtin" )
         {
-            $_SESSION['password_hash'] = $user['Password'];
+            $_SESSION['passwordHash'] = $user['Password'];
         }
     }
     else
@@ -94,7 +94,7 @@ function noCacheHeaders()
     header("Pragma: no-cache");         // HTTP/1.0
 }
 
-function authHash( $use_remote_addr )
+function authHash( $useRemoteAddr )
 {
     if ( version_compare( phpversion(), "4.1.0", "<") )
     {
@@ -104,15 +104,15 @@ function authHash( $use_remote_addr )
     if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == "hashed" )
     {
         $time = localtime();
-        if ( $use_remote_addr )
+        if ( $useRemoteAddr )
         {
-            $auth_key = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['password_hash'].$_SESSION['remote_addr'].$time[2].$time[3].$time[4].$time[5];
+            $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5];
         }
         else
         {
-            $auth_key = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['password_hash'].$time[2].$time[3].$time[4].$time[5];
+            $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$time[2].$time[3].$time[4].$time[5];
         }
-        $auth = md5( $auth_key );
+        $auth = md5( $authKey );
     }
     else
     {
@@ -199,7 +199,7 @@ function outputVideoStream( $id, $src, $width, $height, $format, $title="" )
                 if ( isWindows() )
                 {
 ?>
-<object id="<?= $id ?>" width="<?= $width ?>" height="<?= $height ?>"
+<object id="<?= $id ?>" width="<?= validNum($width) ?>" height="<?= validNum($height) ?>"
 classid="CLSID:22D6F312-B0F6-11D0-94AB-0080C74C7E95"
 codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=6,0,02,902"
 standby="Loading Microsoft Windows Media Player components..."
@@ -210,9 +210,9 @@ type="<?= $mimeType ?>">
 <embed type="<?= $mimeType ?>"
 pluginspage="http://www.microsoft.com/Windows/MediaPlayer/"
 src="<?= $src ?>"
-name="<?= $title ?>"
-width="<?= $width ?>"
-height="<?= $height ?>"
+name="<?= validHtmlStr($title) ?>"
+width="<?= validNum($width) ?>"
+height="<?= validInt($height) ?>"
 autostart="1"
 showcontrols="0">
 </embed>
@@ -235,9 +235,9 @@ type="<?= $mimeType ?>">
 <embed type="<?= $mimeType ?>"
 src="<?= $src ?>"
 pluginspage="http://www.apple.com/quicktime/download/"
-name="<?= $title ?>"
-width="<?= $width ?>"
-height="<?= $height ?>"
+name="<?= validhtmlStr($title) ?>"
+width="<?= validInt($width) ?>"
+height="<?= validInt($height) ?>"
 autoplay="true"
 controller="true"
 </embed>
@@ -259,9 +259,9 @@ type="<?= $mimeType ?>">
 <embed type="<?= $mimeType ?>"
 pluginspage="http://www.macromedia.com/go/getflashplayer"
 src="<?= $src ?>"
-width="<?= $width ?>"
-height="<?= $height ?>"
-name="<?= $title ?>"
+name="<?= validHtmlStr($title) ?>"
+width="<?= validInt($width) ?>"
+height="<?= validInt($height) ?>"
 quality="high"
 bgcolor="#ffffff"
 </embed>
@@ -277,9 +277,9 @@ bgcolor="#ffffff"
 ?>
 <embed<?= isset($mimeType)?(' type="'.$mimeType.'"'):"" ?> 
 src="<?= $src ?>"
-width="<?= $width ?>"
-height="<?= $height ?>"
-name="<?= $title ?>"
+name="<?= validHtmlStr($title) ?>"
+width="<?= validInt($width) ?>"
+height="<?= validInt($height) ?>"
 autostart="1"
 autoplay="1"
 showcontrols="0"
@@ -293,11 +293,11 @@ function outputImageStream( $id, $src, $width, $height, $title="" )
 {
    if ( canStreamIframe() ) {
 ?>
-<iframe id="<?= $id ?>" src="<?= $src ?>" alt="<?= $title ?>" width="<?= $width ?>" height="<?= $height ?>"/>
+<iframe id="<?= $id ?>" src="<?= $src ?>" alt="<?= validHtmlStr($title) ?>" width="<?= $width ?>" height="<?= $height ?>"/>
 <?php
    } else {
 ?>
-<img id="<?= $id ?>" src="<?= $src ?>" alt="<?= $title ?>" width="<?= $width ?>" height="<?= $height ?>"/>
+<img id="<?= $id ?>" src="<?= $src ?>" alt="<?= validHtmlStr($title) ?>" width="<?= $width ?>" height="<?= $height ?>"/>
 <?php
    }
 }
@@ -469,10 +469,10 @@ function deleteEvent( $eid, $mid=false )
                     $eventPath = preg_replace( "/\.$eid$/", readlink($id_files[0]), $id_files[0] );
                 system( escapeshellcmd( "rm -rf ".$eventPath ) );
                 unlink( $id_files[0] );
-                $path_parts = explode(  '/', $eventPath );
-                for ( $i = count($path_parts)-1; $i >= 2; $i-- )
+                $pathParts = explode(  '/', $eventPath );
+                for ( $i = count($pathParts)-1; $i >= 2; $i-- )
                 {
-                    $deletePath = join( '/', array_slice( $path_parts, 0, $i ) );
+                    $deletePath = join( '/', array_slice( $pathParts, 0, $i ) );
                     if ( !glob( $deletePath."/*" ) )
                     {
                         system( escapeshellcmd( "rm -rf ".$deletePath ) );
@@ -592,7 +592,7 @@ function buildSelect( $name, $contents, $behaviours=false )
     foreach ( $contents as $contentValue => $contentText )
     {
 ?>
-<option value="<?= $contentValue ?>"<?php if ( $value == $contentValue ) { ?> selected="selected"<? } ?>><?= htmlentities($contentText) ?></option>
+<option value="<?= $contentValue ?>"<?php if ( $value == $contentValue ) { ?> selected="selected"<? } ?>><?= validHtmlStr($contentText) ?></option>
 <?php
     }
 ?>
@@ -865,7 +865,7 @@ function zmaControl( $monitor, $mode=false )
 {
     if ( !is_array( $monitor ) )
     {
-        $sql = "select Id,Function,Enabled from Monitors where Id = '$monitor'";
+        $sql = "select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = '".dbEscape($monitor)."'";
         $monitor = dbFetchOne( $sql );
     }
     switch ( $monitor['Function'] )
@@ -1126,13 +1126,13 @@ function createVideo( $event, $format, $rate, $scale, $overwrite=false )
             $command .= " -s ".sprintf( "%.2f", ($scale/SCALE_BASE) );
     if ( $overwrite )
         $command .= " -o";
-    $result = exec( $command, $output, $status );
+    $result = exec( escapeshellcmd( $command ), $output, $status );
     return( $status?"":rtrim($result) );
 }
 
 function executeFilter( $filter )
 {
-    $command = ZM_PATH_BIN."/zmfilter.pl --filter ".$filter;
+    $command = ZM_PATH_BIN."/zmfilter.pl --filter ".escapeshellarg($filter);
     $result = exec( $command, $output, $status );
     dbQuery( "delete from Filters where Name like '_TempFilter%'" );
     return( $status );
@@ -1228,13 +1228,13 @@ function parseSort( $saveToSession=false, $querySep='&' )
     $sortOrder = $_REQUEST['sort_asc']?"asc":"desc";
     if ( !$_REQUEST['sort_asc'] )
         $_REQUEST['sort_asc'] = 0;
-    $sortQuery = $querySep."sort_field=".$_REQUEST['sort_field'].$querySep."sort_asc=".$_REQUEST['sort_asc'];
+    $sortQuery = $querySep."sort_field=".validHtmlStr($_REQUEST['sort_field']).$querySep."sort_asc=".validHtmlStr($_REQUEST['sort_asc']);
     if ( !isset($_REQUEST['limit']) )
         $_REQUEST['limit'] = "";
     if ( $saveToSession )
     {
-        $_SESSION['sort_field'] = $_REQUEST['sort_field'];
-        $_SESSION['sort_asc'] = $_REQUEST['sort_asc'];
+        $_SESSION['sort_field'] = validHtmlStr($_REQUEST['sort_field']);
+        $_SESSION['sort_asc'] = validHtmlStr($_REQUEST['sort_asc']);
     }
 }
 
@@ -1256,7 +1256,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
             if ( isset($filter['terms'][$i]['cnj']) )
             {
                 $filter['query'] .= $querySep."filter[terms][$i][cnj]=".urlencode($filter['terms'][$i]['cnj']);
-                $filter['sql'] .= " ".$filter['terms'][$i]['cnj']." ";
+                $filter['sql'] .= " ".dbEscape($filter['terms'][$i]['cnj'])." ";
                 $filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][$i][cnj]\" value=\"".htmlspecialchars($filter['terms'][$i]['cnj'])."\"/>\n";
             }
             if ( isset($filter['terms'][$i]['obr']) )
@@ -1272,7 +1272,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
                 switch ( $filter['terms'][$i]['attr'] )
                 {
                     case 'MonitorName':
-                        $filter['sql'] .= 'M.'.preg_replace( '/^Monitor/', '', $filter['terms'][$i]['attr'] );
+                        $filter['sql'] .= 'M.'.dbEscape(preg_replace( '/^Monitor/', '', $filter['terms'][$i]['attr'] ));
                         break;
                     case 'DateTime':
                         $filter['sql'] .= "E.StartTime";
@@ -1298,7 +1298,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
                     case 'Cause':
                     case 'Notes':
                     case 'Archived':
-                        $filter['sql'] .= "E.".$filter['terms'][$i]['attr'];
+                        $filter['sql'] .= "E.".dbEscape($filter['terms'][$i]['attr']);
                         break;
                     case 'DiskPercent':
                         $filter['sql'] .= getDiskPercent();
@@ -1310,7 +1310,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
                         $filter['sql'] .= getLoad();
                         break;
                 }
-                $value_list = array();
+                $valueList = array();
                 foreach ( preg_split( '/["\'\s]*?,["\'\s]*?/', preg_replace( '/^["\']+?(.+)["\']+?$/', '$1', $filter['terms'][$i]['val'] ) ) as $value )
                 {
                     switch ( $filter['terms'][$i]['attr'] )
@@ -1330,8 +1330,11 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
                         case 'Time':
                             $value = "extract( hour_second from '".strftime( STRF_FMT_DATETIME_DB, strtotime( $value ) )."' )";
                             break;
+                        default :
+                            $value = dbEscape($value);
+                            break;
                     }
-                    $value_list[] = $value;
+                    $valueList[] = $value;
                 }
 
                 switch ( $filter['terms'][$i]['op'] )
@@ -1342,19 +1345,19 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
                     case '>' :
                     case '<' :
                     case '<=' :
-                        $filter['sql'] .= " ".$filter['terms'][$i]['op']." $value";
+                        $filter['sql'] .= " ".dbEscape($filter['terms'][$i]['op'])." $value";
                         break;
                     case '=~' :
-                        $filter['sql'] .= " regexp $value";
+                        $filter['sql'] .= " regexp ".$value;
                         break;
                     case '!~' :
-                        $filter['sql'] .= " not regexp $value";
+                        $filter['sql'] .= " not regexp ".$value;
                         break;
                     case '=[]' :
-                        $filter['sql'] .= " in (".join( ",", $value_list ).")";
+                        $filter['sql'] .= " in (".join( ",", $valueList ).")";
                         break;
                     case '![]' :
-                        $filter['sql'] .= " not in (".join( ",", $value_list ).")";
+                        $filter['sql'] .= " not in (".join( ",", $valueList ).")";
                         break;
                 }
 
@@ -1405,6 +1408,8 @@ function delFilterTerm( $filter, $position )
 
 function getPagination( $pages, $page, $maxShortcuts, $query, $querySep='&' )
 {
+    global $view;
+
     $pageText = "";
     if ( $pages > 1 )
     {
@@ -1419,29 +1424,29 @@ function getPagination( $pages, $page, $maxShortcuts, $query, $querySep='&' )
             {
                 if ( false && $page > 2 )
                 {
-                    $pageText .= '<a href="?view='.$_REQUEST['view'].$querySep.'page=1'.$query.'">&lt;&lt;</a>';
+                    $pageText .= '<a href="?view='.$view.$querySep.'page=1'.$query.'">&lt;&lt;</a>';
                 }
-                $pageText .= '<a href="?view='.$_REQUEST['view'].$querySep.'page='.($page-1).$query.'">&lt;</a>';
+                $pageText .= '<a href="?view='.$view.$querySep.'page='.($page-1).$query.'">&lt;</a>';
 
                 $newPages = array();
-                $pages_used = array();
+                $pagesUsed = array();
                 $lo_exp = max(2,log($page-1)/log($maxShortcuts));
                 for ( $i = 0; $i < $maxShortcuts; $i++ )
                 {
                     $newPage = round($page-pow($lo_exp,$i));
-                    if ( isset($pages_used[$newPage]) )
+                    if ( isset($pagesUsed[$newPage]) )
                         continue;
                     if ( $newPage <= 1 )
                         break;
-                    $pages_used[$newPage] = true;
+                    $pagesUsed[$newPage] = true;
                     array_unshift( $newPages, $newPage );
                 }
-                if ( !isset($pages_used[1]) )
+                if ( !isset($pagesUsed[1]) )
                     array_unshift( $newPages, 1 );
 
                 foreach ( $newPages as $newPage )
                 {
-                    $pageText .= '<a href="?view='.$_REQUEST['view'].$querySep.'page='.$newPage.$query.'">'.$newPage.'</a>&nbsp;';
+                    $pageText .= '<a href="?view='.$view.$querySep.'page='.$newPage.$query.'">'.$newPage.'</a>&nbsp;';
                 }
 
             }
@@ -1449,29 +1454,29 @@ function getPagination( $pages, $page, $maxShortcuts, $query, $querySep='&' )
             if ( $page < $pages )
             {
                 $newPages = array();
-                $pages_used = array();
+                $pagesUsed = array();
                 $hi_exp = max(2,log($pages-$page)/log($maxShortcuts));
                 for ( $i = 0; $i < $maxShortcuts; $i++ )
                 {
                     $newPage = round($page+pow($hi_exp,$i));
-                    if ( isset($pages_used[$newPage]) )
+                    if ( isset($pagesUsed[$newPage]) )
                         continue;
                     if ( $newPage > $pages )
                         break;
-                    $pages_used[$newPage] = true;
+                    $pagesUsed[$newPage] = true;
                     array_push( $newPages, $newPage );
                 }
-                if ( !isset($pages_used[$pages]) )
+                if ( !isset($pagesUsed[$pages]) )
                     array_push( $newPages, $pages );
 
                 foreach ( $newPages as $newPage )
                 {
-                    $pageText .= '&nbsp;<a href="?view='.$_REQUEST['view'].$querySep.'page='.$newPage.$query.'">'.$newPage.'</a>';
+                    $pageText .= '&nbsp;<a href="?view='.$view.$querySep.'page='.$newPage.$query.'">'.$newPage.'</a>';
                 }
-                $pageText .= '<a href="?view='.$_REQUEST['view'].$querySep.'page='.($page+1).$query.'">&gt;</a>';
+                $pageText .= '<a href="?view='.$view.$querySep.'page='.($page+1).$query.'">&gt;</a>';
                 if ( false && $page < ($pages-1) )
                 {
-                    $pageText .= '<a href="?view='.$_REQUEST['view'].$querySep.'page='.$pages.$query.'">&gt;&gt;</a>';
+                    $pageText .= '<a href="?view='.$view.$querySep.'page='.$pages.$query.'">&gt;&gt;</a>';
                 }
             }
         }
@@ -1481,7 +1486,8 @@ function getPagination( $pages, $page, $maxShortcuts, $query, $querySep='&' )
 
 function sortHeader( $field, $querySep='&' )
 {
-    return( '?view='.$_REQUEST['view'].$querySep.'page=1'.$_REQUEST['filter']['query'].$querySep.'sort_field='.$field.$querySep.'sort_asc='.($_REQUEST['sort_field'] == $field?!$_REQUEST['sort_asc']:0).$querySep.'limit='.$_REQUEST['limit'] );
+    global $view;
+    return( '?view='.$view.$querySep.'page=1'.$_REQUEST['filter']['query'].$querySep.'sort_field='.$field.$querySep.'sort_asc='.($_REQUEST['sort_field'] == $field?!$_REQUEST['sort_asc']:0).$querySep.'limit='.$_REQUEST['limit'] );
 }
 
 function sortTag( $field )
@@ -2054,12 +2060,12 @@ function setDeviceStatusX10( $key, $status )
 
 function isVector ( &$array )
 {
-    $next_key = 0;
+    $nextKey = 0;
     foreach ( array_keys($array) as $key )
     {
         if ( !is_int( $key ) )
             return( false );
-        if ( $key != $next_key++ )
+        if ( $key != $nextKey++ )
             return( false );
     }
     return( true );
@@ -2145,4 +2151,38 @@ function getSkinIncludes( $file, $includeBase=false, $asOverride=false )
     return( $includeFiles );
 }
 
+function requestVar( $name, $default="" )
+{
+    return( isset($_REQUEST[$name])?validHtmlStr($_REQUEST[$name]):$default );
+}
+
+// For numbers etc in javascript or tags etc
+function validInt( $input )
+{
+    return( preg_replace( '/\D/', '', $input ) );
+}
+
+function validNum( $input )
+{
+    return( preg_replace( '/[^\d.-]/', '', $input ) );
+}
+
+// For general strings
+function validStr( $input )
+{
+    return( strip_tags( $input ) );
+}
+
+// For strings in javascript or tags etc, expected to be in quotes so further quotes escaped rather than converted
+function validJsStr( $input )
+{
+    return( strip_tags( addslashes( $input ) ) );
+}
+
+// For general text in pages outside of tags or quotes so quotes converted to entities
+function validHtmlStr( $input )
+{
+    return( htmlspecialchars( $input, ENT_QUOTES ) );
+}
+
 ?>
diff --git a/web/index.php b/web/index.php
index c248dc7fc..0808a8f8d 100644
--- a/web/index.php
+++ b/web/index.php
@@ -94,6 +94,13 @@ else
 
 require_once( 'includes/lang.php' );
 require_once( 'includes/functions.php' );
+
+if ( isset($_REQUEST['view']) )
+    $view = validHtmlStr($_REQUEST['view']);
+
+if ( isset($_REQUEST['action']) )
+    $action = validHtmlStr($_REQUEST['action']);
+
 require_once( 'includes/actions.php' );
 
 foreach ( getSkinIncludes( 'skin.php' ) as $includeFile )
@@ -101,18 +108,27 @@ foreach ( getSkinIncludes( 'skin.php' ) as $includeFile )
 
 if ( isset( $_REQUEST['request'] ) )
 {
-    foreach ( getSkinIncludes( 'ajax/'.$_REQUEST['request'].'.php', true, true ) as $includeFile )
+    $request = validHtmlStr($_REQUEST['request']);
+    foreach ( getSkinIncludes( 'ajax/'.$request.'.php', true, true ) as $includeFile )
+    {
+        if ( !file_exists( $includeFile ) )
+            die( "Request '$request' does not exist" );
         require_once $includeFile;
+    }
     return;
 }
 else
 {
-    if ( $includeFiles = getSkinIncludes( 'views/'.$_REQUEST['view'].'.php', true, true ) )
+    if ( $includeFiles = getSkinIncludes( 'views/'.$view.'.php', true, true ) )
     {
         foreach ( $includeFiles as $includeFile )
+        {
+            if ( !file_exists( $includeFile ) )
+                die( "View '$view' does not exist" );
             require_once $includeFile;
+        }
     }
-    if ( !$includeFiles || $_REQUEST['view'] == 'error' )
+    if ( !$includeFiles || $view == 'error' )
     {
         foreach ( getSkinIncludes( 'views/error.php', true, true ) as $includeFile )
             require_once $includeFile;
diff --git a/web/skins/classic/includes/export_functions.php b/web/skins/classic/includes/export_functions.php
index 34dabf3ff..d90f68dee 100644
--- a/web/skins/classic/includes/export_functions.php
+++ b/web/skins/classic/includes/export_functions.php
@@ -44,13 +44,13 @@ function exportEventDetail( $event, $exportFrames )
 <body>
   <div id="page">
     <div id="content">
-      <h2><?= $SLANG['Event'] ?>: <?= $event['Name'] ?><?php if ( $exportFrames ) { ?> (<a href="zmEventFrames.html"><?= $SLANG['Frames'] ?></a>)<?php } ?></h2>
+      <h2><?= $SLANG['Event'] ?>: <?= validHtmlStr($event['Name']) ?><?php if ( $exportFrames ) { ?> (<a href="zmEventFrames.html"><?= $SLANG['Frames'] ?></a>)<?php } ?></h2>
       <table id="eventDetail">
         <tr><th scope="row"><?= $SLANG['Id'] ?></th><td><?= $event['Id'] ?></td></tr>
-        <tr><th scope="row"><?= $SLANG['Name'] ?></th><td><?= $event['Name'] ?></td></tr>
-        <tr><th scope="row"><?= $SLANG['Monitor'] ?></th><td><?= $event['MonitorName'] ?> (<?= $event['MonitorId'] ?>)</td></tr>
-        <tr><th scope="row"><?= $SLANG['Cause'] ?></th><td><?= $event['Cause'] ?></td></tr>
-        <tr><th scope="row"><?= $SLANG['Notes'] ?></th><td><?= $event['Notes'] ?></td></tr>
+        <tr><th scope="row"><?= $SLANG['Name'] ?></th><td><?= validHtmlStr($event['Name']) ?></td></tr>
+        <tr><th scope="row"><?= $SLANG['Monitor'] ?></th><td><?= validHtmlStr($event['MonitorName']) ?> (<?= $event['MonitorId'] ?>)</td></tr>
+        <tr><th scope="row"><?= $SLANG['Cause'] ?></th><td><?= validHtmlStr($event['Cause']) ?></td></tr>
+        <tr><th scope="row"><?= $SLANG['Notes'] ?></th><td><?= validHtmlStr($event['Notes']) ?></td></tr>
         <tr><th scope="row"><?= $SLANG['Time'] ?></th><td><?= strftime( STRF_FMT_DATETIME_SHORTER, strtotime($event['StartTime']) ) ?></td></tr>
         <tr><th scope="row"><?= $SLANG['Duration'] ?></th><td><?= $event['Length'] ?></td></tr>
         <tr><th scope="row"><?= $SLANG['Frames'] ?></th><td><?= $event['Frames'] ?></td></tr>
@@ -72,7 +72,7 @@ function exportEventFrames( $event, $exportImages )
 {
     global $SLANG;
 
-    $sql = "select *, unix_timestamp( TimeStamp ) as UnixTimeStamp from Frames where EventID = '".$event['Id']."' order by FrameId";
+    $sql = "select *, unix_timestamp( TimeStamp ) as UnixTimeStamp from Frames where EventID = '".dbEscape($event['Id'])."' order by FrameId";
     $frames = dbFetchAll( $sql );
 
     ob_start();
@@ -81,7 +81,7 @@ function exportEventFrames( $event, $exportImages )
 <body>
   <div id="page">
     <div id="content">
-      <h2><?= $SLANG['Frames'] ?>: <?= $event['Name'] ?> (<a href="zmEventDetail.html"><?= $SLANG['Event'] ?></a>)</h2>
+      <h2><?= $SLANG['Frames'] ?>: <?= validHtmlStr($event['Name']) ?> (<a href="zmEventDetail.html"><?= $SLANG['Event'] ?></a>)</h2>
       <table id="eventFrames">
         <tr>
           <th><?= $SLANG['FrameId'] ?></th>
@@ -155,7 +155,7 @@ function exportFileList( $eid, $exportDetail, $exportFrames, $exportImages, $exp
 
     if ( canView( 'Events' ) && $eid )
     {
-        $sql = "select E.Id,E.MonitorId,M.Name As MonitorName,M.Width,M.Height,E.Name,E.Cause,E.Notes,E.StartTime,E.Length,E.Frames,E.AlarmFrames,E.TotScore,E.AvgScore,E.MaxScore,E.Archived from Monitors as M inner join Events as E on (M.Id = E.MonitorId) where E.Id = '$eid'";
+        $sql = "select E.Id,E.MonitorId,M.Name As MonitorName,M.Width,M.Height,E.Name,E.Cause,E.Notes,E.StartTime,E.Length,E.Frames,E.AlarmFrames,E.TotScore,E.AvgScore,E.MaxScore,E.Archived from Monitors as M inner join Events as E on (M.Id = E.MonitorId) where E.Id = '".dbEscape($eid)."'";
         $event = dbFetchOne( $sql );
 
         $eventPath = getEventPath( $event );
@@ -196,7 +196,6 @@ function exportFileList( $eid, $exportDetail, $exportFrames, $exportImages, $exp
             fclose( $fp );
             $exportFileList[$file] = $eventPath."/".$file;
         }
-
         if ( $exportImages )
         {
             $filesLeft = array();
@@ -278,7 +277,7 @@ function exportEvents( $eids, $exportDetail, $exportFrames, $exportImages, $expo
             $archive = "temp/".$export_root.".tar.gz";
             @unlink( $archive );
             $command = "tar --create --gzip --file=$archive --files-from=$listFile";
-            exec( $command, $output, $status );
+            exec( escapeshellcmd( $command ), $output, $status );
             if ( $status )
             {
                 error_log( "Command '$command' returned with status $status" );
@@ -293,7 +292,7 @@ function exportEvents( $eids, $exportDetail, $exportFrames, $exportImages, $expo
             $archive = "temp/".$export_root.".zip";
             @unlink( $archive );
             $command = "cat $listFile | zip -q $archive -@";
-            exec( $command, $output, $status );
+            exec( escapeshellcmd( $command ), $output, $status );
             if ( $status )
             {
                 error_log( "Command '$command' returned with status $status" );
diff --git a/web/skins/classic/includes/functions.php b/web/skins/classic/includes/functions.php
index 63a43e4e5..2ef8b29b1 100644
--- a/web/skins/classic/includes/functions.php
+++ b/web/skins/classic/includes/functions.php
@@ -36,7 +36,7 @@ function xhtmlHeaders( $file, $title )
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
-  <title><?= ZM_WEB_TITLE_PREFIX ?> - <?= $title ?></title>
+  <title><?= ZM_WEB_TITLE_PREFIX ?> - <?= validHtmlStr($title) ?></title>
   <link rel="icon" type="image/ico" href="graphics/favicon.ico"/>
   <link rel="shortcut icon" href="graphics/favicon.ico"/>
   <link rel="stylesheet" href="css/reset.css" type="text/css"/>
diff --git a/web/skins/classic/js/skin.js.php b/web/skins/classic/js/skin.js.php
index 9427ea5a2..ba9d74fdb 100644
--- a/web/skins/classic/js/skin.js.php
+++ b/web/skins/classic/js/skin.js.php
@@ -26,7 +26,7 @@
 ?>
   var AJAX_TIMEOUT = <?= ZM_WEB_AJAX_TIMEOUT ?>;
 
-  var currentView = '<?= $_REQUEST['view'] ?>';
+  var currentView = '<?= $view ?>';
   var thisUrl = "<?= ZM_BASE_URL.$_SERVER['PHP_SELF'] ?>";
   var skinPath = "<?= ZM_SKIN_PATH ?>";
 
diff --git a/web/skins/classic/skin.php b/web/skins/classic/skin.php
index 3d1109da7..9e0aea10f 100644
--- a/web/skins/classic/skin.php
+++ b/web/skins/classic/skin.php
@@ -33,17 +33,21 @@ foreach ( getSkinIncludes( 'includes/config.php' ) as $includeFile )
 foreach ( getSkinIncludes( 'includes/functions.php' ) as $includeFile )
     require_once $includeFile;
 
-if ( empty($_REQUEST['view']) )
-    $_REQUEST['view'] = isset($user)?'console':'login';
+if ( empty($view) )
+    $view = isset($user)?'console':'login';
 
 if ( !isset($user) && ZM_OPT_USE_AUTH )
 {
     if ( ZM_AUTH_TYPE == "remote" && !empty( $_SERVER['REMOTE_USER'] ) )
     {
-        $_REQUEST['view'] = "postlogin";
-        $_REQUEST['action'] = "login";
+        $view = "postlogin";
+        $action = "login";
         $_REQUEST['username'] = $_SERVER['REMOTE_USER'];
     }
+    else
+    {
+        $view = "login";
+    }
 }
 
 if ( isset($user) )
diff --git a/web/skins/classic/views/Makefile.am b/web/skins/classic/views/Makefile.am
index 392df5674..3e28a3868 100644
--- a/web/skins/classic/views/Makefile.am
+++ b/web/skins/classic/views/Makefile.am
@@ -41,7 +41,6 @@ dist_web_DATA = \
 	options.php \
 	postlogin.php \
 	settings.php \
-	siren.php \
 	state.php \
 	stats.php \
 	status.php \
diff --git a/web/skins/classic/views/blank.php b/web/skins/classic/views/blank.php
index f331532ee..ac5c9caa7 100644
--- a/web/skins/classic/views/blank.php
+++ b/web/skins/classic/views/blank.php
@@ -22,7 +22,7 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <?php
-if ( !empty($refresh_parent) )
+if ( !empty($refreshParent) )
 {
 ?>
 <head>
diff --git a/web/skins/classic/views/console.php b/web/skins/classic/views/console.php
index ebcc1ab7c..0c9b9f4e4 100644
--- a/web/skins/classic/views/console.php
+++ b/web/skins/classic/views/console.php
@@ -183,7 +183,7 @@ xhtmlHeaders( __FILE__, $SLANG['Console'] );
 <body>
   <div id="page">
     <form name="monitorForm" method="get" action="<?= $_SERVER['PHP_SELF'] ?>">
-    <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
+    <input type="hidden" name="view" value="<?= $view ?>"/>
     <input type="hidden" name="action" value=""/>
     <div id="header">
       <h3 id="systemTime"><?= preg_match( '/%/', DATE_FMT_CONSOLE_LONG )?strftime( DATE_FMT_CONSOLE_LONG ):date( DATE_FMT_CONSOLE_LONG ) ?></h3>
@@ -327,7 +327,7 @@ foreach( $monitors as $monitor )
     if ( canEdit('Monitors') )
     {
 ?>
-            <td class="colOrder"><?= makeLink( '?view='.$_REQUEST['view'].'&action=sequence&mid='.$monitor['Id'].'&smid='.$seqIdUpList[$monitor['Id']], '<img src="'.$seqUpFile.'" alt="Up"/>', $monitor['Sequence']>$minSequence ) ?><?= makeLink( 'view='.$_REQUEST['view'].'&action=sequence&mid='.$monitor['Id'].'&smid='.$seqIdDownList[$monitor['Id']], '<img src="'.$seqDownFile.'" alt="Down"/>', $monitor['Sequence']<$maxSequence ) ?></td>
+            <td class="colOrder"><?= makeLink( '?view='.$view.'&action=sequence&mid='.$monitor['Id'].'&smid='.$seqIdUpList[$monitor['Id']], '<img src="'.$seqUpFile.'" alt="Up"/>', $monitor['Sequence']>$minSequence ) ?><?= makeLink( 'view='.$view.'&action=sequence&mid='.$monitor['Id'].'&smid='.$seqIdDownList[$monitor['Id']], '<img src="'.$seqDownFile.'" alt="Down"/>', $monitor['Sequence']<$maxSequence ) ?></td>
 <?php
     }
 ?>
diff --git a/web/skins/classic/views/control.php b/web/skins/classic/views/control.php
index 171b84d77..3e89199a5 100644
--- a/web/skins/classic/views/control.php
+++ b/web/skins/classic/views/control.php
@@ -20,14 +20,14 @@
 
 if ( !canView( 'Control' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
 $groupSql = "";
 if ( !empty($_REQUEST['group']) )
 {
-    $sql = "select * from Groups where Id = '".$group."'";
+    $sql = "select * from Groups where Id = '".dbEscape($_REQUEST['group'])."'";
     $row = dbFetchOne( $sql );
     $groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )";
 }
@@ -64,7 +64,7 @@ xhtmlHeaders(__FILE__, $SLANG['Control'] );
       <h2><?= $SLANG['Control'] ?></h2>
       <div id="headerControl">
         <form name="contentForm" id="contentForm" method="get" action="<?= $_SERVER['PHP_SELF'] ?>">
-          <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
+          <input type="hidden" name="view" value="<?= $view ?>"/>
           <?= buildSelect( "mid", $mids, "this.form.submit();" ); ?>
         </form>
       </div>
diff --git a/web/skins/classic/views/controlcap.php b/web/skins/classic/views/controlcap.php
index c727e2385..e1ea64ad7 100644
--- a/web/skins/classic/views/controlcap.php
+++ b/web/skins/classic/views/controlcap.php
@@ -20,7 +20,7 @@
 
 if ( !canEdit( 'Control' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -35,12 +35,14 @@ $tabs["white"] = $SLANG['White'];
 $tabs["iris"] = $SLANG['Iris'];
 $tabs["presets"] = $SLANG['Presets'];
 
-if ( !isset($_REQUEST['tab']) )
-    $_REQUEST['tab'] = "main";
+if ( isset($_REQUEST['tab']) )
+    $tab = validHtmlStr($_REQUEST['tab']);
+else
+    $tab = "main";
 
 if ( !empty($_REQUEST['cid']) )
 {
-    $control = dbFetchOne( "select * from Controls where Id = '".$_REQUEST['cid']."'" );
+    $control = dbFetchOne( "select * from Controls where Id = '".dbEscape($_REQUEST['cid'])."'" );
 }
 else
 {
@@ -68,7 +70,7 @@ xhtmlHeaders(__FILE__, $SLANG['ControlCap']." - ".$control['Name'] );
 <?php
 foreach ( $tabs as $name=>$value )
 {
-    if ( $_REQUEST['tab'] == $name )
+    if ( $tab == $name )
     {
 ?>
         <li class="active"><?= $value ?></li>
@@ -77,7 +79,7 @@ foreach ( $tabs as $name=>$value )
     else
     {
 ?>
-        <li><a href="?view=<?= $_REQUEST['view'] ?>&tab=<?= $name ?>"><?= $value ?></a></li>
+        <li><a href="?view=<?= $view ?>&tab=<?= $name ?>"><?= $value ?></a></li>
 <?php
     }
 }
@@ -85,23 +87,23 @@ foreach ( $tabs as $name=>$value )
       </ul>
       <div class="clear"></div>
       <form name="contentForm" id="contentForm" method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
-        <input type="hidden" name="tab" value="<?= $_REQUEST['tab'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
+        <input type="hidden" name="tab" value="<?= $tab ?>"/>
         <input type="hidden" name="action" value="controlcap"/>
-        <input type="hidden" name="cid" value="<?= $_REQUEST['cid'] ?>"/>
+        <input type="hidden" name="cid" value="<?= requestVar('cid') ?>"/>
 <?php
-if ( $_REQUEST['tab'] != 'main' )
+if ( $tab != 'main' )
 {
 ?>
-        <input type="hidden" name="newControl[Name]" value="<?= $newControl['Name'] ?>"/>
-        <input type="hidden" name="newControl[Type]" value="<?= $newControl['Type'] ?>"/>
-        <input type="hidden" name="newControl[Protocol]" value="<?= $newControl['Protocol'] ?>"/>
+        <input type="hidden" name="newControl[Name]" value="<?= validHtmlStr($newControl['Name']) ?>"/>
+        <input type="hidden" name="newControl[Type]" value="<?= validHtmlStr($newControl['Type']) ?>"/>
+        <input type="hidden" name="newControl[Protocol]" value="<?= validHtmlStr($newControl['Protocol']) ?>"/>
         <input type="hidden" name="newControl[CanWake]" value="<?= $newControl['CanWake'] ?>"/>
         <input type="hidden" name="newControl[CanSleep]" value="<?= $newControl['CanSleep'] ?>"/>
         <input type="hidden" name="newControl[CanReset]" value="<?= $newControl['CanReset'] ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'move' )
+if ( $tab != 'move' )
 {
 ?>
         <input type="hidden" name="newControl[CanMove]" value="<?= $newControl['CanMove'] ?>"/>
@@ -112,7 +114,7 @@ if ( $_REQUEST['tab'] != 'move' )
         <input type="hidden" name="newControl[CanMoveCon]" value="<?= $newControl['CanMoveCon'] ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'pan' )
+if ( $tab != 'pan' )
 {
 ?>
         <input type="hidden" name="newControl[CanPan]" value="<?= $newControl['CanPan'] ?>"/>
@@ -127,7 +129,7 @@ if ( $_REQUEST['tab'] != 'pan' )
         <input type="hidden" name="newControl[TurboPanSpeed]" value="<?= $newControl['TurboPanSpeed'] ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'tilt' )
+if ( $tab != 'tilt' )
 {
 ?>
         <input type="hidden" name="newControl[CanTilt]" value="<?= $newControl['CanTilt'] ?>"/>
@@ -142,7 +144,7 @@ if ( $_REQUEST['tab'] != 'tilt' )
         <input type="hidden" name="newControl[TurboTiltSpeed]" value="<?= $newControl['TurboTiltSpeed'] ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'zoom' )
+if ( $tab != 'zoom' )
 {
 ?>
         <input type="hidden" name="newControl[CanZoom]" value="<?= $newControl['CanZoom'] ?>"/>
@@ -158,7 +160,7 @@ if ( $_REQUEST['tab'] != 'zoom' )
         <input type="hidden" name="newControl[MaxZoomSpeed]" value="<?= $newControl['MaxZoomSpeed'] ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'focus' )
+if ( $tab != 'focus' )
 {
 ?>
         <input type="hidden" name="newControl[CanFocus]" value="<?= $newControl['CanFocus'] ?>"/>
@@ -175,7 +177,7 @@ if ( $_REQUEST['tab'] != 'focus' )
         <input type="hidden" name="newControl[MaxFocusSpeed]" value="<?= $newControl['MaxFocusSpeed'] ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'iris' )
+if ( $tab != 'iris' )
 {
 ?>
         <input type="hidden" name="newControl[CanIris]" value="<?= $newControl['CanIris'] ?>"/>
@@ -192,7 +194,7 @@ if ( $_REQUEST['tab'] != 'iris' )
         <input type="hidden" name="newControl[MaxIrisSpeed]" value="<?= $newControl['MaxIrisSpeed'] ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'gain' )
+if ( $tab != 'gain' )
 {
 ?>
         <input type="hidden" name="newControl[CanGain]" value="<?= $newControl['CanGain'] ?>"/>
@@ -209,7 +211,7 @@ if ( $_REQUEST['tab'] != 'gain' )
         <input type="hidden" name="newControl[MaxGainSpeed]" value="<?= $newControl['MaxGainSpeed'] ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'white' )
+if ( $tab != 'white' )
 {
 ?>
         <input type="hidden" name="newControl[CanWhite]" value="<?= $newControl['CanWhite'] ?>"/>
@@ -226,7 +228,7 @@ if ( $_REQUEST['tab'] != 'white' )
         <input type="hidden" name="newControl[MaxWhiteSpeed]" value="<?= $newControl['MaxWhiteSpeed'] ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'presets' )
+if ( $tab != 'presets' )
 {
 ?>
         <input type="hidden" name="newControl[HasPresets]" value="<?= $newControl['HasPresets'] ?>"/>
@@ -239,17 +241,17 @@ if ( $_REQUEST['tab'] != 'presets' )
         <table id="contentTable" class="major" cellspacing="0">
           <tbody>
 <?php
-switch ( $_REQUEST['tab'] )
+switch ( $tab )
 {
     case 'main' :
     {
 ?>
-            <tr><th scope="row"><?= $SLANG['Name'] ?></th><td><input type="text" name="newControl[Name]" value="<?= $newControl['Name'] ?>" size="24"/></td></tr>
+            <tr><th scope="row"><?= $SLANG['Name'] ?></th><td><input type="text" name="newControl[Name]" value="<?= validHtmlStr($newControl['Name']) ?>" size="24"/></td></tr>
 <?php
         $types = array( 'Local'=>$SLANG['Local'], 'Remote'=>$SLANG['Remote'] );
 ?>
             <tr><th scope="row"><?= $SLANG['Type'] ?></td><td><?= buildSelect( "newControl[Type]", $types ); ?></td></tr>
-            <tr><th scope="row"><?= $SLANG['Protocol'] ?></th><td><input type="text" name="newControl[Protocol]" value="<?= $newControl['Protocol'] ?>" size="24"/></td></tr>
+            <tr><th scope="row"><?= $SLANG['Protocol'] ?></th><td><input type="text" name="newControl[Protocol]" value="<?= validHtmlStr($newControl['Protocol']) ?>" size="24"/></td></tr>
             <tr><th scope="row"><?= $SLANG['CanWake'] ?></th><td><input type="checkbox" name="newControl[CanWake]" value="1"<?php if ( !empty($newControl['CanWake']) ) { ?> checked="checked"<?php } ?>></td></tr>
             <tr><th scope="row"><?= $SLANG['CanSleep'] ?></th><td><input type="checkbox" name="newControl[CanSleep]" value="1"<?php if ( !empty($newControl['CanSleep']) ) { ?> checked="checked"<?php } ?>></td></tr>
             <tr><th scope="row"><?= $SLANG['CanReset'] ?></th><td><input type="checkbox" name="newControl[CanReset]" value="1"<?php if ( !empty($newControl['CanReset']) ) { ?> checked="checked"<?php } ?>></td></tr>
diff --git a/web/skins/classic/views/controlcaps.php b/web/skins/classic/views/controlcaps.php
index 824a7f123..2375f89a1 100644
--- a/web/skins/classic/views/controlcaps.php
+++ b/web/skins/classic/views/controlcaps.php
@@ -20,7 +20,7 @@
 
 if ( !canView( 'Control' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -41,7 +41,7 @@ xhtmlHeaders(__FILE__, $SLANG['ControlCaps'] );
     </div>
     <div id="content">
       <form name="contentForm" id="contentForm" method="get" action="<?= $_SERVER['PHP_SELF'] ?>" onsubmit="return( confirmDelete( 'Warning, deleting a control will reset all monitors that use it to be uncontrollable.\nAre you sure you wish to delete?' ) );">
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
         <input type="hidden" name="action" value="delete"/>
         <table id="contentTable" class="major" cellspacing="0">
           <thead>
diff --git a/web/skins/classic/views/controlpreset.php b/web/skins/classic/views/controlpreset.php
index 56dd0c935..d93c9bbaa 100644
--- a/web/skins/classic/views/controlpreset.php
+++ b/web/skins/classic/views/controlpreset.php
@@ -20,7 +20,7 @@
 
 if ( !canEdit( 'Monitors' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -39,7 +39,7 @@ for ( $i = 1; $i <= $monitor['NumPresets']; $i++ )
     $presets[$i] = "$SLANG['Preset'] $i";
     if ( !empty($labels[$i]) )
     {
-        $presets[$i] .= " (".htmlentities(addslashes($labels[$i])).")";
+        $presets[$i] .= " (".validHtmlStr($labels[$i]).")";
     }
 }
 
@@ -55,7 +55,7 @@ xhtmlHeaders(__FILE__, $SLANG['SetPreset'] );
     </div>
     <div id="content">
       <form name="contentForm" id="contentForm" method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
         <input type="hidden" name="mid" value="<?= $monitor['Id'] ?>"/>
         <input type="hidden" name="action" value="control"/>
         <input type="hidden" name="control" value="presetSet"/>
diff --git a/web/skins/classic/views/css/event.css b/web/skins/classic/views/css/event.css
index 1776f9e36..0727ed818 100644
--- a/web/skins/classic/views/css/event.css
+++ b/web/skins/classic/views/css/event.css
@@ -191,6 +191,11 @@
     position: relative;
 }
 
+#eventImageStats {
+    position: absolute;
+    left: 0;
+}
+
 #eventImageData {
     margin: 0 auto;
     padding-top: 2px;
diff --git a/web/skins/classic/views/css/zone.css b/web/skins/classic/views/css/zone.css
index 4132d6409..554255a74 100644
--- a/web/skins/classic/views/css/zone.css
+++ b/web/skins/classic/views/css/zone.css
@@ -48,15 +48,15 @@
 }
 
 #imageFrame div {
-    background-image: url(graphics/point-g.gif);
+    background-image: url(../../graphics/point-g.gif);
 }
 
 #imageFrame div.highlight {
-    background-image: url(graphics/point-o.gif);
+    background-image: url(../../graphics/point-o.gif);
 }
 
 #imageFrame div.active {
-    background-image: url(graphics/point-r.gif);
+    background-image: url(../../graphics/point-r.gif);
 }
 
 #zonePoints {
diff --git a/web/skins/classic/views/cycle.php b/web/skins/classic/views/cycle.php
index c062063b2..654f8fc39 100644
--- a/web/skins/classic/views/cycle.php
+++ b/web/skins/classic/views/cycle.php
@@ -20,24 +20,33 @@
 
 if ( !canView( 'Stream' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
 if ( empty($_REQUEST['mode']) )
 {
     if ( ZM_WEB_USE_STREAMS && canStream() )
-        $_REQUEST['mode'] = "stream";
+        $mode = "stream";
     else
-        $_REQUEST['mode'] = "still";
+        $mode = "still";
+}
+else
+{
+    $mode = validHtmlStr($_REQUEST['mode']);
 }
 
 if ( !empty($_REQUEST['group']) )
 {
-    $sql = "select * from Groups where Id = '".$_REQUEST['group']."'";
+    $group = validInt($_REQUEST['group']);
+    $sql = "select * from Groups where Id = '".dbEscape($group)."'";
     $row = dbFetchOne( $sql );
     $groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )";
 }
+else
+{
+    $group = '';
+}
 
 $sql = "select * from Monitors where Function != 'None'$groupSql order by Sequence";
 $monitors = array();
@@ -66,7 +75,7 @@ if ( false && (ZM_STREAM_METHOD == 'mpeg' && ZM_MPEG_LIVE_FORMAT) )
     $streamMode = "mpeg";
     $streamSrc = getStreamSrc( array( "mode=".$streamMode, "monitor=".$monitor['Id'], "scale=".$scale, "bitrate=".ZM_WEB_VIDEO_BITRATE, "maxfps=".ZM_WEB_VIDEO_MAXFPS, "format=".ZM_MPEG_LIVE_FORMAT ) );
 }
-elseif ( $_REQUEST['mode'] == 'stream' && canStream() )
+elseif ( $mode == 'stream' && canStream() )
 {
     $streamMode = "jpeg";
     $streamSrc = getStreamSrc( array( "mode=".$streamMode, "monitor=".$monitor['Id'], "scale=".$scale, "maxfps=".ZM_WEB_VIDEO_MAXFPS ) );
@@ -87,32 +96,32 @@ xhtmlHeaders(__FILE__, $SLANG['CycleWatch'] );
   <div id="page">
     <div id="header">
       <div id="headerButtons">
-<?php if ( $_REQUEST['mode'] == "stream" ) { ?>
-        <a href="?view=<?= $_REQUEST['view'] ?>&mode=still&group=<?= $_REQUEST['group'] ?>&mid=<?= $monitor['Id'] ?>"><?= $SLANG['Stills'] ?></a>
+<?php if ( $mode == "stream" ) { ?>
+        <a href="?view=<?= $view ?>&mode=still&group=<?= $group ?>&mid=<?= $monitor['Id'] ?>"><?= $SLANG['Stills'] ?></a>
 <?php } else { ?>
-        <a href="?view=<?= $_REQUEST['view'] ?>&mode=stream&group=<?= $_REQUEST['group'] ?>&mid=<?= $monitor['Id'] ?>"><?= $SLANG['Stream'] ?></a>
+        <a href="?view=<?= $view ?>&mode=stream&group=<?= $group ?>&mid=<?= $monitor['Id'] ?>"><?= $SLANG['Stream'] ?></a>
 <?php } ?>
         <a href="#" onclick="closeWindow(); return( false );"><?= $SLANG['Close'] ?></a>
       </div>
-      <h2><?= $SLANG['Cycle'] ?> - <?= $monitor['Name'] ?></h2>
+      <h2><?= $SLANG['Cycle'] ?> - <?= validHtmlStr($monitor['Name']) ?></h2>
     </div>
     <div id="content">
       <div id="imageFeed">
 <?php
 if ( $streamMode === "mpeg" )
 {
-    outputVideoStream( "liveStream", $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), ZM_MPEG_LIVE_FORMAT, $monitor['Name'] );
+    outputVideoStream( "liveStream", $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), ZM_MPEG_LIVE_FORMAT, validHtmlStr($monitor['Name']) );
 }
 elseif ( $streamMode == "jpeg" )
 {
     if ( canStreamNative() )
-        outputImageStream( "liveStream", $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), $monitor['Name'] );
+        outputImageStream( "liveStream", $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), validHtmlStr($monitor['Name']) );
     elseif ( canStreamApplet() )
-        outputHelperStream( "liveStream", $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), $monitor['Name'] );
+        outputHelperStream( "liveStream", $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), validHtmlStr($monitor['Name']) );
 }
 else
 {
-    outputImageStill( "liveStream", $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), $monitor['Name'] );
+    outputImageStill( "liveStream", $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), validHtmlStr($monitor['Name']) );
 }
 ?>
       </div>
diff --git a/web/skins/classic/views/device.php b/web/skins/classic/views/device.php
index f0abbf294..645c14295 100644
--- a/web/skins/classic/views/device.php
+++ b/web/skins/classic/views/device.php
@@ -20,12 +20,12 @@
 
 if ( !canEdit( 'Devices' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 if ( !empty($_REQUEST['did']) )
 {
-    $sql = "select * from Devices where Id = '".$_REQUEST['did']."'";
+    $sql = "select * from Devices where Id = '".dbEscape($_REQUEST['did'])."'";
     $newDevice = dbFetchOne( $sql );
 }
 else
@@ -42,22 +42,22 @@ xhtmlHeaders( __FILE__, $SLANG['Device']." - ".$newDevice['Name'] );
 <body>
   <div id="page">
     <div id="header">
-      <h2><?= $SLANG['Device']." - ".$newDevice['Name'] ?></h2>
+      <h2><?= $SLANG['Device']." - ".validHtmlStr($newDevice['Name']) ?></h2>
     </div>
     <div id="content">
       <form name="contentForm" method="get" action="<?= $_SERVER['PHP_SELF'] ?>">
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
         <input type="hidden" name="action" value="device"/>
         <input type="hidden" name="did" value="<?= $newDevice['Id'] ?>"/>
         <table id="contentTable" class="major" cellspacing="0">
           <tbody>
             <tr>
               <th scope="row"><?= $SLANG['Name'] ?></th>
-              <td><input type="text" name="newDevice[Name]" value="<?= $newDevice['Name'] ?>"/></td>
+              <td><input type="text" name="newDevice[Name]" value="<?= validHtmlStr($newDevice['Name']) ?>"/></td>
             </tr>
             <tr>
               <th scope="row"><?= $SLANG['KeyString'] ?></th>
-              <td><input type="text" name="newDevice[KeyString]" value="<?= $newDevice['KeyString'] ?>"/></td>
+              <td><input type="text" name="newDevice[KeyString]" value="<?= validHtmlStr($newDevice['KeyString']) ?>"/></td>
             </tr>
           </tbody>
         </table>
diff --git a/web/skins/classic/views/devices.php b/web/skins/classic/views/devices.php
index 0f976b343..481f0c43f 100644
--- a/web/skins/classic/views/devices.php
+++ b/web/skins/classic/views/devices.php
@@ -20,7 +20,7 @@
 
 if ( !canView( 'Devices' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
      return;
 }
 
@@ -64,9 +64,9 @@ foreach( $devices as $device )
     }
 ?>
             <tr>
-              <td><?= makePopupLink( '?view=device&did='.$device['Id'], 'zmDevice', 'device', '<span class="'.$fclass.'">'.$device['Name'].' ('.$device['KeyString'].')</span>', canEdit( 'Devices' ) ) ?></td>
-              <td><input type="button" value="<?= $SLANG['On'] ?>"<?= ($device['Status'] != 'ON')?' class="set"':'' ?> onclick="switchDeviceOn( this, '<?= $device['KeyString'] ?>' )"<?= canEdit( 'Devices' )?"":' disabled="disabled"' ?>/></td>
-              <td><input type="button" value="<?= $SLANG['Off'] ?>"<?= ($device['Status'] != 'OFF')?' class="set"':'' ?> onclick="switchDeviceOff( this, '<?= $device['KeyString'] ?>' )"<?= canEdit( 'Devices' )?"":' disabled="disabled"' ?>/></td>
+              <td><?= makePopupLink( '?view=device&did='.$device['Id'], 'zmDevice', 'device', '<span class="'.$fclass.'">'.validHtmlStr($device['Name']).' ('.validHtmlStr($device['KeyString']).')</span>', canEdit( 'Devices' ) ) ?></td>
+              <td><input type="button" value="<?= $SLANG['On'] ?>"<?= ($device['Status'] != 'ON')?' class="set"':'' ?> onclick="switchDeviceOn( this, '<?= validHtmlStr($device['KeyString']) ?>' )"<?= canEdit( 'Devices' )?"":' disabled="disabled"' ?>/></td>
+              <td><input type="button" value="<?= $SLANG['Off'] ?>"<?= ($device['Status'] != 'OFF')?' class="set"':'' ?> onclick="switchDeviceOff( this, '<?= validHtmlStr($device['KeyString']) ?>' )"<?= canEdit( 'Devices' )?"":' disabled="disabled"' ?>/></td>
               <td><input type="checkbox" name="markDids[]" value="<?= $device['Id'] ?>" onclick="configureButtons( this, 'markDids' );"<?php if ( !canEdit( 'Devices' ) ) {?> disabled="disabled"<?php } ?>/></td>
             </tr>
 <?php
diff --git a/web/skins/classic/views/donate.php b/web/skins/classic/views/donate.php
index ea0411791..cc9cb6b19 100644
--- a/web/skins/classic/views/donate.php
+++ b/web/skins/classic/views/donate.php
@@ -20,7 +20,7 @@
 
 if ( !canEdit( 'System' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
diff --git a/web/skins/classic/views/event.php b/web/skins/classic/views/event.php
index c1a26d941..a93d42511 100644
--- a/web/skins/classic/views/event.php
+++ b/web/skins/classic/views/event.php
@@ -20,22 +20,29 @@
 
 if ( !canView( 'Events' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
+$eid = validInt( $_REQUEST['eid'] );
+$fid = !empty($_REQUEST['fid'])?validInt($_REQUEST['fid']):1;
+
 if ( $user['MonitorIds'] )
     $midSql = " and MonitorId in (".join( ",", preg_split( '/["\'\s]*,["\'\s]*/', dbEscape($user['MonitorIds']) ) ).")";
 else
     $midSql = '';
 
-$sql = "select E.*,M.Name as MonitorName,M.Width,M.Height,M.DefaultRate,M.DefaultScale from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '".dbEscape($_REQUEST['eid'])."'".$midSql;
+$sql = "select E.*,M.Name as MonitorName,M.Width,M.Height,M.DefaultRate,M.DefaultScale from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '".dbEscape($eid)."'".$midSql;
 $event = dbFetchOne( $sql );
 
-if ( !isset( $_REQUEST['rate'] ) )
-    $_REQUEST['rate'] = reScale( RATE_BASE, $event['DefaultRate'], ZM_WEB_DEFAULT_RATE );
-if ( !isset( $_REQUEST['scale'] ) )
-    $_REQUEST['scale'] = reScale( SCALE_BASE, $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE );
+if ( isset( $_REQUEST['rate'] ) )
+    $rate = validInt($_REQUEST['rate']);
+else
+    $rate = reScale( RATE_BASE, $event['DefaultRate'], ZM_WEB_DEFAULT_RATE );
+if ( isset( $_REQUEST['scale'] ) )
+    $scale = validInt($_REQUEST['scale']);
+else
+    $scale = reScale( SCALE_BASE, $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE );
 
 $replayModes = array(
     'single' => $SLANG['ReplaySingle'],
@@ -43,18 +50,22 @@ $replayModes = array(
     'gapless' => $SLANG['ReplayGapless'],
 );
 
-if ( !isset( $_REQUEST['streamMode'] ) )
-    $_REQUEST['streamMode'] = canStream()?'stream':'stills';
+if ( isset( $_REQUEST['streamMode'] ) )
+    $streamMode = validHtmlStr($_REQUEST['streamMode']);
+else
+    $streamMode = canStream()?'stream':'stills';
 
-if ( !isset( $_REQUEST['replayMode'] ) )
-    $_REQUEST['replayMode'] = array_shift( array_keys( $replayModes ) );
+if ( isset( $_REQUEST['replayMode'] ) )
+    $replayMode = validHtmlStr($_REQUEST['replayMode']);
+else
+    $replayMode = array_shift( array_keys( $replayModes ) );
 
 parseSort();
 parseFilter( $_REQUEST['filter'] );
 $filterQuery = $_REQUEST['filter']['query'];
 
 $panelSections = 40;
-$panelSectionWidth = (int)ceil(reScale($event['Width'],$_REQUEST['scale'])/$panelSections);
+$panelSectionWidth = (int)ceil(reScale($event['Width'],$scale)/$panelSections);
 $panelWidth = ($panelSections*$panelSectionWidth-1);
 
 $connkey = generateConnKey();
@@ -70,7 +81,7 @@ xhtmlHeaders(__FILE__, $SLANG['Event'] );
         <table id="dataTable" class="major" cellspacing="0">
           <tr>
             <td><span id="dataId" title="<?= $SLANG['Id'] ?>"><?= $event['Id'] ?></span></td>
-            <td><span id="dataCause" title="<?= $event['Notes']?htmlentities($event['Notes']):$SLANG['AttrCause'] ?>"><?= htmlentities($event['Cause']) ?></span></td>
+            <td><span id="dataCause" title="<?= $event['Notes']?validHtmlStr($event['Notes']):$SLANG['AttrCause'] ?>"><?= validHtmlStr($event['Cause']) ?></span></td>
             <td><span id="dataTime" title="<?= $SLANG['Time'] ?>"><?= strftime( STRF_FMT_DATETIME_SHORT, strtotime($event['StartTime'] ) ) ?></span></td>
             <td><span id="dataDuration" title="<?= $SLANG['Duration'] ?>"><?= $event['Length'] ?></span>s</td>
             <td><span id="dataFrames" title="<?= $SLANG['AttrFrames']."/".$SLANG['AttrAlarmFrames'] ?>"><?= $event['Frames'] ?>/<?= $event['AlarmFrames'] ?></span></td>
@@ -81,7 +92,7 @@ xhtmlHeaders(__FILE__, $SLANG['Event'] );
       <div id="menuBar1">
         <div id="scaleControl"><label for="scale"><?= $SLANG['Scale'] ?></label><?= buildSelect( "scale", $scales, "changeScale();" ); ?></div>
         <div id="replayControl"><label for="replayMode"><?= $SLANG['Replay'] ?></label><?= buildSelect( "replayMode", $replayModes, "changeReplayMode();" ); ?></div>
-        <div id="nameControl"><input type="text" id="eventName" name="eventName" value="<?= $event['Name'] ?>" size="16"/><input type="button" value="<?= $SLANG['Rename'] ?>" onclick="renameEvent()"<?php if ( !canEdit( 'Events' ) ) { ?> disabled="disabled"<?php } ?>/></div>
+        <div id="nameControl"><input type="text" id="eventName" name="eventName" value="<?= validHtmlStr($event['Name']) ?>" size="16"/><input type="button" value="<?= $SLANG['Rename'] ?>" onclick="renameEvent()"<?php if ( !canEdit( 'Events' ) ) { ?> disabled="disabled"<?php } ?>/></div>
       </div>
       <div id="menuBar2">
         <div id="closeWindow"><a href="#" onclick="closeWindow();"><?= $SLANG['Close'] ?></a></div>
@@ -107,8 +118,9 @@ if ( canEdit( 'Events' ) )
 <?php
 }
 ?>
-        <div id="streamEvent"<?php if ( $_REQUEST['streamMode'] == 'stream' ) { ?> class="hidden"<?php } ?>><a href="#" onclick="showStream()"><?= $SLANG['Stream'] ?></a></div>
-        <div id="stillsEvent"<?php if ( $_REQUEST['streamMode'] == 'still' ) { ?> class="hidden"<?php } ?>><a href="#" onclick="showStills()"><?= $SLANG['Stills'] ?></a></div>
+        <div id="framesEvent"><a href="#" onclick="showEventFrames()"><?= $SLANG['Frames'] ?></a></div>
+        <div id="streamEvent"<?php if ( $streamMode == 'stream' ) { ?> class="hidden"<?php } ?>><a href="#" onclick="showStream()"><?= $SLANG['Stream'] ?></a></div>
+        <div id="stillsEvent"<?php if ( $streamMode == 'still' ) { ?> class="hidden"<?php } ?>><a href="#" onclick="showStills()"><?= $SLANG['Stills'] ?></a></div>
 <?php
 if ( ZM_OPT_FFMPEG )
 {
@@ -123,19 +135,19 @@ if ( ZM_OPT_FFMPEG )
 <?php
 if ( ZM_STREAM_METHOD == 'mpeg' && ZM_MPEG_LIVE_FORMAT )
 {
-    $streamSrc = getStreamSrc( array( "source=event", "mode=mpeg", "event=".$_REQUEST['eid'], "frame=".(!empty($fid)?$fid:1), "scale=".$_REQUEST['scale'], "rate=".$_REQUEST['rate'], "bitrate=".ZM_WEB_VIDEO_BITRATE, "maxfps=".ZM_WEB_VIDEO_MAXFPS, "format=".ZM_MPEG_REPLAY_FORMAT, "replay=".$_REQUEST['replayMode'] ) );
-    outputVideoStream( "evtStream", $streamSrc, reScale( $event['Width'], $_REQUEST['scale'] ), reScale( $event['Height'], $_REQUEST['scale'] ), ZM_MPEG_LIVE_FORMAT );
+    $streamSrc = getStreamSrc( array( "source=event", "mode=mpeg", "event=".$eid, "frame=".$fid, "scale=".$scale, "rate=".$rate, "bitrate=".ZM_WEB_VIDEO_BITRATE, "maxfps=".ZM_WEB_VIDEO_MAXFPS, "format=".ZM_MPEG_REPLAY_FORMAT, "replay=".$replayMode ) );
+    outputVideoStream( "evtStream", $streamSrc, reScale( $event['Width'], $scale ), reScale( $event['Height'], $scale ), ZM_MPEG_LIVE_FORMAT );
 }
 else
 {
-    $streamSrc = getStreamSrc( array( "source=event", "mode=jpeg", "event=".$_REQUEST['eid'], "frame=".(!empty($fid)?$fid:1), "scale=".$_REQUEST['scale'], "rate=".$_REQUEST['rate'], "maxfps=".ZM_WEB_VIDEO_MAXFPS, "replay=".$_REQUEST['replayMode'] ) );
+    $streamSrc = getStreamSrc( array( "source=event", "mode=jpeg", "event=".$eid, "frame=".$fid, "scale=".$scale, "rate=".$rate, "maxfps=".ZM_WEB_VIDEO_MAXFPS, "replay=".$replayMode) );
     if ( canStreamNative() )
     {
-        outputImageStream( "evtStream", $streamSrc, reScale( $event['Width'], $_REQUEST['scale'] ), reScale( $event['Height'], $_REQUEST['scale'] ), $event['Name'] );
+        outputImageStream( "evtStream", $streamSrc, reScale( $event['Width'], $scale ), reScale( $event['Height'], $scale ), validHtmlStr($event['Name']) );
     }
     else
     {
-        outputHelperStream( "evtStream", $streamSrc, reScale( $event['Width'], $_REQUEST['scale'] ), reScale( $event['Height'], $_REQUEST['scale'] ) );
+        outputHelperStream( "evtStream", $streamSrc, reScale( $event['Width'], $scale ), reScale( $event['Height'], $scale ) );
     }
 }
 ?>
@@ -177,7 +189,8 @@ else
           <div id="eventImageFrame">
             <img id="eventImage" src="graphics/transparent.gif" alt=""/>
             <div id="eventImageBar">
-              <div id="eventImageClose"><input type="button" value="Close" onclick="hideEventImage()"/></div>
+              <div id="eventImageClose"><input type="button" value="<?= $SLANG['Close'] ?>" onclick="hideEventImage()"/></div>
+              <div id="eventImageStats" class="hidden"><input type="button" value="<?= $SLANG['Stats'] ?>" onclick="showFrameStats()"/></div>
               <div id="eventImageData">Frame <span id="eventImageNo"></span></div>
             </div>
           </div>
diff --git a/web/skins/classic/views/eventdetail.php b/web/skins/classic/views/eventdetail.php
index 67b0d185b..53aa5565e 100644
--- a/web/skins/classic/views/eventdetail.php
+++ b/web/skins/classic/views/eventdetail.php
@@ -20,22 +20,26 @@
 
 if ( !canEdit( 'Events' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 if ( isset($_REQUEST['eid']) )
 {
-    $sql = "select E.* from Events as E where E.Id = '".dbEscape($_REQUEST['eid'])."'";
+    $mode = 'single';
+    $eid = validInt($_REQUEST['eid']);
+    $sql = "select E.* from Events as E where E.Id = '".dbEscape($eid)."'";
     $newEvent = dbFetchOne( $sql );
 }
 elseif ( isset($_REQUEST['eids']) )
 {
+    $mode = 'multi';
     $sql = "select E.* from Events as E where ";
     $sqlWhere = array();
     foreach ( $_REQUEST['eids'] as $eid )
     {
         $sqlWhere[] = "E.Id = '".dbEscape($eid)."'";
     }
+    unset( $eid );
     $sql .= join( " or ", $sqlWhere );
     foreach( dbFetchAll( $sql ) as $row )
     {
@@ -52,11 +56,15 @@ elseif ( isset($_REQUEST['eids']) )
         }
     }
 }
+else
+{
+    $mode = '';
+}
 
 $focusWindow = true;
 
-if ( isset($_REQUEST['eid']) )
-    xhtmlHeaders(__FILE__, $SLANG['Event']." - ".$_REQUEST['eid'] );
+if ( $mode == 'single' )
+    xhtmlHeaders(__FILE__, $SLANG['Event']." - ".$eid );
 else
     xhtmlHeaders(__FILE__, $SLANG['Events'] );
 ?>
@@ -64,10 +72,10 @@ else
   <div id="page">
     <div id="header">
 <?php
-if ( isset($_REQUEST['eid']) )
+if ( $mode == 'single' )
 {
 ?>
-      <h2><?= $SLANG['Event'] ?> <?= $_REQUEST['eid'] ?></h2>
+      <h2><?= $SLANG['Event'] ?> <?= $eid ?></h2>
 <?php
 }
 else
@@ -82,15 +90,15 @@ else
       <form name="contentForm" id="contentForm" method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
         <input type="hidden" name="view" value="none"/>
 <?php
-if ( isset($_REQUEST['eid']) )
+if ( $mode == 'single' )
 {
 ?>
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
         <input type="hidden" name="action" value="eventdetail"/>
-        <input type="hidden" name="eid" value="<?= $_REQUEST['eid'] ?>"/>
+        <input type="hidden" name="eid" value="<?= $eid ?>"/>
 <?php
 }
-elseif ( isset($_REQUEST['eids']) )
+elseif ( $mode = 'multi' )
 {
 ?>
         <input type="hidden" name="view" value="none"/>
@@ -99,7 +107,7 @@ elseif ( isset($_REQUEST['eids']) )
     foreach ( $_REQUEST['eids'] as $eid )
     {
 ?>
-        <input type="hidden" name="markEids[]" value="<?= $eid ?>"/>
+        <input type="hidden" name="markEids[]" value="<?= validHtmlStr($eid) ?>"/>
 <?php
     }
 }
@@ -108,11 +116,11 @@ elseif ( isset($_REQUEST['eids']) )
           <tbody>
             <tr>
               <th scope="row"><?= $SLANG['Cause'] ?></td>
-              <td><input type="text" name="newEvent[Cause]" value="<?= $newEvent['Cause'] ?>" size="32"/></td>
+              <td><input type="text" name="newEvent[Cause]" value="<?= validHtmlStr($newEvent['Cause']) ?>" size="32"/></td>
             </tr>
             <tr>
               <th scope="row"><?= $SLANG['Notes'] ?></td>
-              <td><textarea name="newEvent[Notes]" rows="6" cols="50"><?= $newEvent['Notes'] ?></textarea></td>
+              <td><textarea name="newEvent[Notes]" rows="6" cols="50"><?= validHtmlStr($newEvent['Notes']) ?></textarea></td>
             </tr>
           </tbody>
         </table>
diff --git a/web/skins/classic/views/events.php b/web/skins/classic/views/events.php
index a3a4cf355..f72f51d16 100644
--- a/web/skins/classic/views/events.php
+++ b/web/skins/classic/views/events.php
@@ -20,13 +20,13 @@
 
 if ( !canView( 'Events' ) || (!empty($_REQUEST['execute']) && !canEdit('Events')) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
 if ( !empty($_REQUEST['execute']) )
 {
-    executeFilter( $tempFilterName );
+    executeFilter( $_REQUEST['filterName'] );
 }
 
 $countSql = "select count(E.Id) as EventCount from Monitors as M inner join Events as E on (M.Id = E.MonitorId) where";
@@ -53,39 +53,48 @@ if ( $_REQUEST['filter']['sql'] )
 }
 $eventsSql .= " order by $sortColumn $sortOrder";
 
+if ( isset($_REQUEST['page']) )
+    $page = validInt($_REQUEST['page']);
+else
+    $page = 0;
+if ( isset($_REQUEST['limit']) )
+    $limit = validInt($_REQUEST['limit']);
+else
+    $limit = 0;
+
 $nEvents = dbFetchOne( $countSql, 'EventCount' );
-if ( !empty($_REQUEST['limit']) && $nEvents > $_REQUEST['limit'] )
+if ( !empty($limit) && $nEvents > $limit )
 {
-    $nEvents = $_REQUEST['limit'];
+    $nEvents = $limit;
 }
 $pages = (int)ceil($nEvents/ZM_WEB_EVENTS_PER_PAGE);
 if ( $pages > 1 )
 {
-    if ( !empty($_REQUEST['page']) )
+    if ( !empty($page) )
     {
-        if ( $_REQUEST['page'] < 0 )
-            $_REQUEST['page'] = 1;
-        if ( $_REQUEST['page'] > $pages )
-            $_REQUEST['page'] = $pages;
+        if ( $page < 0 )
+            $page = 1;
+        if ( $page > $pages )
+            $page = $pages;
     }
 }
-if ( !empty($_REQUEST['page']) )
+if ( !empty($page) )
 {
-    $limit_start = (($_REQUEST['page']-1)*ZM_WEB_EVENTS_PER_PAGE);
-    if ( empty( $_REQUEST['limit'] ) )
+    $limitStart = (($page-1)*ZM_WEB_EVENTS_PER_PAGE);
+    if ( empty( $limit ) )
     {
-        $limit_amount = ZM_WEB_EVENTS_PER_PAGE;
+        $limitAmount = ZM_WEB_EVENTS_PER_PAGE;
     }
     else
     {
-        $limit_left = $_REQUEST['limit'] - $limit_start;
-        $limit_amount = ($limit_left>ZM_WEB_EVENTS_PER_PAGE)?ZM_WEB_EVENTS_PER_PAGE:$limit_left;
+        $limitLeft = $limit - $limitStart;
+        $limitAmount = ($limitLeft>ZM_WEB_EVENTS_PER_PAGE)?ZM_WEB_EVENTS_PER_PAGE:$limitLeft;
     }
-    $eventsSql .= " limit $limit_start, $limit_amount";
+    $eventsSql .= " limit $limitStart, $limitAmount";
 }
-elseif ( !empty( $_REQUEST['limit'] ) )
+elseif ( !empty( $limit ) )
 {
-    $eventsSql .= " limit 0, ".$_REQUEST['limit'];
+    $eventsSql .= " limit 0, ".dbEscape($limit);
 }
 
 $maxWidth = 0;
@@ -108,7 +117,7 @@ foreach ( dbFetchAll( $eventsSql ) as $event )
 }
 
 $maxShortcuts = 5;
-$pagination = getPagination( $pages, $_REQUEST['page'], $maxShortcuts, $filterQuery.$sortQuery.'&limit='.$_REQUEST['limit'] );
+$pagination = getPagination( $pages, $page, $maxShortcuts, $filterQuery.$sortQuery.'&limit='.$limit );
 
 $focusWindow = true;
 
@@ -122,16 +131,16 @@ xhtmlHeaders(__FILE__, $SLANG['Events'] );
 <?php
 if ( $pages > 1 )
 {
-    if ( !empty($_REQUEST['page']) )
+    if ( !empty($page) )
     {
 ?>
-        <a href="?view=<?= $_REQUEST['view'] ?>&page=0<?= $filterQuery ?><?= $sortQuery ?>&limit=<?= $_REQUEST['limit'] ?>"><?= $SLANG['ViewAll'] ?></a>
+        <a href="?view=<?= $view ?>&page=0<?= $filterQuery ?><?= $sortQuery ?>&limit=<?= $limit ?>"><?= $SLANG['ViewAll'] ?></a>
 <?php
     }
     else
     {
 ?>
-        <a href="?view=<?= $_REQUEST['view'] ?>&page=1<?= $filterQuery ?><?= $sortQuery ?>&limit=<?= $_REQUEST['limit'] ?>"><?= $SLANG['ViewPaged'] ?></a>
+        <a href="?view=<?= $view ?>&page=1<?= $filterQuery ?><?= $sortQuery ?>&limit=<?= $limit ?>"><?= $SLANG['ViewPaged'] ?></a>
 <?php
     }
 }
@@ -142,13 +151,13 @@ if ( $pages > 1 )
     </div>
     <div id="content">
       <form name="contentForm" id="contentForm" method="post" action="">
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
         <input type="hidden" name="action" value=""/>
-        <input type="hidden" name="page" value="<?= $_REQUEST['page'] ?>"/>
+        <input type="hidden" name="page" value="<?= $page ?>"/>
         <?= $_REQUEST['filter']['fields'] ?>
-        <input type="hidden" name="sort_field" value="<?= $_REQUEST['sort_field'] ?>"/>
-        <input type="hidden" name="sort_asc" value="<?= $_REQUEST['sort_asc'] ?>"/>
-        <input type="hidden" name="limit" value="<?= $_REQUEST['limit'] ?>"/>
+        <input type="hidden" name="sort_field" value="<?= validHtmlStr($_REQUEST['sort_field']) ?>"/>
+        <input type="hidden" name="sort_asc" value="<?= validHtmlStr($_REQUEST['sort_asc']) ?>"/>
+        <input type="hidden" name="limit" value="<?= $limit ?>"/>
 <?php
 if ( $pagination )
 {
@@ -159,7 +168,7 @@ if ( $pagination )
 ?>
         <p id="controls">
           <a id="refreshLink" href="#" onclick="location.reload(true);"><?= $SLANG['Refresh'] ?></a>
-          <a id="filterLink" href="#" onclick="createPopup( '?view=filter&page=<?= $_REQUEST['page'] ?><?= $filterQuery ?>', 'zmFilter', 'filter' );"><?= $SLANG['ShowFilterWindow'] ?></a>
+          <a id="filterLink" href="#" onclick="createPopup( '?view=filter&page=<?= $page ?><?= $filterQuery ?>', 'zmFilter', 'filter' );"><?= $SLANG['ShowFilterWindow'] ?></a>
           <a id="timelineLink" href="#" onclick="createPopup( '?view=timeline<?= $filterQuery ?>', 'zmTimeline', 'timeline' );"><?= $SLANG['ShowTimeline'] ?></a>
         </p>
         <table id="contentTable" class="major" cellspacing="0"/>
@@ -199,9 +208,9 @@ foreach ( $events as $event )
 ?>
             <tr>
               <td class="colId"><?= makePopupLink( '?view=event&eid='.$event['Id'].$filterQuery.$sortQuery.'&page=1', 'zmEvent', array( 'event', reScale( $event['Width'], $scale ), reScale( $event['Height'], $scale ) ), $event['Id'].($event['Archived']?'*':'') ) ?></td>
-              <td class="colName"><?= makePopupLink( '?view=event&eid='.$event['Id'].$filterQuery.$sortQuery.'&page=1', 'zmEvent', array( 'event', reScale( $event['Width'], $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE ), reScale( $event['Height'], $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE ) ), $event['Name'].($event['Archived']?'*':'' ) ) ?></td>
+              <td class="colName"><?= makePopupLink( '?view=event&eid='.$event['Id'].$filterQuery.$sortQuery.'&page=1', 'zmEvent', array( 'event', reScale( $event['Width'], $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE ), reScale( $event['Height'], $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE ) ), validHtmlStr($event['Name']).($event['Archived']?'*':'' ) ) ?></td>
               <td class="colMonitorName"><?= $event['MonitorName'] ?></td>
-              <td class="colCause"><?= makePopupLink( '?view=eventdetail&eid='.$event['Id'], 'zmEventDetail', 'eventdetail', $event['Cause'], canEdit( 'Events' ) ) ?></td>
+              <td class="colCause"><?= makePopupLink( '?view=eventdetail&eid='.$event['Id'], 'zmEventDetail', 'eventdetail', validHtmlStr($event['Cause']), canEdit( 'Events' ) ) ?></td>
               <td class="colTime"><?= strftime( STRF_FMT_DATETIME_SHORTER, strtotime($event['StartTime']) ) ?></td>
               <td class="colDuration"><?= $event['Length'] ?></td>
               <td class="colFrames"><?= makePopupLink( '?view=frames&eid='.$event['Id'], 'zmFrames', 'frames', $event['Frames'] ) ?></td>
@@ -212,9 +221,9 @@ foreach ( $events as $event )
 <?php
     if ( ZM_WEB_LIST_THUMBS )
     {
-        $thumb_data = createListThumbnail( $event );
+        $thumbData = createListThumbnail( $event );
 ?>
-              <td class="colThumbnail"><?= makePopupLink( '?view=frame&eid='.$event['Id'].'&fid='.$thumb_data['FrameId'], 'zmImage', array( 'image', reScale( $event['Width'], $scale ), reScale( $event['Height'], $scale ) ), '<img src="'.$thumb_data['Path'].'" width="'.$thumb_data['Width'].'" height="'.$thumb_data['Height'].'" alt="'.$thumb_data['FrameId'].'/'.$event['MaxScore'].'"/>' ) ?></td>
+              <td class="colThumbnail"><?= makePopupLink( '?view=frame&eid='.$event['Id'].'&fid='.$thumbData['FrameId'], 'zmImage', array( 'image', reScale( $event['Width'], $scale ), reScale( $event['Height'], $scale ) ), '<img src="'.$thumbData['Path'].'" width="'.$thumbData['Width'].'" height="'.$thumbData['Height'].'" alt="'.$thumbData['FrameId'].'/'.$event['MaxScore'].'"/>' ) ?></td>
 <?php
     }
 ?>
diff --git a/web/skins/classic/views/export.php b/web/skins/classic/views/export.php
index 4974bf14a..5ca464f88 100644
--- a/web/skins/classic/views/export.php
+++ b/web/skins/classic/views/export.php
@@ -20,7 +20,7 @@
 
 if ( !canView( 'Events' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -58,7 +58,7 @@ xhtmlHeaders(__FILE__, $SLANG['Export'] );
 if ( !empty($_REQUEST['eid']) )
 {
 ?>
-        <input type="hidden" name="id" value="<?= $_REQUEST['eid'] ?>"/>
+        <input type="hidden" name="id" value="<?= validInt($_REQUEST['eid']) ?>"/>
 <?php
 }
 elseif ( !empty($_REQUEST['eids']) )
@@ -66,7 +66,7 @@ elseif ( !empty($_REQUEST['eids']) )
     foreach ( $_REQUEST['eids'] as $eid )
     {
 ?>
-        <input type="hidden" name="eids[]" value="<?= $eid ?>"/>
+        <input type="hidden" name="eids[]" value="<?= validInt($eid) ?>"/>
 <?php
     }
     unset( $eid );
@@ -122,7 +122,7 @@ elseif ( !empty($_REQUEST['eids']) )
     if ( !empty($_REQUEST['generated']) )
     {
 ?>
-      <h3 id="downloadLink"><a href="<?= $_REQUEST['exportFile'] ?>"><?= $SLANG['Download'] ?></a></h3>
+      <h3 id="downloadLink"><a href="<?= validHtmlStr($_REQUEST['exportFile']) ?>"><?= $SLANG['Download'] ?></a></h3>
 <?php
     }
 ?>
diff --git a/web/skins/classic/views/filter.php b/web/skins/classic/views/filter.php
index f63e8d446..4e2e4686a 100644
--- a/web/skins/classic/views/filter.php
+++ b/web/skins/classic/views/filter.php
@@ -20,7 +20,7 @@
 
 if ( !canView( 'Events' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 $selectName = "filterName";
@@ -48,22 +48,22 @@ if ( isset($dbFilter) )
     unset( $_REQUEST['filter']['limit'] );
 }
 
-$conjunction_types = array(
+$conjunctionTypes = array(
     'and' => $SLANG['ConjAnd'],
     'or'  => $SLANG['ConjOr']
 );
-$obracket_types = array(); 
-$cbracket_types = array();
+$obracketTypes = array(); 
+$cbracketTypes = array();
 if ( isset($_REQUEST['filter']['terms']) )
 {
     for ( $i = 0; $i <= count($_REQUEST['filter']['terms'])-2; $i++ )
     {
-        $obracket_types[$i] = str_repeat( "(", $i );
-        $cbracket_types[$i] = str_repeat( ")", $i );
+        $obracketTypes[$i] = str_repeat( "(", $i );
+        $cbracketTypes[$i] = str_repeat( ")", $i );
     }
 }
 
-$attr_types = array(
+$attrTypes = array(
     'MonitorId'   => $SLANG['AttrMonitorId'],
     'MonitorName' => $SLANG['AttrMonitorName'],
     'Id'          => $SLANG['AttrId'],
@@ -85,7 +85,7 @@ $attr_types = array(
     'DiskBlocks'  => $SLANG['AttrDiskBlocks'],
     'SystemLoad'  => $SLANG['AttrSystemLoad'],
 );
-$op_types = array(
+$opTypes = array(
     '='   => $SLANG['OpEq'],
     '!='  => $SLANG['OpNe'],
     '>='  => $SLANG['OpGtEq'],
@@ -97,7 +97,7 @@ $op_types = array(
     '=[]' => $SLANG['OpIn'],
     '![]' => $SLANG['OpNotIn'],
 );
-$archive_types = array(
+$archiveTypes = array(
     '0' => $SLANG['ArchUnarchived'],
     '1' => $SLANG['ArchArchived']
 );
@@ -147,7 +147,7 @@ xhtmlHeaders(__FILE__, $SLANG['EventFilter'] );
     <div id="content">
       <form name="contentForm" id="contentForm" method="get" action="<?= $_SERVER['PHP_SELF'] ?>">
         <input type="hidden" name="view" value="filter"/>
-        <input type="hidden" name="page" value="<?= empty($_REQUEST['page'])?"":$_REQUEST['page'] ?>"/>
+        <input type="hidden" name="page" value="<?= requestVar( 'page' ) ?>"/>
         <input type="hidden" name="reload" value="0"/>
         <input type="hidden" name="execute" value="0"/>
         <input type="hidden" name="action" value=""/>
@@ -174,12 +174,12 @@ for ( $i = 0; $i < count($_REQUEST['filter']['terms']); $i++ )
     else
     {
 ?>
-              <td><?= buildSelect( "filter[terms][$i][cnj]", $conjunction_types ); ?></td>
+              <td><?= buildSelect( "filter[terms][$i][cnj]", $conjunctionTypes ); ?></td>
 <?php
     }
 ?>
-              <td><?php if ( count($_REQUEST['filter']['terms']) > 2 ) { echo buildSelect( "filter[terms][$i][obr]", $obracket_types ); } else { ?>&nbsp;<?php } ?></td>
-              <td><?= buildSelect( "filter[terms][$i][attr]", $attr_types, "clearValue( this, $i ); submitToFilter( this, 0 );" ); ?></td>
+              <td><?php if ( count($_REQUEST['filter']['terms']) > 2 ) { echo buildSelect( "filter[terms][$i][obr]", $obracketTypes ); } else { ?>&nbsp;<?php } ?></td>
+              <td><?= buildSelect( "filter[terms][$i][attr]", $attrTypes, "clearValue( this, $i ); submitToFilter( this, 0 );" ); ?></td>
 <?php
     if ( isset($_REQUEST['filter']['terms'][$i]['attr']) )
     {
@@ -187,34 +187,34 @@ for ( $i = 0; $i < count($_REQUEST['filter']['terms']); $i++ )
         {
 ?>
               <td><?= $SLANG['OpEq'] ?><input type="hidden" name="filter[terms][<?= $i ?>][op]" value="="/></td>
-              <td><?= buildSelect( "filter[terms][$i][val]", $archive_types ); ?></td>
+              <td><?= buildSelect( "filter[terms][$i][val]", $archiveTypes ); ?></td>
 <?php
         }
         elseif ( $_REQUEST['filter']['terms'][$i]['attr'] == "DateTime" )
         {
 ?>
-              <td><?= buildSelect( "filter[terms][$i][op]", $op_types ); ?></td>
-              <td><input name="filter[terms][<?= $i ?>][val]" id="filter[terms][<?= $i ?>][val]" value="<?= isset($_REQUEST['filter']['terms'][$i]['val'])?$_REQUEST['filter']['terms'][$i]['val']:'' ?>"/><?php if ( $hasCal ) { ?><script type="text/javascript">Calendar.setup( { inputField: "filter[terms][<?= $i ?>][val]", ifFormat: "%Y-%m-%d %H:%M", showsTime: true, timeFormat: "24", showOthers: true, weekNumbers: false });</script><?php } ?></td>
+              <td><?= buildSelect( "filter[terms][$i][op]", $opTypes ); ?></td>
+              <td><input name="filter[terms][<?= $i ?>][val]" id="filter[terms][<?= $i ?>][val]" value="<?= isset($_REQUEST['filter']['terms'][$i]['val'])?validHtmlStr($_REQUEST['filter']['terms'][$i]['val']):'' ?>"/><?php if ( $hasCal ) { ?><script type="text/javascript">Calendar.setup( { inputField: "filter[terms][<?= $i ?>][val]", ifFormat: "%Y-%m-%d %H:%M", showsTime: true, timeFormat: "24", showOthers: true, weekNumbers: false });</script><?php } ?></td>
 <?php
         }
         elseif ( $_REQUEST['filter']['terms'][$i]['attr'] == "Date" )
         {
 ?>
-              <td><?= buildSelect( "filter[terms][$i][op]", $op_types ); ?></td>
-              <td><input name="filter[terms][<?= $i ?>][val]" id="filter[terms][<?= $i ?>][val]" value="<?= isset($_REQUEST['filter']['terms'][$i]['val'])?$_REQUEST['filter']['terms'][$i]['val']:'' ?>"/><?php if ( $hasCal ) { ?><script type="text/javascript">Calendar.setup( { inputField: "filter[terms][<?= $i ?>][val]", ifFormat: "%Y-%m-%d", showOthers: true, weekNumbers: false });</script><?php } ?></td>
+              <td><?= buildSelect( "filter[terms][$i][op]", $opTypes ); ?></td>
+              <td><input name="filter[terms][<?= $i ?>][val]" id="filter[terms][<?= $i ?>][val]" value="<?= isset($_REQUEST['filter']['terms'][$i]['val'])?validHtmlStr($_REQUEST['filter']['terms'][$i]['val']):'' ?>"/><?php if ( $hasCal ) { ?><script type="text/javascript">Calendar.setup( { inputField: "filter[terms][<?= $i ?>][val]", ifFormat: "%Y-%m-%d", showOthers: true, weekNumbers: false });</script><?php } ?></td>
 <?php
         }
         elseif ( $_REQUEST['filter']['terms'][$i]['attr'] == "Weekday" )
         {
 ?>
-              <td><?= buildSelect( "filter[terms][$i][op]", $op_types ); ?></td>
+              <td><?= buildSelect( "filter[terms][$i][op]", $opTypes ); ?></td>
               <td><?= buildSelect( "filter[terms][$i][val]", $weekdays ); ?></td>
 <?php
         }
         else
         {
 ?>
-              <td><?= buildSelect( "filter[terms][$i][op]", $op_types ); ?></td>
+              <td><?= buildSelect( "filter[terms][$i][op]", $opTypes ); ?></td>
               <td><input name="filter[terms][<?= $i ?>][val]" value="<?= $_REQUEST['filter']['terms'][$i]['val'] ?>"/></td>
 <?php
         }
@@ -222,12 +222,12 @@ for ( $i = 0; $i < count($_REQUEST['filter']['terms']); $i++ )
     else
     {
 ?>
-              <td><?= buildSelect( "filter[terms][$i][op]", $op_types ); ?></td>
+              <td><?= buildSelect( "filter[terms][$i][op]", $opTypes ); ?></td>
               <td><input name="filter[terms][<?= $i ?>][val]" value="<?= isset($_REQUEST['filter']['terms'][$i]['val'])?$_REQUEST['filter']['terms'][$i]['val']:'' ?>"/></td>
 <?php
     }
 ?>
-              <td><?php if ( count($_REQUEST['filter']['terms']) > 2 ) { echo buildSelect( "filter[terms][$i][cbr]", $cbracket_types ); } else { ?>&nbsp;<?php } ?></td>
+              <td><?php if ( count($_REQUEST['filter']['terms']) > 2 ) { echo buildSelect( "filter[terms][$i][cbr]", $cbracketTypes ); } else { ?>&nbsp;<?php } ?></td>
               <td><input type="button" onclick="addTerm( this, <?= $i+1 ?> )" value="+"/><?php if ( $_REQUEST['filter']['terms'] > 1 ) { ?><input type="button" onclick="delTerm( this, <?= $i ?> )" value="-"/><?php } ?></td>
             </tr>
 <?php
@@ -240,7 +240,7 @@ for ( $i = 0; $i < count($_REQUEST['filter']['terms']); $i++ )
           <tbody>
             <tr>
               <td><label for="sort_field"><?= $SLANG['SortBy'] ?></label><?= buildSelect( "sort_field", $sort_fields ); ?><?= buildSelect( "sort_asc", $sort_dirns ); ?></td>
-              <td><label for="limit"><?= $SLANG['LimitResultsPre'] ?></label><input type="text" size="6" name="limit" value="<?= isset($_REQUEST['limit'])?$_REQUEST['limit']:"" ?>"/><?= $SLANG['LimitResultsPost'] ?></td>
+              <td><label for="limit"><?= $SLANG['LimitResultsPre'] ?></label><input type="text" size="6" name="limit" value="<?= isset($_REQUEST['limit'])?validInt($_REQUEST['limit']):"" ?>"/><?= $SLANG['LimitResultsPost'] ?></td>
             </tr>
           </tbody>
         </table>
diff --git a/web/skins/classic/views/filtersave.php b/web/skins/classic/views/filtersave.php
index d7399d8dd..66da1f562 100644
--- a/web/skins/classic/views/filtersave.php
+++ b/web/skins/classic/views/filtersave.php
@@ -20,7 +20,7 @@
 
 if ( !canEdit( 'Events' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -30,7 +30,7 @@ foreach ( dbFetchAll( "select * from Filters order by Name" ) as $row )
     $filterNames[$row['Name']] = $row['Name'];
     if ( $filterName == $row['Name'] )
     {
-        $filter_data = $row;
+        $filterData = $row;
     }
 }
 
@@ -50,17 +50,17 @@ xhtmlHeaders(__FILE__, $SLANG['SaveFilter'] );
         <input type="hidden" name="view" value="none"/>
         <input type="hidden" name="action" value="filter"/>
         <?= $filter['fields'] ?>
-        <input type="hidden" name="sort_field" value="<?= $sort_field ?>"/>
-        <input type="hidden" name="sort_asc" value="<?= $sort_asc ?>"/>
-        <input type="hidden" name="limit" value="<?= $limit ?>"/>
-        <input type="hidden" name="auto_archive" value="<?= $auto_archive ?>"/>
-        <input type="hidden" name="auto_video" value="<?= $auto_video ?>"/>
-        <input type="hidden" name="auto_upload" value="<?= $auto_upload ?>"/>
-        <input type="hidden" name="auto_email" value="<?= $auto_email ?>"/>
-        <input type="hidden" name="auto_message" value="<?= $auto_message ?>"/>
-        <input type="hidden" name="auto_execute" value="<?= $auto_execute ?>"/>
-        <input type="hidden" name="auto_execute_cmd" value="<?= $auto_execute_cmd ?>"/>
-        <input type="hidden" name="auto_delete" value="<?= $auto_delete ?>"/>
+        <input type="hidden" name="sort_field" value="<?= requestVar( 'sort_field' ) ?>"/>
+        <input type="hidden" name="sort_asc" value="<?= requestVar( 'sort_asc' ) ?>"/>
+        <input type="hidden" name="limit" value="<?= requestVar( 'limit' ) ?>"/>
+        <input type="hidden" name="autoArchive" value="<?= requestVar( 'autoArchive' ) ?>"/>
+        <input type="hidden" name="autoVideo" value="<?= requestVar( 'autoVideo' ) ?>"/>
+        <input type="hidden" name="autoUpload" value="<?= requestVar( 'autoUpload' ) ?>"/>
+        <input type="hidden" name="autoEmail" value="<?= requestVar( 'autoEmail' ) ?>"/>
+        <input type="hidden" name="autoMessage" value="<?= requestVar( 'autoMessage' ) ?>"/>
+        <input type="hidden" name="autoExecute" value="<?= requestVar( 'autoExecute' ) ?>"/>
+        <input type="hidden" name="autoExecuteCmd" value="<?= requestVar( 'autoExecuteCmd' ) ?>"/>
+        <input type="hidden" name="autoDelete" value="<?= requestVar( 'autoDelete' ) ?>"/>
 <?php if ( count($filterNames) ) { ?>
         <p>
           <label for="<?= $selectName ?>"><?= $SLANG['SaveAs'] ?></label><?= buildSelect( $selectName, $filterNames ); ?><label for="new_<?= $selectName ?>"><?= $SLANG['OrEnterNewName'] ?></label><input type="text" size="32" name="new_<?= $selectName ?>" value="<?= $filterName ?>">
@@ -71,7 +71,7 @@ xhtmlHeaders(__FILE__, $SLANG['SaveFilter'] );
         </p>
 <?php } ?>
         <p>
-          <label for="background"><?= $SLANG['BackgroundFilter'] ?></label><input type="checkbox" name="background" value="1"<?php if ( $filter_data['Background'] ) { ?> checked="checked"<?php } ?>/>
+          <label for="background"><?= $SLANG['BackgroundFilter'] ?></label><input type="checkbox" name="background" value="1"<?php if ( $filterData['Background'] ) { ?> checked="checked"<?php } ?>/>
         </p>
         <div id="contentButtons">
           <input type="submit" value="<?= $SLANG['Save'] ?>"<?php if ( !canEdit( 'Events' ) ) { ?> disabled="disabled"<?php } ?>/><input type="button" value="<?= $SLANG['Cancel'] ?>" onclick="closeWindow();"/>
diff --git a/web/skins/classic/views/frame.php b/web/skins/classic/views/frame.php
index 2b71d65d6..c8ac13def 100644
--- a/web/skins/classic/views/frame.php
+++ b/web/skins/classic/views/frame.php
@@ -20,23 +20,26 @@
 
 if ( !canView( 'Events' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
-$sql = "select E.*,M.Name as MonitorName,M.Width,M.Height,M.DefaultScale from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '".dbEscape($_REQUEST['eid'])."'";
+
+$eid = validInt($_REQUEST['eid']);
+if ( !empty($_REQUEST['fid']) )
+    $fid = validInt($_REQUEST['fid']);
+
+$sql = "select E.*,M.Name as MonitorName,M.Width,M.Height,M.DefaultScale from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '".dbEscape($eid)."'";
 $event = dbFetchOne( $sql );
 
-if ( !empty($_REQUEST['fid']) )
+if ( !empty($fid) )
 {
-    $sql = "select * from Frames where EventId = '".dbEscape($_REQUEST['eid'])."' and FrameId = '".dbEscape($_REQUEST['fid'])."'";
+    $sql = "select * from Frames where EventId = '".dbEscape($eid)."' and FrameId = '".dbEscape($fid)."'";
     if ( !($frame = dbFetchOne( $sql )) )
-    {
-        $frame = array( 'FrameId'=>$_REQUEST['fid'], 'Type'=>'Normal', 'Score'=>0 );
-    }
+        $frame = array( 'FrameId'=>$fid, 'Type'=>'Normal', 'Score'=>0 );
 }
 else
 {
-    $frame = dbFetchOne( "select * from Frames where EventId = '".dbEscape($_REQUEST['eid'])."' and Score = '".$event['MaxScore']."'" );
+    $frame = dbFetchOne( "select * from Frames where EventId = '".dbEscape($eid)."' and Score = '".$event['MaxScore']."'" );
 }
 
 $maxFid = $event['Frames'];
@@ -48,10 +51,12 @@ $lastFid = $maxFid;
 
 $alarmFrame = $frame['Type']=='Alarm';
 
-if ( !isset( $_REQUEST['scale'] ) )
-    $_REQUEST['scale'] = max( reScale( SCALE_BASE, $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE ), SCALE_BASE );
+if ( isset( $_REQUEST['scale'] ) )
+    $scale = validInt($_REQUEST['scale']);
+else
+    $scale = max( reScale( SCALE_BASE, $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE ), SCALE_BASE );
 
-$imageData = getImageSrc( $event, $frame, $_REQUEST['scale'], (isset($_REQUEST['show']) && $_REQUEST['show']=="capt") );
+$imageData = getImageSrc( $event, $frame, $scale, (isset($_REQUEST['show']) && $_REQUEST['show']=="capt") );
 
 $imagePath = $imageData['thumbPath'];
 $eventPath = $imageData['eventPath'];
@@ -73,24 +78,24 @@ xhtmlHeaders(__FILE__, $SLANG['Frame']." - ".$event['Id']." - ".$frame['FrameId'
       <h2><?= $SLANG['Frame'] ?> <?= $event['Id']."-".$frame['FrameId']." (".$frame['Score'].")" ?></h2>
     </div>
     <div id="content">
-      <p id="image"><?php if ( $imageData['hasAnalImage'] ) { ?><a href="?view=frame&eid=<?= $event['Id'] ?>&fid=<?= $frame['FrameId'] ?>&scale=<?= $_REQUEST['scale'] ?>&show=<?= $imageData['isAnalImage']?"capt":"anal" ?>"><?php } ?><img src="<?= $imagePath ?>" width="<?= reScale( $event['Width'], $event['DefaultScale'], $_REQUEST['scale'] ) ?>" height="<?= reScale( $event['Height'], $event['DefaultScale'], $_REQUEST['scale'] ) ?>" class="<?= $imageData['imageClass'] ?>"/><?php if ( $imageData['hasAnalImage'] ) { ?></a><?php } ?></p>
+      <p id="image"><?php if ( $imageData['hasAnalImage'] ) { ?><a href="?view=frame&eid=<?= $event['Id'] ?>&fid=<?= $frame['FrameId'] ?>&scale=<?= $scale ?>&show=<?= $imageData['isAnalImage']?"capt":"anal" ?>"><?php } ?><img src="<?= $imagePath ?>" width="<?= reScale( $event['Width'], $event['DefaultScale'], $scale ) ?>" height="<?= reScale( $event['Height'], $event['DefaultScale'], $scale ) ?>" class="<?= $imageData['imageClass'] ?>"/><?php if ( $imageData['hasAnalImage'] ) { ?></a><?php } ?></p>
       <p id="controls">
 <?php if ( $frame['FrameId'] > 1 ) { ?>
-        <a id="firstLink" href="?view=frame&eid=<?= $event['Id'] ?>&fid=<?= $firstFid ?>&scale=<?= $_REQUEST['scale'] ?>"><?= $SLANG['First'] ?></a>
+        <a id="firstLink" href="?view=frame&eid=<?= $event['Id'] ?>&fid=<?= $firstFid ?>&scale=<?= $scale ?>"><?= $SLANG['First'] ?></a>
 <?php } if ( $frame['FrameId'] > 1 ) { ?>
-        <a id="prevLink" href="?view=frame&eid=<?= $event['Id'] ?>&fid=<?= $prevFid ?>&scale=<?= $_REQUEST['scale'] ?>"><?= $SLANG['Prev'] ?></a>
+        <a id="prevLink" href="?view=frame&eid=<?= $event['Id'] ?>&fid=<?= $prevFid ?>&scale=<?= $scale ?>"><?= $SLANG['Prev'] ?></a>
 <?php } if ( $frame['FrameId'] < $maxFid ) { ?>
-        <a id="nextLink" href="?view=frame&eid=<?= $event['Id'] ?>&fid=<?= $nextFid ?>&scale=<?= $_REQUEST['scale'] ?>"><?= $SLANG['Next'] ?></a>
+        <a id="nextLink" href="?view=frame&eid=<?= $event['Id'] ?>&fid=<?= $nextFid ?>&scale=<?= $scale ?>"><?= $SLANG['Next'] ?></a>
 <?php } if ( $frame['FrameId'] < $maxFid ) { ?>
-        <a id="lastLink" href="?view=frame&eid=<?= $event['Id'] ?>&fid=<?= $lastFid ?>&scale=<?= $_REQUEST['scale'] ?>"><?= $SLANG['Last'] ?></a>
+        <a id="lastLink" href="?view=frame&eid=<?= $event['Id'] ?>&fid=<?= $lastFid ?>&scale=<?= $scale ?>"><?= $SLANG['Last'] ?></a>
 <?php } ?>
       </p>
 <?php if (file_exists ($dImagePath)) { ?>
       <p id="diagImagePath"><?= $dImagePath ?></p>
-      <p id="diagImage"><img src="<?= $dImagePath ?>" width="<?= reScale( $event['Width'], $event['DefaultScale'], $_REQUEST['scale'] ) ?>" height="<?= reScale( $event['Height'], $event['DefaultScale'], $_REQUEST['scale'] ) ?>" class="<?= $imageData['imageClass'] ?>"/></p>
+      <p id="diagImage"><img src="<?= $dImagePath ?>" width="<?= reScale( $event['Width'], $event['DefaultScale'], $scale ) ?>" height="<?= reScale( $event['Height'], $event['DefaultScale'], $scale ) ?>" class="<?= $imageData['imageClass'] ?>"/></p>
 <?php } if (file_exists ($rImagePath)) { ?>
       <p id="refImagePath"><?= $rImagePath ?></p>
-      <p id="refImage"><img src="<?= $rImagePath ?>" width="<?= reScale( $event['Width'], $event['DefaultScale'], $_REQUEST['scale'] ) ?>" height="<?= reScale( $event['Height'], $event['DefaultScale'], $_REQUEST['scale'] ) ?>" class="<?= $imageData['imageClass'] ?>"/></p>
+      <p id="refImage"><img src="<?= $rImagePath ?>" width="<?= reScale( $event['Width'], $event['DefaultScale'], $scale ) ?>" height="<?= reScale( $event['Height'], $event['DefaultScale'], $scale ) ?>" class="<?= $imageData['imageClass'] ?>"/></p>
 <?php } ?>
     </div>
   </div>
diff --git a/web/skins/classic/views/frames.php b/web/skins/classic/views/frames.php
index 862677ac2..ad145677d 100644
--- a/web/skins/classic/views/frames.php
+++ b/web/skins/classic/views/frames.php
@@ -20,7 +20,7 @@
 
 if ( !canView( 'Events' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 $sql = "select E.*,M.Name as MonitorName,M.Width,M.Height from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '".dbEscape($_REQUEST['eid'])."'";
@@ -31,13 +31,13 @@ $frames = dbFetchAll( $sql );
 
 $focusWindow = true;
 
-xhtmlHeaders(__FILE__, $SLANG['Frames']." - ".$_REQUEST['eid'] );
+xhtmlHeaders(__FILE__, $SLANG['Frames']." - ".$event['Id'] );
 ?>
 <body>
   <div id="page">
     <div id="header">
       <div id="headerButtons"><a href="#" onclick="closeWindow();"><?= $SLANG['Close'] ?></a></div>
-      <h2><?= $SLANG['Frames'] ?> - <?= $_REQUEST['eid'] ?></h2>
+      <h2><?= $SLANG['Frames'] ?> - <?= $event['Id'] ?></h2>
     </div>
     <div id="content">
       <form name="contentForm" id="contentForm" method="get" action="<?= $_SERVER['PHP_SELF'] ?>">
@@ -61,7 +61,7 @@ if ( count($frames) )
         $class = strtolower($frame['Type']);
 ?>
             <tr class="<?= $class ?>">
-              <td class="colId"><?= makePopupLink( '?view=frame&eid='.$_REQUEST['eid'].'&fid='.$frame['FrameId'], 'zmImage', array( 'image', $event['Width'], $event['Height'] ), $frame['FrameId'] ) ?></a></td>
+              <td class="colId"><?= makePopupLink( '?view=frame&eid='.$event['Id'].'&fid='.$frame['FrameId'], 'zmImage', array( 'image', $event['Width'], $event['Height'] ), $frame['FrameId'] ) ?></a></td>
               <td class="colType"><?= $frame['Type'] ?></td>
               <td class="colTimeStamp"><?= strftime( STRF_FMT_TIME, $frame['UnixTimeStamp'] ) ?></td>
               <td class="colTimeDelta"><?= number_format( $frame['Delta'], 2 ) ?></td>
@@ -69,7 +69,7 @@ if ( count($frames) )
         if ( ZM_RECORD_EVENT_STATS && ($frame['Type'] == 'Alarm') )
         {
 ?>
-              <td class="colScore"><?= makePopupLink( '?view=stats&eid='.$_REQUEST['eid'].'&fid='.$frame['FrameId'], 'zmStats', 'stats', $frame['Score'] ) ?></a></td>
+              <td class="colScore"><?= makePopupLink( '?view=stats&eid='.$event['Id'].'&fid='.$frame['FrameId'], 'zmStats', 'stats', $frame['Score'] ) ?></a></td>
 <?php
         }
         else
diff --git a/web/skins/classic/views/function.php b/web/skins/classic/views/function.php
index 05b3c01c9..1ac7f2b3d 100644
--- a/web/skins/classic/views/function.php
+++ b/web/skins/classic/views/function.php
@@ -20,7 +20,7 @@
 
 if ( !canEdit( 'Monitors' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -28,12 +28,12 @@ $monitor = dbFetchMonitor( $_REQUEST['mid'] );
 
 $focusWindow = true;
 
-xhtmlHeaders(__FILE__, $SLANG['Function']." - ".$monitor['Name'] );
+xhtmlHeaders(__FILE__, $SLANG['Function']." - ".validHtmlStr($monitor['Name']) );
 ?>
 <body>
   <div id="page">
     <div id="header">
-      <h2><?= $SLANG['Function']." - ".$monitor['Name'] ?></h2>
+      <h2><?= $SLANG['Function']." - ".validHtmlStr($monitor['Name']) ?></h2>
     </div>
     <div id="content">
       <form name="contentForm" id="contentForm" method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
diff --git a/web/skins/classic/views/group.php b/web/skins/classic/views/group.php
index ddc4d840b..6f8eacf58 100644
--- a/web/skins/classic/views/group.php
+++ b/web/skins/classic/views/group.php
@@ -20,7 +20,7 @@
 
 if ( !canEdit( 'System' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -46,14 +46,14 @@ xhtmlHeaders( __FILE__, $SLANG['Group']." - ".$newGroup['Name'] );
     </div>
     <div id="content">
       <form name="groupForm" method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
         <input type="hidden" name="action" value="group"/>
         <input type="hidden" name="gid" value="<?= $newGroup['Id'] ?>"/>
         <table id="contentTable" class="major" cellspacing="0">
           <tbody>
             <tr>
               <th scope="row"><?= $SLANG['Name'] ?></th>
-              <td><input type="text" name="newGroup[Name]" value="<?= $newGroup['Name'] ?>"/></td>
+              <td><input type="text" name="newGroup[Name]" value="<?= validHtmlStr($newGroup['Name']) ?>"/></td>
             </tr>
             <tr>
               <th scope="row"><?= $SLANG['MonitorIds'] ?></th>
@@ -67,7 +67,7 @@ xhtmlHeaders( __FILE__, $SLANG['Group']." - ".$newGroup['Name'] );
         if ( visibleMonitor( $monitor['Id'] ) )
         {
 ?>
-                  <option value="<?= $monitor['Id'] ?>"<?php if ( array_key_exists( $monitor['Id'], $monitorIds ) ) { ?> selected="selected"<?php } ?>><?= htmlentities($monitor['Name']) ?></option>
+                  <option value="<?= $monitor['Id'] ?>"<?php if ( array_key_exists( $monitor['Id'], $monitorIds ) ) { ?> selected="selected"<?php } ?>><?= validHtmlStr($monitor['Name']) ?></option>
 <?php
         }
     }
diff --git a/web/skins/classic/views/groups.php b/web/skins/classic/views/groups.php
index 98da39cb4..87f8b9ebe 100644
--- a/web/skins/classic/views/groups.php
+++ b/web/skins/classic/views/groups.php
@@ -20,7 +20,7 @@
 
 if ( !canView( 'System' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -71,7 +71,7 @@ foreach ( $groups as $group )
 {
 ?>
             <tr>
-              <td class="colName"><?= $group['Name'] ?></td>
+              <td class="colName"><?= validHtmlStr($group['Name']) ?></td>
               <td class="colIds"><?= monitorIdsToNames( $group['MonitorIds'], 30 ) ?></td>
               <td class="colSelect"><input type="radio" name="gid" value="<?= $group['Id'] ?>"<?= $group['selected']?' checked="checked"':'' ?> onclick="configureButtons( this );"/></td>
             </tr>
diff --git a/web/skins/classic/views/js/controlpreset.js.php b/web/skins/classic/views/js/controlpreset.js.php
index 272c7de46..0aac01bf6 100644
--- a/web/skins/classic/views/js/controlpreset.js.php
+++ b/web/skins/classic/views/js/controlpreset.js.php
@@ -3,7 +3,7 @@ var labels = new Array();
 foreach ( $labels as $index=>$label )
 {
 ?>
-labels[<?= $index ?>] = "<?= htmlentities(addslashes($label)) ?>";
+labels[<?= validInt($index) ?>] = "<?= validJsStr($label) ?>";
 <?php
 }
 ?>
diff --git a/web/skins/classic/views/js/cycle.js.php b/web/skins/classic/views/js/cycle.js.php
index 06fcd3a0d..ba833bcb9 100644
--- a/web/skins/classic/views/js/cycle.js.php
+++ b/web/skins/classic/views/js/cycle.js.php
@@ -1,5 +1,5 @@
-var currGroup = "<?= isset($_REQUEST['group'])?$_REQUEST['group']:'' ?>";
+var currGroup = "<?= isset($_REQUEST['group'])?validJsStr($_REQUEST['group']):'' ?>";
 var nextMid = "<?= isset($nextMid)?$nextMid:'' ?>";
-var mode = "<?= $_REQUEST['mode'] ?>";
+var mode = "<?= validJsStr($_REQUEST['mode']) ?>";
 
 var cycleRefreshTimeout = <?= 1000*ZM_WEB_REFRESH_CYCLE ?>;
diff --git a/web/skins/classic/views/js/donate.js.php b/web/skins/classic/views/js/donate.js.php
index aff28b2e5..07bdd0ba2 100644
--- a/web/skins/classic/views/js/donate.js.php
+++ b/web/skins/classic/views/js/donate.js.php
@@ -1,2 +1,2 @@
-var action = '<?= $_REQUEST['action'] ?>';
-var option = '<?= $_REQUEST['option'] ?>';
+var action = '<?= validJsStr($_REQUEST['action']) ?>';
+var option = '<?= validJsStr($_REQUEST['option']) ?>';
diff --git a/web/skins/classic/views/js/event.js b/web/skins/classic/views/js/event.js
index 2d94401e7..8a9629824 100644
--- a/web/skins/classic/views/js/event.js
+++ b/web/skins/classic/views/js/event.js
@@ -378,6 +378,10 @@ function loadEventImage( event, frame )
             'width': event.Width,
             'height': event.Height
         } );
+        if ( frame.Type=='Alarm' )
+            $('eventImageStats').removeClass( 'hidden' );
+        else
+            $('eventImageStats').addClass( 'hidden' );
         thumbImg.addClass( 'selected' );
         thumbImg.setOpacity( 0.5 );
 
@@ -404,6 +408,7 @@ function hideEventImageComplete()
     $('prevImageBtn').disabled = true;
     $('nextImageBtn').disabled = true;
     $('eventImagePanel').setStyle( 'display', 'none' );
+    $('eventImageStats').addClass( 'hidden' );
 }
 
 function hideEventImage()
@@ -646,6 +651,11 @@ function unarchiveEvent()
     actQuery( 'unarchive' );
 }
 
+function showEventFrames()
+{
+    createPopup( '?view=frames&eid='+event.Id, 'zmFrames', 'frames' );
+}
+
 function showStream()
 {
     $('eventStills').addClass( 'hidden' );
@@ -677,6 +687,12 @@ function showStills()
     $(window).addEvent( 'resize', updateStillsSizes );
 }
 
+function showFrameStats()
+{
+    var fid = $('eventImageNo').getText();
+    createPopup( '?view=stats&eid='+event.Id+'&fid='+fid, 'zmStats', 'stats', event.Width, event.Height );
+}
+
 function videoEvent()
 {
     createPopup( '?view=video&eid='+event.Id, 'zmVideo', 'video', event.Width, event.Height );
diff --git a/web/skins/classic/views/js/event.js.php b/web/skins/classic/views/js/event.js.php
index 052c1dec0..9f6f34ae4 100644
--- a/web/skins/classic/views/js/event.js.php
+++ b/web/skins/classic/views/js/event.js.php
@@ -32,10 +32,10 @@ var event = {
     Length: <?= $event['Length'] ?>
 };
 
-var filterQuery = '<?= isset($filterQuery)?addslashes($filterQuery):'' ?>';
-var sortQuery = '<?= isset($sortQuery)?addslashes($sortQuery):'' ?>';
+var filterQuery = '<?= isset($filterQuery)?validJsStr($filterQuery):'' ?>';
+var sortQuery = '<?= isset($sortQuery)?validJsStr($sortQuery):'' ?>';
 
-var scale = <?= $_REQUEST['scale'] ?>;
+var scale = <?= $scale ?>;
 var canEditEvents = <?= canEdit( 'Events' )?'true':'false' ?>;
 var streamTimeout = <?= 1000*ZM_WEB_REFRESH_STATUS ?>;
 
diff --git a/web/skins/classic/views/js/events.js.php b/web/skins/classic/views/js/events.js.php
index 3c541fb4f..497d0c96e 100644
--- a/web/skins/classic/views/js/events.js.php
+++ b/web/skins/classic/views/js/events.js.php
@@ -4,8 +4,8 @@ var openFilterWindow = false;
 var archivedEvents = <?= !empty($archived)?'true':'false' ?>;
 var unarchivedEvents = <?= !empty($unarchived)?'true':'false' ?>;
 
-var filterQuery = '<?= isset($filterQuery)?addslashes($filterQuery):'' ?>';
-var sortQuery = '<?= isset($sortQuery)?addslashes($sortQuery):'' ?>';
+var filterQuery = '<?= isset($filterQuery)?validJsStr($filterQuery):'' ?>';
+var sortQuery = '<?= isset($sortQuery)?validJsStr($sortQuery):'' ?>';
 
 var maxWidth = <?= $maxWidth?$maxWidth:0 ?>;
 var maxHeight = <?= $maxHeight?$maxHeight:0 ?>;
diff --git a/web/skins/classic/views/js/export.js.php b/web/skins/classic/views/js/export.js.php
index 766b6b845..2b9bcc6f2 100644
--- a/web/skins/classic/views/js/export.js.php
+++ b/web/skins/classic/views/js/export.js.php
@@ -1,19 +1,22 @@
 <?php
 if ( isset($_REQUEST['eids']) )
 {
+    $eidParms = array()
+    foreach ( $_REQUEST['eids'] as $eid )
+        $eidParms[] = "eids[]=".validInt($eid);
 ?>
-var eidParm = 'eids[]=<?= join( '&eids[]=', $_REQUEST['eids'] ) ?>';
+var eidParm = '<?= join( '&', $eidParms ) ?>';
 <?php
 }
 else
 {
 ?>
-var eidParm = 'eid=<?= $_REQUEST['eid'] ?>';
+var eidParm = 'eid=<?= validInt($_REQUEST['eid']) ?>';
 <?php
 }
 ?>
 
 var exportReady = <?= !empty($_REQUEST['generated'])?'true':'false' ?>;
-var exportFile = '<?= !empty($_REQUEST['exportFile'])?$_REQUEST['exportFile']:'' ?>';
+var exportFile = '<?= !empty($_REQUEST['exportFile'])?validJsStr($_REQUEST['exportFile']):'' ?>';
 
 var exportProgressString = '<?= addslashes($SLANG['Exporting']) ?>';
diff --git a/web/skins/classic/views/js/timeline.js.php b/web/skins/classic/views/js/timeline.js.php
index 33889a49c..cbda779bd 100644
--- a/web/skins/classic/views/js/timeline.js.php
+++ b/web/skins/classic/views/js/timeline.js.php
@@ -1,4 +1,4 @@
-var filterQuery = '<?= addslashes($filterQuery) ?>';
+var filterQuery = '<?= validJsStr($filterQuery) ?>';
 
 var monitorNames = new Object();
 <?php
@@ -7,7 +7,7 @@ foreach ( $monitors as $monitor )
     if ( !empty($monitorIds[$monitor['Id']]) )
     {
 ?>
-monitorNames[<?= $monitor['Id'] ?>] = '<?= addslashes($monitor['Name']) ?>';
+monitorNames[<?= $monitor['Id'] ?>] = '<?= validJsStr($monitor['Name']) ?>';
 <?php
     }
 }
diff --git a/web/skins/classic/views/js/watch.js.php b/web/skins/classic/views/js/watch.js.php
index eaab07d50..ed05f9c19 100644
--- a/web/skins/classic/views/js/watch.js.php
+++ b/web/skins/classic/views/js/watch.js.php
@@ -48,7 +48,7 @@ var monitorId = <?= $monitor['Id'] ?>;
 var monitorWidth = <?= $monitor['Width'] ?>;
 var monitorHeight = <?= $monitor['Height'] ?>;
 
-var scale = <?= $_REQUEST['scale'] ?>;
+var scale = <?= $scale ?>;
 
 var streamSrc = "<?= $streamSrc ?>";
 
diff --git a/web/skins/classic/views/js/zone.js.php b/web/skins/classic/views/js/zone.js.php
index 12ffe8a09..715fff40f 100644
--- a/web/skins/classic/views/js/zone.js.php
+++ b/web/skins/classic/views/js/zone.js.php
@@ -25,9 +25,9 @@ presets[<?= $preset['Id'] ?>] = {
 ?>
 
 var zone = {
-    'Name': '<?= addslashes($zone['Name']) ?>',
-    'Id': <?= addslashes($zone['Id']) ?>,
-    'MonitorId': <?= addslashes($zone['MonitorId']) ?>,
+    'Name': '<?= validJsStr($zone['Name']) ?>',
+    'Id': <?= validJsStr($zone['Id']) ?>,
+    'MonitorId': <?= validJsStr($zone['MonitorId']) ?>,
     'CheckMethod': '<?= $zone['CheckMethod'] ?>',
     'AlarmRGB': '<?= $zone['AlarmRGB'] ?>',
     'NumCoords': <?= $zone['NumCoords'] ?>,
diff --git a/web/skins/classic/views/login.php b/web/skins/classic/views/login.php
index 31e569b99..8f3f90d08 100644
--- a/web/skins/classic/views/login.php
+++ b/web/skins/classic/views/login.php
@@ -33,7 +33,7 @@ xhtmlHeaders(__FILE__, $SLANG['Login'] );
           <tbody>
             <tr>
               <td class="colLeft"><?= $SLANG['Username'] ?></td>
-              <td class="colRight"><input type="text" name="username" value="<?= isset($username)?$username:"" ?>" size="12"/></td>
+              <td class="colRight"><input type="text" name="username" value="<?= isset($_REQUEST['username'])?validHtmlStr($_REQUEST['username']):"" ?>" size="12"/></td>
             </tr>
             <tr>
               <td class="colLeft"><?= $SLANG['Password'] ?></td>
diff --git a/web/skins/classic/views/monitor.php b/web/skins/classic/views/monitor.php
index 49eb4910a..eb6bf5e76 100644
--- a/web/skins/classic/views/monitor.php
+++ b/web/skins/classic/views/monitor.php
@@ -20,7 +20,7 @@
 
 if ( !canView( 'Monitors' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -35,8 +35,10 @@ if ( ZM_OPT_X10 )
     $tabs["x10"] = $SLANG['X10'];
 $tabs["misc"] = $SLANG['Misc'];
 
-if ( !isset($_REQUEST['tab']) )
-    $_REQUEST['tab'] = "general";
+if ( isset($_REQUEST['tab']) )
+    $tab = validHtmlStr($_REQUEST['tab']);
+else
+    $tab = "general";
 
 if ( !empty($_REQUEST['mid']) )
 {
@@ -206,7 +208,7 @@ $orientations = array(
     $SLANG['FlippedVert'] => 'vert'
 );
 
-xhtmlHeaders(__FILE__, $SLANG['Monitor']." - ".$monitor['Name'] );
+xhtmlHeaders(__FILE__, $SLANG['Monitor']." - ".validHtmlStr($monitor['Name']) );
 ?>
 <body>
   <div id="page">
@@ -221,14 +223,14 @@ if ( canEdit( 'Monitors' ) )
 <?php
 }
 ?>
-      <h2><?= $SLANG['Monitor'] ?> - <?= $monitor['Name'] ?><?php if ( !empty($monitor['Id']) ) { ?> (<?= $monitor['Id'] ?>)<?php } ?></h2>
+      <h2><?= $SLANG['Monitor'] ?> - <?= validHtmlStr($monitor['Name']) ?><?php if ( !empty($monitor['Id']) ) { ?> (<?= $monitor['Id'] ?>)<?php } ?></h2>
     </div>
     <div id="content">
       <ul class="tabList">
 <?php
 foreach ( $tabs as $name=>$value )
 {
-    if ( $_REQUEST['tab'] == $name )
+    if ( $tab == $name )
     {
 ?>
         <li class="active"><?= $value ?></li>
@@ -245,137 +247,137 @@ foreach ( $tabs as $name=>$value )
       </ul>
       <div class="clear"></div>
       <form name="contentForm" id="contentForm" method="post" action="<?= $_SERVER['PHP_SELF'] ?>" onsubmit="return validateForm( this )">
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
-        <input type="hidden" name="tab" value="<?= $_REQUEST['tab'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
+        <input type="hidden" name="tab" value="<?= $tab ?>"/>
         <input type="hidden" name="action" value="monitor"/>
         <input type="hidden" name="mid" value="<?= $monitor['Id'] ?>"/>
         <input type="hidden" name="newMonitor[LinkedMonitors]" value="<?= isset($newMonitor['LinkedMonitors'])?$newMonitor['LinkedMonitors']:'' ?>"/>
         <input type="hidden" name="origMethod" value="<?= isset($newMonitor['Method'])?$newMonitor['Method']:'' ?>"/>
 <?php
-if ( $_REQUEST['tab'] != 'general' )
+if ( $tab != 'general' )
 {
 ?>
-        <input type="hidden" name="newMonitor[Name]" value="<?= $newMonitor['Name'] ?>"/>
-        <input type="hidden" name="newMonitor[Type]" value="<?= $newMonitor['Type'] ?>"/>
-        <input type="hidden" name="newMonitor[Function]" value="<?= $newMonitor['Function'] ?>"/>
-        <input type="hidden" name="newMonitor[Enabled]" value="<?= $newMonitor['Enabled'] ?>"/>
-        <input type="hidden" name="newMonitor[RefBlendPerc]" value="<?= $newMonitor['RefBlendPerc'] ?>"/>
-        <input type="hidden" name="newMonitor[MaxFPS]" value="<?= $newMonitor['MaxFPS'] ?>"/>
-        <input type="hidden" name="newMonitor[AlarmMaxFPS]" value="<?= $newMonitor['AlarmMaxFPS'] ?>"/>
+        <input type="hidden" name="newMonitor[Name]" value="<?= validHtmlStr($newMonitor['Name']) ?>"/>
+        <input type="hidden" name="newMonitor[Type]" value="<?= validHtmlStr($newMonitor['Type']) ?>"/>
+        <input type="hidden" name="newMonitor[Function]" value="<?= validHtmlStr($newMonitor['Function']) ?>"/>
+        <input type="hidden" name="newMonitor[Enabled]" value="<?= validHtmlStr($newMonitor['Enabled']) ?>"/>
+        <input type="hidden" name="newMonitor[RefBlendPerc]" value="<?= validHtmlStr($newMonitor['RefBlendPerc']) ?>"/>
+        <input type="hidden" name="newMonitor[MaxFPS]" value="<?= validHtmlStr($newMonitor['MaxFPS']) ?>"/>
+        <input type="hidden" name="newMonitor[AlarmMaxFPS]" value="<?= validHtmlStr($newMonitor['AlarmMaxFPS']) ?>"/>
 <?php
     if ( isset($newMonitor['Triggers']) )
     {
         foreach( $newMonitor['Triggers'] as $newTrigger )
         {
 ?>
-        <input type="hidden" name="newMonitor[Triggers][]" value="<?= $newTrigger ?>"/>
+        <input type="hidden" name="newMonitor[Triggers][]" value="<?= validHtmlStr($newTrigger ?>"/>
 <?php
         }
     }
 }
-if ( $_REQUEST['tab'] != 'source' || $newMonitor['Type'] != 'Local' )
+if ( $tab != 'source' || $newMonitor['Type'] != 'Local' )
 {
 ?>
-    <input type="hidden" name="newMonitor[Device]" value="<?= $newMonitor['Device'] ?>"/>
-    <input type="hidden" name="newMonitor[Channel]" value="<?= $newMonitor['Channel'] ?>"/>
-    <input type="hidden" name="newMonitor[Format]" value="<?= $newMonitor['Format'] ?>"/>
-    <input type="hidden" name="newMonitor[Palette]" value="<?= $newMonitor['Palette'] ?>"/>
+    <input type="hidden" name="newMonitor[Device]" value="<?= validHtmlStr($newMonitor['Device']) ?>"/>
+    <input type="hidden" name="newMonitor[Channel]" value="<?= validHtmlStr($newMonitor['Channel']) ?>"/>
+    <input type="hidden" name="newMonitor[Format]" value="<?= validHtmlStr($newMonitor['Format']) ?>"/>
+    <input type="hidden" name="newMonitor[Palette]" value="<?= validHtmlStr($newMonitor['Palette']) ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'source' || $newMonitor['Type'] != 'Remote' )
+if ( $tab != 'source' || $newMonitor['Type'] != 'Remote' )
 {
 ?>
-    <input type="hidden" name="newMonitor[Host]" value="<?= $newMonitor['Host'] ?>"/>
-    <input type="hidden" name="newMonitor[Port]" value="<?= $newMonitor['Port'] ?>"/>
+    <input type="hidden" name="newMonitor[Host]" value="<?= validHtmlStr($newMonitor['Host']) ?>"/>
+    <input type="hidden" name="newMonitor[Port]" value="<?= validHtmlStr($newMonitor['Port']) ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'source' || ($newMonitor['Type'] != 'Remote' && $newMonitor['Type'] != 'File') )
+if ( $tab != 'source' || ($newMonitor['Type'] != 'Remote' && $newMonitor['Type'] != 'File') )
 {
 ?>
-    <input type="hidden" name="newMonitor[Protocol]" value="<?= $newMonitor['Protocol'] ?>"/>
-    <input type="hidden" name="newMonitor[Method]" value="<?= $newMonitor['Method'] ?>"/>
-    <input type="hidden" name="newMonitor[Path]" value="<?= $newMonitor['Path'] ?>"/>
-    <input type="hidden" name="newMonitor[SubPath]" value="<?= $newMonitor['SubPath'] ?>"/>
+    <input type="hidden" name="newMonitor[Protocol]" value="<?= validHtmlStr($newMonitor['Protocol']) ?>"/>
+    <input type="hidden" name="newMonitor[Method]" value="<?= validHtmlStr($newMonitor['Method']) ?>"/>
+    <input type="hidden" name="newMonitor[Path]" value="<?= validHtmlStr($newMonitor['Path']) ?>"/>
+    <input type="hidden" name="newMonitor[SubPath]" value="<?= validHtmlStr($newMonitor['SubPath']) ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'source' )
+if ( $tab != 'source' )
 {
 ?>
-    <input type="hidden" name="newMonitor[Width]" value="<?= $newMonitor['Width'] ?>"/>
-    <input type="hidden" name="newMonitor[Height]" value="<?= $newMonitor['Height'] ?>"/>
-    <input type="hidden" name="newMonitor[Orientation]" value="<?= $newMonitor['Orientation'] ?>"/>
+    <input type="hidden" name="newMonitor[Width]" value="<?= validHtmlStr($newMonitor['Width']) ?>"/>
+    <input type="hidden" name="newMonitor[Height]" value="<?= validHtmlStr($newMonitor['Height']) ?>"/>
+    <input type="hidden" name="newMonitor[Orientation]" value="<?= validHtmlStr($newMonitor['Orientation']) ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'timestamp' )
+if ( $tab != 'timestamp' )
 {
 ?>
-    <input type="hidden" name="newMonitor[LabelFormat]" value="<?= $newMonitor['LabelFormat'] ?>"/>
-    <input type="hidden" name="newMonitor[LabelX]" value="<?= $newMonitor['LabelX'] ?>"/>
-    <input type="hidden" name="newMonitor[LabelY]" value="<?= $newMonitor['LabelY'] ?>"/>
+    <input type="hidden" name="newMonitor[LabelFormat]" value="<?= validHtmlStr($newMonitor['LabelFormat']) ?>"/>
+    <input type="hidden" name="newMonitor[LabelX]" value="<?= validHtmlStr($newMonitor['LabelX']) ?>"/>
+    <input type="hidden" name="newMonitor[LabelY]" value="<?= validHtmlStr($newMonitor['LabelY']) ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'buffers' )
+if ( $tab != 'buffers' )
 {
 ?>
-    <input type="hidden" name="newMonitor[ImageBufferCount]" value="<?= $newMonitor['ImageBufferCount'] ?>"/>
-    <input type="hidden" name="newMonitor[WarmupCount]" value="<?= $newMonitor['WarmupCount'] ?>"/>
-    <input type="hidden" name="newMonitor[PreEventCount]" value="<?= $newMonitor['PreEventCount'] ?>"/>
-    <input type="hidden" name="newMonitor[PostEventCount]" value="<?= $newMonitor['PostEventCount'] ?>"/>
-    <input type="hidden" name="newMonitor[StreamReplayBuffer]" value="<?= $newMonitor['StreamReplayBuffer'] ?>"/>
-    <input type="hidden" name="newMonitor[AlarmFrameCount]" value="<?= $newMonitor['AlarmFrameCount'] ?>"/>
+    <input type="hidden" name="newMonitor[ImageBufferCount]" value="<?= validHtmlStr($newMonitor['ImageBufferCount']) ?>"/>
+    <input type="hidden" name="newMonitor[WarmupCount]" value="<?= validHtmlStr($newMonitor['WarmupCount']) ?>"/>
+    <input type="hidden" name="newMonitor[PreEventCount]" value="<?= validHtmlStr($newMonitor['PreEventCount']) ?>"/>
+    <input type="hidden" name="newMonitor[PostEventCount]" value="<?= validHtmlStr($newMonitor['PostEventCount']) ?>"/>
+    <input type="hidden" name="newMonitor[StreamReplayBuffer]" value="<?= validHtmlStr($newMonitor['StreamReplayBuffer']) ?>"/>
+    <input type="hidden" name="newMonitor[AlarmFrameCount]" value="<?= validHtmlStr($newMonitor['AlarmFrameCount']) ?>"/>
 <?php
 }
-if ( ZM_OPT_CONTROL && $_REQUEST['tab'] != 'control' )
+if ( ZM_OPT_CONTROL && $tab != 'control' )
 {
 ?>
-    <input type="hidden" name="newMonitor[Controllable]" value="<?= $newMonitor['Controllable'] ?>"/>
-    <input type="hidden" name="newMonitor[ControlId]" value="<?= $newMonitor['ControlId'] ?>"/>
-    <input type="hidden" name="newMonitor[ControlDevice]" value="<?= $newMonitor['ControlDevice'] ?>"/>
-    <input type="hidden" name="newMonitor[ControlAddress]" value="<?= $newMonitor['ControlAddress'] ?>"/>
-    <input type="hidden" name="newMonitor[AutoStopTimeout]" value="<?= $newMonitor['AutoStopTimeout'] ?>"/>
-    <input type="hidden" name="newMonitor[TrackMotion]" value="<?= $newMonitor['TrackMotion'] ?>"/>
-    <input type="hidden" name="newMonitor[TrackDelay]" value="<?= $newMonitor['TrackDelay'] ?>"/>
-    <input type="hidden" name="newMonitor[ReturnLocation]" value="<?= $newMonitor['ReturnLocation'] ?>"/>
-    <input type="hidden" name="newMonitor[ReturnDelay]" value="<?= $newMonitor['ReturnDelay'] ?>"/>
+    <input type="hidden" name="newMonitor[Controllable]" value="<?= validHtmlStr($newMonitor['Controllable']) ?>"/>
+    <input type="hidden" name="newMonitor[ControlId]" value="<?= validHtmlStr($newMonitor['ControlId']) ?>"/>
+    <input type="hidden" name="newMonitor[ControlDevice]" value="<?= validHtmlStr($newMonitor['ControlDevice']) ?>"/>
+    <input type="hidden" name="newMonitor[ControlAddress]" value="<?= validHtmlStr($newMonitor['ControlAddress']) ?>"/>
+    <input type="hidden" name="newMonitor[AutoStopTimeout]" value="<?= validHtmlStr($newMonitor['AutoStopTimeout']) ?>"/>
+    <input type="hidden" name="newMonitor[TrackMotion]" value="<?= validHtmlStr($newMonitor['TrackMotion']) ?>"/>
+    <input type="hidden" name="newMonitor[TrackDelay]" value="<?= validHtmlStr($newMonitor['TrackDelay']) ?>"/>
+    <input type="hidden" name="newMonitor[ReturnLocation]" value="<?= validHtmlStr($newMonitor['ReturnLocation']) ?>"/>
+    <input type="hidden" name="newMonitor[ReturnDelay]" value="<?= validHtmlStr($newMonitor['ReturnDelay']) ?>"/>
 <?php
 }
-if ( ZM_OPT_X10 && $_REQUEST['tab'] != 'x10' )
+if ( ZM_OPT_X10 && $tab != 'x10' )
 {
 ?>
-    <input type="hidden" name="newX10Monitor[Activation]" value="<?= $newX10Monitor['Activation'] ?>"/>
-    <input type="hidden" name="newX10Monitor[AlarmInput]" value="<?= $newX10Monitor['AlarmInput'] ?>"/>
-    <input type="hidden" name="newX10Monitor[AlarmOutput]" value="<?= $newX10Monitor['AlarmOutput'] ?>"/>
+    <input type="hidden" name="newX10Monitor[Activation]" value="<?= validHtmlStr($newX10Monitor['Activation']) ?>"/>
+    <input type="hidden" name="newX10Monitor[AlarmInput]" value="<?= validHtmlStr($newX10Monitor['AlarmInput']) ?>"/>
+    <input type="hidden" name="newX10Monitor[AlarmOutput]" value="<?= validHtmlStr($newX10Monitor['AlarmOutput']) ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'misc' )
+if ( $tab != 'misc' )
 {
 ?>
-    <input type="hidden" name="newMonitor[EventPrefix]" value="<?= $newMonitor['EventPrefix'] ?>"/>
-    <input type="hidden" name="newMonitor[SectionLength]" value="<?= $newMonitor['SectionLength'] ?>"/>
-    <input type="hidden" name="newMonitor[FrameSkip]" value="<?= $newMonitor['FrameSkip'] ?>"/>
-    <input type="hidden" name="newMonitor[FPSReportInterval]" value="<?= $newMonitor['FPSReportInterval'] ?>"/>
-    <input type="hidden" name="newMonitor[DefaultView]" value="<?= $newMonitor['DefaultView'] ?>"/>
-    <input type="hidden" name="newMonitor[DefaultRate]" value="<?= $newMonitor['DefaultRate'] ?>"/>
-    <input type="hidden" name="newMonitor[DefaultScale]" value="<?= $newMonitor['DefaultScale'] ?>"/>
-    <input type="hidden" name="newMonitor[WebColour]" value="<?= $newMonitor['WebColour'] ?>"/>
+    <input type="hidden" name="newMonitor[EventPrefix]" value="<?= validHtmlStr($newMonitor['EventPrefix']) ?>"/>
+    <input type="hidden" name="newMonitor[SectionLength]" value="<?= validHtmlStr($newMonitor['SectionLength']) ?>"/>
+    <input type="hidden" name="newMonitor[FrameSkip]" value="<?= validHtmlStr($newMonitor['FrameSkip']) ?>"/>
+    <input type="hidden" name="newMonitor[FPSReportInterval]" value="<?= validHtmlStr($newMonitor['FPSReportInterval']) ?>"/>
+    <input type="hidden" name="newMonitor[DefaultView]" value="<?= validHtmlStr($newMonitor['DefaultView']) ?>"/>
+    <input type="hidden" name="newMonitor[DefaultRate]" value="<?= validHtmlStr($newMonitor['DefaultRate']) ?>"/>
+    <input type="hidden" name="newMonitor[DefaultScale]" value="<?= validHtmlStr($newMonitor['DefaultScale']) ?>"/>
+    <input type="hidden" name="newMonitor[WebColour]" value="<?= validHtmlStr($newMonitor['WebColour']) ?>"/>
 <?php
 }
-if ( $_REQUEST['tab'] != 'misc' || $newMonitor['Type'] != 'Local' )
+if ( $tab != 'misc' || $newMonitor['Type'] != 'Local' )
 {
 ?>
-    <input type="hidden" name="newMonitor[SignalCheckColour]" value="<?= $newMonitor['SignalCheckColour'] ?>"/>
+    <input type="hidden" name="newMonitor[SignalCheckColour]" value="<?= validHtmlStr($newMonitor['SignalCheckColour']) ?>"/>
 <?php
 }
 ?>
         <table id="contentTable" class="major" cellspacing="0">
           <tbody>
 <?php
-switch ( $_REQUEST['tab'] )
+switch ( $tab )
 {
     case 'general' :
     {
 ?>
-            <tr><td><?= $SLANG['Name'] ?></td><td><input type="text" name="newMonitor[Name]" value="<?= $newMonitor['Name'] ?>" size="16"/></td></tr>
+            <tr><td><?= $SLANG['Name'] ?></td><td><input type="text" name="newMonitor[Name]" value="<?= validHtmlStr($newMonitor['Name']) ?>" size="16"/></td></tr>
             <tr><td><?= $SLANG['SourceType'] ?></td><td><?= buildSelect( "newMonitor[Type]", $sourceTypes ); ?></td></tr>
             <tr><td><?= $SLANG['Function'] ?></td><td><select name="newMonitor[Function]">
 <?php
@@ -403,7 +405,7 @@ switch ( $_REQUEST['tab'] )
         if ( (empty($newMonitor['Id']) || ($monitor['Id'] != $newMonitor['Id'])) && visibleMonitor( $monitor['Id'] ) )
         {
 ?>
-                  <option value="<?= $monitor['Id'] ?>"<?php if ( array_key_exists( $monitor['Id'], $monitorIds ) ) { ?> selected="selected"<?php } ?>><?= htmlentities($monitor['Name']) ?></option>
+                  <option value="<?= $monitor['Id'] ?>"<?php if ( array_key_exists( $monitor['Id'], $monitorIds ) ) { ?> selected="selected"<?php } ?>><?= validHtmlStr($monitor['Name']) ?></option>
 <?php
         }
     }
@@ -411,9 +413,9 @@ switch ( $_REQUEST['tab'] )
                 </select>
               </td>
             </tr>
-            <tr><td><?= $SLANG['MaximumFPS'] ?></td><td><input type="text" name="newMonitor[MaxFPS]" value="<?= $newMonitor['MaxFPS'] ?>" size="6"/></td></tr>
-            <tr><td><?= $SLANG['AlarmMaximumFPS'] ?></td><td><input type="text" name="newMonitor[AlarmMaxFPS]" value="<?= $newMonitor['AlarmMaxFPS'] ?>" size="6"/></td></tr>
-            <tr><td><?= $SLANG['RefImageBlendPct'] ?></td><td><input type="text" name="newMonitor[RefBlendPerc]" value="<?= $newMonitor['RefBlendPerc'] ?>" size="4"/></td></tr>
+            <tr><td><?= $SLANG['MaximumFPS'] ?></td><td><input type="text" name="newMonitor[MaxFPS]" value="<?= validHtmlStr($newMonitor['MaxFPS']) ?>" size="6"/></td></tr>
+            <tr><td><?= $SLANG['AlarmMaximumFPS'] ?></td><td><input type="text" name="newMonitor[AlarmMaxFPS]" value="<?= validHtmlStr($newMonitor['AlarmMaxFPS']) ?>" size="6"/></td></tr>
+            <tr><td><?= $SLANG['RefImageBlendPct'] ?></td><td><input type="text" name="newMonitor[RefBlendPerc]" value="<?= validHtmlStr($newMonitor['RefBlendPerc']) ?>" size="4"/></td></tr>
             <tr><td><?= $SLANG['Triggers'] ?></td><td>
 <?php
         $optTriggers = getSetValues( 'Monitors', 'Triggers' );
@@ -455,7 +457,7 @@ switch ( $_REQUEST['tab'] )
         if ( $newMonitor['Type'] == "Local" )
         {
 ?>
-            <tr><td><?= $SLANG['DevicePath'] ?></td><td><input type="text" name="newMonitor[Device]" value="<?= $newMonitor['Device'] ?>" size="24"/></td></tr>
+            <tr><td><?= $SLANG['DevicePath'] ?></td><td><input type="text" name="newMonitor[Device]" value="<?= validHtmlStr($newMonitor['Device']) ?>" size="24"/></td></tr>
             <tr><td><?= $SLANG['DeviceChannel'] ?></td><td><select name="newMonitor[Channel]"><?php foreach ( $deviceChannels as $name => $value ) { ?><option value="<?= $value ?>"<?php if ( $value == $newMonitor['Channel'] ) { ?> selected="selected"<?php } ?>><?= $name ?></option><?php } ?></select></td></tr>
             <tr><td><?= $SLANG['DeviceFormat'] ?></td><td><select name="newMonitor[Format]"><?php foreach ( $deviceFormats as $name => $value ) { ?><option value="<?= $value ?>"<?php if ( $value == $newMonitor['Format'] ) { ?> selected="selected"<?php } ?>><?= $name ?></option><?php } ?></select></td></tr>
             <tr><td><?= $SLANG['CapturePalette'] ?></td><td><select name="newMonitor[Palette]"><?php foreach ( $localPalettes as $name => $value ) { ?><option value="<?= $value ?>"<?php if ( $value == $newMonitor['Palette'] ) { ?> selected="selected"<?php } ?>><?= $name ?></option><?php } ?></select></td></tr>
@@ -479,23 +481,23 @@ switch ( $_REQUEST['tab'] )
 <?php
             }
 ?>
-            <tr><td><?= $SLANG['RemoteHostName'] ?></td><td><input type="text" name="newMonitor[Host]" value="<?= $newMonitor['Host'] ?>" size="36"/></td></tr>
-            <tr><td><?= $SLANG['RemoteHostPort'] ?></td><td><input type="text" name="newMonitor[Port]" value="<?= $newMonitor['Port'] ?>" size="6"/></td></tr>
-            <tr><td><?= $SLANG['RemoteHostPath'] ?></td><td><input type="text" name="newMonitor[Path]" value="<?= $newMonitor['Path'] ?>" size="36"/></td></tr>
-            <tr><td><?= $SLANG['RemoteHostSubPath'] ?></td><td><input type="text" name="newMonitor[SubPath]" value="<?= $newMonitor['SubPath'] ?>" size="36"/></td></tr>
+            <tr><td><?= $SLANG['RemoteHostName'] ?></td><td><input type="text" name="newMonitor[Host]" value="<?= validHtmlStr($newMonitor['Host']) ?>" size="36"/></td></tr>
+            <tr><td><?= $SLANG['RemoteHostPort'] ?></td><td><input type="text" name="newMonitor[Port]" value="<?= validHtmlStr($newMonitor['Port']) ?>" size="6"/></td></tr>
+            <tr><td><?= $SLANG['RemoteHostPath'] ?></td><td><input type="text" name="newMonitor[Path]" value="<?= validHtmlStr($newMonitor['Path']) ?>" size="36"/></td></tr>
+            <tr><td><?= $SLANG['RemoteHostSubPath'] ?></td><td><input type="text" name="newMonitor[SubPath]" value="<?= validHtmlStr($newMonitor['SubPath']) ?>" size="36"/></td></tr>
             <tr><td><?= $SLANG['RemoteImageColours'] ?></td><td><select name="newMonitor[Palette]"><?php foreach ( $remoteColours as $name => $value ) { ?><option value="<?= $value ?>"<?php if ( $value == $newMonitor['Palette'] ) { ?> selected="selected"<?php } ?>><?= $name ?></option><?php } ?></select></td></tr>
 <?php
         }
         elseif ( $newMonitor['Type'] == "File" )
         {
 ?>
-            <tr><td><?= $SLANG['FilePath'] ?></td><td><input type="text" name="newMonitor[Path]" value="<?= $newMonitor['Path'] ?>" size="36"/></td></tr>
+            <tr><td><?= $SLANG['FilePath'] ?></td><td><input type="text" name="newMonitor[Path]" value="<?= validHtmlStr($newMonitor['Path']) ?>" size="36"/></td></tr>
             <tr><td><?= $SLANG['FileColours'] ?></td><td><select name="newMonitor[Palette]"><?php foreach ( $fileColours as $name => $value ) { ?><option value="<?= $value ?>"<?php if ( $value == $newMonitor['Palette'] ) { ?> selected="selected"<?php } ?>><?= $name ?></option><?php } ?></select></td></tr>
 <?php
         }
 ?>
-            <tr><td><?= $SLANG['CaptureWidth'] ?> (<?= $SLANG['Pixels'] ?>)</td><td><input type="text" name="newMonitor[Width]" value="<?= $newMonitor['Width'] ?>" size="4" onkeyup="updateMonitorDimensions(this);"/></td></tr>
-            <tr><td><?= $SLANG['CaptureHeight'] ?> (<?= $SLANG['Pixels'] ?>)</td><td><input type="text" name="newMonitor[Height]" value="<?= $newMonitor['Height'] ?>" size="4" onkeyup="updateMonitorDimensions(this);"/></td></tr>
+            <tr><td><?= $SLANG['CaptureWidth'] ?> (<?= $SLANG['Pixels'] ?>)</td><td><input type="text" name="newMonitor[Width]" value="<?= validHtmlStr($newMonitor['Width']) ?>" size="4" onkeyup="updateMonitorDimensions(this);"/></td></tr>
+            <tr><td><?= $SLANG['CaptureHeight'] ?> (<?= $SLANG['Pixels'] ?>)</td><td><input type="text" name="newMonitor[Height]" value="<?= validHtmlStr($newMonitor['Height']) ?>" size="4" onkeyup="updateMonitorDimensions(this);"/></td></tr>
             <tr><td><?= $SLANG['PreserveAspect'] ?></td><td><input type="checkbox" name="preserveAspectRatio" value="1"/></td></tr> 
             <tr><td><?= $SLANG['Orientation'] ?></td><td><select name="newMonitor[Orientation]"><?php foreach ( $orientations as $name => $value ) { ?><option value="<?= $value ?>"<?php if ( $value == $newMonitor['Orientation'] ) { ?> selected="selected"<?php } ?>><?= $name ?></option><?php } ?></select></td></tr>
 <?php
@@ -504,21 +506,21 @@ switch ( $_REQUEST['tab'] )
     case 'timestamp' :
     {
 ?>
-            <tr><td><?= $SLANG['TimestampLabelFormat'] ?></td><td><input type="text" name="newMonitor[LabelFormat]" value="<?= $newMonitor['LabelFormat'] ?>" size="32"/></td></tr>
-            <tr><td><?= $SLANG['TimestampLabelX'] ?></td><td><input type="text" name="newMonitor[LabelX]" value="<?= $newMonitor['LabelX'] ?>" size="4"/></td></tr>
-            <tr><td><?= $SLANG['TimestampLabelY'] ?></td><td><input type="text" name="newMonitor[LabelY]" value="<?= $newMonitor['LabelY'] ?>" size="4"/></td></tr>
+            <tr><td><?= $SLANG['TimestampLabelFormat'] ?></td><td><input type="text" name="newMonitor[LabelFormat]" value="<?= validHtmlStr($newMonitor['LabelFormat']) ?>" size="32"/></td></tr>
+            <tr><td><?= $SLANG['TimestampLabelX'] ?></td><td><input type="text" name="newMonitor[LabelX]" value="<?= validHtmlStr($newMonitor['LabelX']) ?>" size="4"/></td></tr>
+            <tr><td><?= $SLANG['TimestampLabelY'] ?></td><td><input type="text" name="newMonitor[LabelY]" value="<?= validHtmlStr($newMonitor['LabelY']) ?>" size="4"/></td></tr>
 <?php
         break;
     }
     case 'buffers' :
     {
 ?>
-            <tr><td><?= $SLANG['ImageBufferSize'] ?></td><td><input type="text" name="newMonitor[ImageBufferCount]" value="<?= $newMonitor['ImageBufferCount'] ?>" size="6"/></td></tr>
-            <tr><td><?= $SLANG['WarmupFrames'] ?></td><td><input type="text" name="newMonitor[WarmupCount]" value="<?= $newMonitor['WarmupCount'] ?>" size="4"/></td></tr>
-            <tr><td><?= $SLANG['PreEventImageBuffer'] ?></td><td><input type="text" name="newMonitor[PreEventCount]" value="<?= $newMonitor['PreEventCount'] ?>" size="4"/></td></tr>
-            <tr><td><?= $SLANG['PostEventImageBuffer'] ?></td><td><input type="text" name="newMonitor[PostEventCount]" value="<?= $newMonitor['PostEventCount'] ?>" size="4"/></td></tr>
-            <tr><td><?= $SLANG['StreamReplayBuffer'] ?></td><td><input type="text" name="newMonitor[StreamReplayBuffer]" value="<?= $newMonitor['StreamReplayBuffer'] ?>" size="6"/></td></tr>
-<tr><td><?= $SLANG['AlarmFrameCount'] ?></td><td><input type="text" name="newMonitor[AlarmFrameCount]" value="<?= $newMonitor['AlarmFrameCount'] ?>" size="4"/></td></tr>
+            <tr><td><?= $SLANG['ImageBufferSize'] ?></td><td><input type="text" name="newMonitor[ImageBufferCount]" value="<?= validHtmlStr($newMonitor['ImageBufferCount']) ?>" size="6"/></td></tr>
+            <tr><td><?= $SLANG['WarmupFrames'] ?></td><td><input type="text" name="newMonitor[WarmupCount]" value="<?= validHtmlStr($newMonitor['WarmupCount']) ?>" size="4"/></td></tr>
+            <tr><td><?= $SLANG['PreEventImageBuffer'] ?></td><td><input type="text" name="newMonitor[PreEventCount]" value="<?= validHtmlStr($newMonitor['PreEventCount']) ?>" size="4"/></td></tr>
+            <tr><td><?= $SLANG['PostEventImageBuffer'] ?></td><td><input type="text" name="newMonitor[PostEventCount]" value="<?= validHtmlStr($newMonitor['PostEventCount']) ?>" size="4"/></td></tr>
+            <tr><td><?= $SLANG['StreamReplayBuffer'] ?></td><td><input type="text" name="newMonitor[StreamReplayBuffer]" value="<?= validHtmlStr($newMonitor['StreamReplayBuffer']) ?>" size="6"/></td></tr>
+<tr><td><?= $SLANG['AlarmFrameCount'] ?></td><td><input type="text" name="newMonitor[AlarmFrameCount]" value="<?= validHtmlStr($newMonitor['AlarmFrameCount']) ?>" size="4"/></td></tr>
 <?php
         break;
     }
@@ -527,9 +529,9 @@ switch ( $_REQUEST['tab'] )
 ?>
             <tr><td><?= $SLANG['Controllable'] ?></td><td><input type="checkbox" name="newMonitor[Controllable]" value="1"<?php if ( !empty($newMonitor['Controllable']) ) { ?> checked="checked"<?php } ?>/></td></tr>
             <tr><td><?= $SLANG['ControlType'] ?></td><td><?= buildSelect( "newMonitor[ControlId]", $controlTypes, 'loadLocations( this )' ); ?><?php if ( canEdit( 'Control' ) ) { ?>&nbsp;<a href="#" onlick="createPopup( '?view=controlcaps', 'zmControlCaps', 'controlcaps' );"><?= $SLANG['Edit'] ?></a><?php } ?></td></tr>
-            <tr><td><?= $SLANG['ControlDevice'] ?></td><td><input type="text" name="newMonitor[ControlDevice]" value="<?= $newMonitor['ControlDevice'] ?>" size="32"/></td></tr>
-            <tr><td><?= $SLANG['ControlAddress'] ?></td><td><input type="text" name="newMonitor[ControlAddress]" value="<?= $newMonitor['ControlAddress'] ?>" size="32"/></td></tr>
-            <tr><td><?= $SLANG['AutoStopTimeout'] ?></td><td><input type="text" name="newMonitor[AutoStopTimeout]" value="<?= $newMonitor['AutoStopTimeout'] ?>" size="4"/></td></tr>
+            <tr><td><?= $SLANG['ControlDevice'] ?></td><td><input type="text" name="newMonitor[ControlDevice]" value="<?= validHtmlStr($newMonitor['ControlDevice']) ?>" size="32"/></td></tr>
+            <tr><td><?= $SLANG['ControlAddress'] ?></td><td><input type="text" name="newMonitor[ControlAddress]" value="<?= validHtmlStr($newMonitor['ControlAddress']) ?>" size="32"/></td></tr>
+            <tr><td><?= $SLANG['AutoStopTimeout'] ?></td><td><input type="text" name="newMonitor[AutoStopTimeout]" value="<?= validHtmlStr($newMonitor['AutoStopTimeout']) ?>" size="4"/></td></tr>
             <tr><td><?= $SLANG['TrackMotion'] ?></td><td><input type="checkbox" name="newMonitor[TrackMotion]" value="1"<?php if ( !empty($newMonitor['TrackMotion']) ) { ?> checked="checked"<?php } ?>/></td></tr>
 <?php
         $return_options = array(
@@ -538,28 +540,28 @@ switch ( $_REQUEST['tab'] )
             '1' => $SLANG['Preset']." 1",
         );
 ?>
-            <tr><td><?= $SLANG['TrackDelay'] ?></td><td><input type="text" name="newMonitor[TrackDelay]" value="<?= $newMonitor['TrackDelay'] ?>" size="4"/></td></tr>
+            <tr><td><?= $SLANG['TrackDelay'] ?></td><td><input type="text" name="newMonitor[TrackDelay]" value="<?= validHtmlStr($newMonitor['TrackDelay']) ?>" size="4"/></td></tr>
             <tr><td><?= $SLANG['ReturnLocation'] ?></td><td><?= buildSelect( "newMonitor[ReturnLocation]", $return_options ); ?></td></tr>
-            <tr><td><?= $SLANG['ReturnDelay'] ?></td><td><input type="text" name="newMonitor[ReturnDelay]" value="<?= $newMonitor['ReturnDelay'] ?>" size="4"/></td></tr>
+            <tr><td><?= $SLANG['ReturnDelay'] ?></td><td><input type="text" name="newMonitor[ReturnDelay]" value="<?= validHtmlStr($newMonitor['ReturnDelay']) ?>" size="4"/></td></tr>
 <?php
         break;
     }
     case 'x10' :
     {
 ?>
-            <tr><td><?= $SLANG['X10ActivationString'] ?></td><td><input type="text" name="newX10Monitor[Activation]" value="<?= $newX10Monitor['Activation'] ?>" size="20"/></td></tr>
-            <tr><td><?= $SLANG['X10InputAlarmString'] ?></td><td><input type="text" name="newX10Monitor[AlarmInput]" value="<?= $newX10Monitor['AlarmInput'] ?>" size="20"/></td></tr>
-            <tr><td><?= $SLANG['X10OutputAlarmString'] ?></td><td><input type="text" name="newX10Monitor[AlarmOutput]" value="<?= $newX10Monitor['AlarmOutput'] ?>" size="20"/></td></tr>
+            <tr><td><?= $SLANG['X10ActivationString'] ?></td><td><input type="text" name="newX10Monitor[Activation]" value="<?= validHtmlStr($newX10Monitor['Activation']) ?>" size="20"/></td></tr>
+            <tr><td><?= $SLANG['X10InputAlarmString'] ?></td><td><input type="text" name="newX10Monitor[AlarmInput]" value="<?= validHtmlStr($newX10Monitor['AlarmInput']) ?>" size="20"/></td></tr>
+            <tr><td><?= $SLANG['X10OutputAlarmString'] ?></td><td><input type="text" name="newX10Monitor[AlarmOutput]" value="<?= validHtmlStr($newX10Monitor['AlarmOutput']) ?>" size="20"/></td></tr>
 <?php
         break;
     }
     case 'misc' :
     {
 ?>
-            <tr><td><?= $SLANG['EventPrefix'] ?></td><td><input type="text" name="newMonitor[EventPrefix]" value="<?= $newMonitor['EventPrefix'] ?>" size="24"/></td></tr>
-            <tr><td><?= $SLANG['Sectionlength'] ?></td><td><input type="text" name="newMonitor[SectionLength]" value="<?= $newMonitor['SectionLength'] ?>" size="6"/></td></tr>
-            <tr><td><?= $SLANG['FrameSkip'] ?></td><td><input type="text" name="newMonitor[FrameSkip]" value="<?= $newMonitor['FrameSkip'] ?>" size="6"/></td></tr>
-            <tr><td><?= $SLANG['FPSReportInterval'] ?></td><td><input type="text" name="newMonitor[FPSReportInterval]" value="<?= $newMonitor['FPSReportInterval'] ?>" size="6"/></td></tr>
+            <tr><td><?= $SLANG['EventPrefix'] ?></td><td><input type="text" name="newMonitor[EventPrefix]" value="<?= validHtmlStr($newMonitor['EventPrefix']) ?>" size="24"/></td></tr>
+            <tr><td><?= $SLANG['Sectionlength'] ?></td><td><input type="text" name="newMonitor[SectionLength]" value="<?= validHtmlStr($newMonitor['SectionLength']) ?>" size="6"/></td></tr>
+            <tr><td><?= $SLANG['FrameSkip'] ?></td><td><input type="text" name="newMonitor[FrameSkip]" value="<?= validHtmlStr($newMonitor['FrameSkip']) ?>" size="6"/></td></tr>
+            <tr><td><?= $SLANG['FPSReportInterval'] ?></td><td><input type="text" name="newMonitor[FPSReportInterval]" value="<?= validHtmlStr($newMonitor['FPSReportInterval']) ?>" size="6"/></td></tr>
             <tr><td><?= $SLANG['DefaultView'] ?></td><td><select name="newMonitor[DefaultView]">
 <?php
         foreach ( getEnumValues( 'Monitors', 'DefaultView' ) as $opt_view )
@@ -578,11 +580,11 @@ switch ( $_REQUEST['tab'] )
         if ( $newMonitor['Type'] == "Local" )
         {
 ?>
-            <tr><td><?= $SLANG['SignalCheckColour'] ?></td><td><input type="text" name="newMonitor[SignalCheckColour]" value="<?= $newMonitor['SignalCheckColour'] ?>" size="10" onchange="$('SignalCheckSwatch').setStyle( 'backgroundColor', this.value )"/><span id="SignalCheckSwatch" class="swatch" style="background-color: <?= $newMonitor['SignalCheckColour'] ?>;">&nbsp;&nbsp;&nbsp;&nbsp;</span></td></tr>
+            <tr><td><?= $SLANG['SignalCheckColour'] ?></td><td><input type="text" name="newMonitor[SignalCheckColour]" value="<?= validHtmlStr($newMonitor['SignalCheckColour']) ?>" size="10" onchange="$('SignalCheckSwatch').setStyle( 'backgroundColor', this.value )"/><span id="SignalCheckSwatch" class="swatch" style="background-color: <?= $newMonitor['SignalCheckColour'] ?>;">&nbsp;&nbsp;&nbsp;&nbsp;</span></td></tr>
 <?php
         }
 ?>
-            <tr><td><?= $SLANG['WebColour'] ?></td><td><input type="text" name="newMonitor[WebColour]" value="<?= $newMonitor['WebColour'] ?>" size="10" onchange="$('WebSwatch').setStyle( 'backgroundColor', this.value )"/><span id="WebSwatch" class="swatch" style="background-color: <?= $newMonitor['WebColour'] ?>;">&nbsp;&nbsp;&nbsp;&nbsp;</span></td></tr>
+            <tr><td><?= $SLANG['WebColour'] ?></td><td><input type="text" name="newMonitor[WebColour]" value="<?= validHtmlStr($newMonitor['WebColour']) ?>" size="10" onchange="$('WebSwatch').setStyle( 'backgroundColor', this.value )"/><span id="WebSwatch" class="swatch" style="background-color: <?= validHtmlStr($newMonitor['WebColour']) ?>;">&nbsp;&nbsp;&nbsp;&nbsp;</span></td></tr>
 <?php
         break;
     }
diff --git a/web/skins/classic/views/monitorpreset.php b/web/skins/classic/views/monitorpreset.php
index 20b1d9a6f..2b13ebeeb 100644
--- a/web/skins/classic/views/monitorpreset.php
+++ b/web/skins/classic/views/monitorpreset.php
@@ -20,7 +20,7 @@
 
 if ( !canEdit( 'Monitors' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 $sql = "select Id,Name from MonitorPresets";
@@ -43,7 +43,7 @@ xhtmlHeaders(__FILE__, $SLANG['MonitorPreset'] );
     <div id="content">
       <form name="contentForm" id="contentForm" method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
         <input type="hidden" name="view" value="none"/>
-        <input type="hidden" name="mid" value="<?= $_REQUEST['mid'] ?>"/>
+        <input type="hidden" name="mid" value="<?= validNum($_REQUEST['mid']) ?>"/>
         <p>
           <?= $SLANG['MonitorPresetIntro'] ?>
         </p>
diff --git a/web/skins/classic/views/montage.php b/web/skins/classic/views/montage.php
index 422688788..f6a714bff 100644
--- a/web/skins/classic/views/montage.php
+++ b/web/skins/classic/views/montage.php
@@ -20,7 +20,7 @@
 
 if ( !canView( 'Stream' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -122,7 +122,7 @@ else
     $streamSrc = getStreamSrc( array( "mode=jpeg", "monitor=".$monitor['Id'], "scale=".$scale, "maxfps=".ZM_WEB_VIDEO_MAXFPS ) );
     if ( canStreamNative() )
     {
-        outputImageStream( "liveStream".$monitor['Id'], $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), $monitor['Name'] );
+        outputImageStream( "liveStream".$monitor['Id'], $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), validHtmlStr($monitor['Name']) );
     }
     else
     {
diff --git a/web/skins/classic/views/optionhelp.php b/web/skins/classic/views/optionhelp.php
index 3acc8fbb9..7b5fef1c1 100644
--- a/web/skins/classic/views/optionhelp.php
+++ b/web/skins/classic/views/optionhelp.php
@@ -34,8 +34,8 @@ xhtmlHeaders(__FILE__, $SLANG['OptionHelp'] );
       <h2><?= $SLANG['OptionHelp'] ?></h2>
     </div>
     <div id="content">
-      <h3><?= $_REQUEST['option'] ?></h3>
-      <p class="textblock"><?= htmlentities($optionHelpText) ?></p>
+      <h3><?= validHtmlStr($_REQUEST['option']) ?></h3>
+      <p class="textblock"><?= validHtmlStr($optionHelpText) ?></p>
     </div>
   </div>
 </body>
diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php
index 52ba40fe2..b8942286b 100644
--- a/web/skins/classic/views/options.php
+++ b/web/skins/classic/views/options.php
@@ -20,7 +20,7 @@
 
 if ( !canView( 'System' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -42,8 +42,10 @@ $tabs['phoneband'] = $SLANG['PhoneBW'];
 if ( ZM_OPT_USE_AUTH )
     $tabs['users'] = $SLANG['Users'];
 
-if ( !isset($_REQUEST['tab']) )
-    $_REQUEST['tab'] = "system";
+if ( isset($_REQUEST['tab']) )
+    $tab = validHtmlStr($_REQUEST['tab']);
+else
+    $tab = "system";
 
 $focusWindow = true;
 
@@ -59,7 +61,7 @@ xhtmlHeaders( __FILE__, $SLANG['Options'] );
 <?php
 foreach ( $tabs as $name=>$value )
 {
-    if ( $_REQUEST['tab'] == $name )
+    if ( $tab == $name )
     {
 ?>
         <li class="active"><?= $value ?></li>
@@ -68,7 +70,7 @@ foreach ( $tabs as $name=>$value )
     else
     {
 ?>
-        <li><a href="?view=<?= $_REQUEST['view'] ?>&tab=<?= $name ?>"><?= $value ?></a></li>
+        <li><a href="?view=<?= $view ?>&tab=<?= $name ?>"><?= $value ?></a></li>
 <?php
     }
 }
@@ -76,12 +78,12 @@ foreach ( $tabs as $name=>$value )
       </ul>
       <div class="clear"></div>
 <?php 
-if ( $_REQUEST['tab'] == "users" )
+if ( $tab == "users" )
 {
 ?>
       <form name="userForm" method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
-        <input type="hidden" name="tab" value="<?= $_REQUEST['tab'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
+        <input type="hidden" name="tab" value="<?= $tab ?>"/>
         <input type="hidden" name="action" value="delete"/>
         <table id="contentTable" class="major userTable" cellspacing="0">
           <thead>
@@ -121,14 +123,14 @@ if ( $_REQUEST['tab'] == "users" )
         }
 ?>
             <tr>
-              <td class="colUsername"><?= makePopupLink( '?view=user&uid='.$row['Id'], 'zmUser', 'user', $row['Username'].($user['Username']==$row['Username']?"*":""), canEdit( 'System' ) ) ?></td>
-              <td class="colLanguage"><?= $row['Language']?$row['Language']:'default' ?></td>
+              <td class="colUsername"><?= makePopupLink( '?view=user&uid='.$row['Id'], 'zmUser', 'user', validHtmlStr($row['Username']).($user['Username']==$row['Username']?"*":""), canEdit( 'System' ) ) ?></td>
+              <td class="colLanguage"><?= $row['Language']?validHtmlStr($row['Language']):'default' ?></td>
               <td class="colEnabled"><?= $row['Enabled']?$SLANG['Yes']:$SLANG['No'] ?></td>
-              <td class="colStream"><?= $row['Stream'] ?></td>
-              <td class="colEvents"><?= $row['Events'] ?></td>
-              <td class="colControl"><?= $row['Control'] ?></td>
-              <td class="colMonitors"><?= $row['Monitors'] ?></td>
-              <td class="colSystem"><?= $row['System'] ?></td>
+              <td class="colStream"><?= validHtmlStr($row['Stream']) ?></td>
+              <td class="colEvents"><?= validHtmlStr($row['Events']) ?></td>
+              <td class="colControl"><?= validHtmlStr($row['Control']) ?></td>
+              <td class="colMonitors"><?= validHtmlStr($row['Monitors']) ?></td>
+              <td class="colSystem"><?= validHtmlStr($row['System']) ?></td>
               <td class="colBandwidth"><?= $row['MaxBandwidth']?$bwArray[$row['MaxBandwidth']]:'&nbsp;' ?></td>
               <td class="colMonitor"><?= $row['MonitorIds']?(join( ", ", $userMonitors )):"&nbsp;" ?></td>
               <td class="colMark"><input type="checkbox" name="markUids[]" value="<?= $row['Id'] ?>" onclick="configureButton( this );"<?php if ( !canEdit( 'System' ) ) { ?> disabled="disabled"<?php } ?>/></td>
@@ -146,14 +148,14 @@ if ( $_REQUEST['tab'] == "users" )
 }
 else
 {
-    if ( $_REQUEST['tab'] == "system" )
+    if ( $tab == "system" )
     {
-        $configCats[$_REQUEST['tab']]['ZM_LANG_DEFAULT']['Hint'] = join( '|', getLanguages() );
+        $configCats[$tab]['ZM_LANG_DEFAULT']['Hint'] = join( '|', getLanguages() );
     }
 ?>
       <form name="optionsForm" method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
-        <input type="hidden" name="tab" value="<?= $_REQUEST['tab'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
+        <input type="hidden" name="tab" value="<?= $tab ?>"/>
         <input type="hidden" name="action" value="options"/>
         <table id="contentTable" class="major optionTable" cellspacing="0">
           <thead>
@@ -165,7 +167,7 @@ else
           </thead>
           <tbody>
 <?php
-    $configCat = $configCats[$_REQUEST['tab']];
+    $configCat = $configCats[$tab];
     foreach ( $configCat as $name=>$value )
     {
         $optionPromptIndex = preg_replace( '/^ZM_/', '', $name );
@@ -173,7 +175,7 @@ else
 ?>
             <tr>
               <td><?= $value['Name'] ?></td>
-              <td><?= htmlentities($optionPromptText) ?>&nbsp;(<?= makePopupLink( '?view=optionhelp&option='.$value['Name'], 'zmOptionHelp', 'optionhelp', '?' ) ?>)</td>
+              <td><?= validHtmlStr($optionPromptText) ?>&nbsp;(<?= makePopupLink( '?view=optionhelp&option='.$value['Name'], 'zmOptionHelp', 'optionhelp', '?' ) ?>)</td>
 <?php   
         if ( $value['Type'] == "boolean" )
         {
@@ -218,31 +220,31 @@ else
         elseif ( $value['Type'] == "text" )
         {
 ?>
-              <td><textarea id="<?= $value['Name'] ?>" name="newConfig[<?= $value['Name'] ?>]" rows="5" cols="40"><?= htmlspecialchars($value['Value']) ?></textarea></td>
+              <td><textarea id="<?= $value['Name'] ?>" name="newConfig[<?= $value['Name'] ?>]" rows="5" cols="40"><?= validHtmlStr($value['Value']) ?></textarea></td>
 <?php
         }
         elseif ( $value['Type'] == "integer" )
         {
 ?>
-              <td><input type="text" id="<?= $value['Name'] ?>" name="newConfig[<?= $value['Name'] ?>]" value="<?= $value['Value'] ?>" class="small"/></td>
+              <td><input type="text" id="<?= $value['Name'] ?>" name="newConfig[<?= $value['Name'] ?>]" value="<?= validHtmlStr($value['Value']) ?>" class="small"/></td>
 <?php
         }
         elseif ( $value['Type'] == "hexadecimal" )
         {
 ?>
-              <td><input type="text" id="<?= $value['Name'] ?>" name="newConfig[<?= $value['Name'] ?>]" value="<?= $value['Value'] ?>" class="medium"/></td>
+              <td><input type="text" id="<?= $value['Name'] ?>" name="newConfig[<?= $value['Name'] ?>]" value="<?= validHtmlStr($value['Value']) ?>" class="medium"/></td>
 <?php
         }
         elseif ( $value['Type'] == "decimal" )
         {
 ?>
-              <td><input type="text" id="<?= $value['Name'] ?>" name="newConfig[<?= $value['Name'] ?>]" value="<?= $value['Value'] ?>" class="small"/></td>
+              <td><input type="text" id="<?= $value['Name'] ?>" name="newConfig[<?= $value['Name'] ?>]" value="<?= validHtmlStr($value['Value']) ?>" class="small"/></td>
 <?php
         }
         else
         {
 ?>
-              <td><input type="text" id="<?= $value['Name'] ?>" name="newConfig[<?= $value['Name'] ?>]" value="<?= $value['Value'] ?>" class="large"/></td>
+              <td><input type="text" id="<?= $value['Name'] ?>" name="newConfig[<?= $value['Name'] ?>]" value="<?= validHtmlStr($value['Value']) ?>" class="large"/></td>
 <?php
         }
 ?>
diff --git a/web/skins/classic/views/settings.php b/web/skins/classic/views/settings.php
index e53174580..ee8ff799a 100644
--- a/web/skins/classic/views/settings.php
+++ b/web/skins/classic/views/settings.php
@@ -20,13 +20,13 @@
 
 if ( !canView( 'Control' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 $monitor = dbFetchMonitor( $_REQUEST['mid'] );
 
-$zmuCommand = getZmuCommand( " -m ".$_REQUEST['mid']." -B -C -H -O" );
-$zmuOutput = exec( escapeshellcmd( $zmuCommand ) );
+$zmuCommand = getZmuCommand( " -m ".escapeshellarg($_REQUEST['mid'])." -B -C -H -O" );
+$zmuOutput = exec( $zmuCommand );
 list( $brightness, $contrast, $hue, $colour ) = split( ' ', $zmuOutput );
 
 $monitor['Brightness'] = $brightness;
@@ -36,18 +36,18 @@ $monitor['Colour'] = $colour;
 
 $focusWindow = true;
 
-xhtmlHeaders(__FILE__, $monitor['Name']." - ".$SLANG['Settings'] );
+xhtmlHeaders(__FILE__, validHtmlStr($monitor['Name'])." - ".$SLANG['Settings'] );
 ?>
 <body>
   <div id="page">
     <div id="header">
-      <h2><?= $monitor['Name'] ?> - <?= $SLANG['Settings'] ?></h2>
+      <h2><?= validHtmlStr($monitor['Name']) ?> - <?= $SLANG['Settings'] ?></h2>
     </div>
     <div id="content">
       <form name="contentForm" id="contentForm" method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
         <input type="hidden" name="action" value="settings"/>
-        <input type="hidden" name="mid" value="<?= $_REQUEST['mid'] ?>"/>
+        <input type="hidden" name="mid" value="<?= validInt($_REQUEST['mid']) ?>"/>
         <table id="contentTable" class="major" cellspacing="0">
           <tbody>
             <tr>
diff --git a/web/skins/classic/views/siren.php b/web/skins/classic/views/siren.php
deleted file mode 100644
index a93a7b5c8..000000000
--- a/web/skins/classic/views/siren.php
+++ /dev/null
@@ -1,68 +0,0 @@
-<?php
-//
-// ZoneMinder web siren view file, $Date$, $Revision$
-// Copyright (C) 2001-2008 Philip Coombes
-//
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
-//
-
-if ( !canView( 'Stream' ) )
-{
-    $_REQUEST['view'] = "error";
-    return;
-}
-
-$soundSrc = ZM_DIR_SOUNDS.'/'.ZM_WEB_ALARM_SOUND;
-
-?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<link rel="stylesheet" href="zm_html_styles.css" type="text/css">
-</head>
-<body>
-<?php
-if ( ZM_WEB_USE_OBJECT_TAGS && isWindows() )
-{
-?>
-<object id="MediaPlayer" width="0" height="0"
-classid="CLSID:22D6F312-B0F6-11D0-94AB-0080C74C7E95"
-codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=6,0,02,902"
-<param name="FileName" value="<?= $soundSrc ?>">
-<param name="autoStart" value="1">
-<param name="loop" value="1">
-<param name=hidden value="1">
-<param name="showControls" value="0">
-<embed src="<?= $soundSrc ?>"
-autostart="true"
-loop="true"
-hidden="true">
-</embed>
-</object>
-<?php
-}
-else
-{
-?>
-<embed src="<?= $soundSrc ?>"
-autostart="true"
-loop="true"
-hidden="true">
-</embed>
-<?php
-}
-?>
-</body>
-</html>
diff --git a/web/skins/classic/views/state.php b/web/skins/classic/views/state.php
index 8b50182db..1311b7d5d 100644
--- a/web/skins/classic/views/state.php
+++ b/web/skins/classic/views/state.php
@@ -20,7 +20,7 @@
 
 if ( !canEdit( 'System' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 $running = daemonCheck();
@@ -39,10 +39,10 @@ xhtmlHeaders(__FILE__, $SLANG['RunState'] );
     <div id="content">
       <form name="contentForm" id="contentForm" method="get" action="<?= $_SERVER['PHP_SELF'] ?>">
 <?php
-if ( empty($apply) )
+if ( empty($_REQUEST['apply']) )
 {
 ?>
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
         <input type="hidden" name="action" value=""/>
         <input type="hidden" name="apply" value="1"/>
         <p>
@@ -93,7 +93,7 @@ else
 ?>
         <input type="hidden" name="view" value="none"/>
         <input type="hidden" name="action" value="state"/>
-        <input type="hidden" name="runState" value="<?= $runState ?>"/>
+        <input type="hidden" name="runState" value="<?= validHtmlStr($_REQUEST['runState']) ?>"/>
         <p><?= $SLANG['ApplyingStateChange'] ?></p>
         <p><?= $SLANG['PleaseWait'] ?></p>
 <?php
diff --git a/web/skins/classic/views/stats.php b/web/skins/classic/views/stats.php
index 5748e895e..c668ced6c 100644
--- a/web/skins/classic/views/stats.php
+++ b/web/skins/classic/views/stats.php
@@ -20,15 +20,19 @@
 
 if ( !canView( 'Events' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
-$sql = "select S.*,E.*,Z.Name as ZoneName,Z.Units,Z.Area,M.Name as MonitorName,M.Width,M.Height from Stats as S left join Events as E on S.EventId = E.Id left join Zones as Z on S.ZoneId = Z.Id left join Monitors as M on E.MonitorId = M.Id where S.EventId = '".dbEscape($_REQUEST['eid'])."' and S.FrameId = '".$_REQUEST['fid']."' order by S.ZoneId";
+
+$eid = validInt($_REQUEST['eid']);
+$fid = validInt($_REQUEST['fid']);
+
+$sql = "select S.*,E.*,Z.Name as ZoneName,Z.Units,Z.Area,M.Name as MonitorName,M.Width,M.Height from Stats as S left join Events as E on S.EventId = E.Id left join Zones as Z on S.ZoneId = Z.Id left join Monitors as M on E.MonitorId = M.Id where S.EventId = '".dbEscape($eid)."' and S.FrameId = '".dbEscape($fid)."' order by S.ZoneId";
 $stats = dbFetchAll( $sql );
 
 $focusWindow = true;
 
-xhtmlHeaders(__FILE__, $SLANG['Stats']." - ".$_REQUEST['eid']." - ".$_REQUEST['fid'] );
+xhtmlHeaders(__FILE__, $SLANG['Stats']." - ".$eid." - ".$fid );
 ?>
 <body>
   <div id="page">
@@ -36,7 +40,7 @@ xhtmlHeaders(__FILE__, $SLANG['Stats']." - ".$_REQUEST['eid']." - ".$_REQUEST['f
       <div id="headerButtons">
         <a href="#" onclick="closeWindow(); return( false );"><?= $SLANG['Close'] ?></a>
       </div>
-      <h2><?= $SLANG['Stats'] ?> - <?= $_REQUEST['eid'] ?> - <?= $_REQUEST['fid'] ?></h2>
+      <h2><?= $SLANG['Stats'] ?> - <?= $eid ?> - <?= $fid ?></h2>
     </div>
     <div id="content">
       <form name="contentForm" id="contentForm" method="get" action="<?= $_SERVER['PHP_SELF'] ?>">
@@ -63,12 +67,12 @@ if ( count($stats) )
     {
 ?>
             <tr>
-              <td class="colZone"><?= $stat['ZoneName'] ?></td>
-              <td class="colPixelDiff"><?= $stat['PixelDiff'] ?></td>
+              <td class="colZone"><?= validHtmlStr($stat['ZoneName']) ?></td>
+              <td class="colPixelDiff"><?= validHtmlStr($stat['PixelDiff']) ?></td>
               <td class="colAlarmPx"><?= sprintf( "%d (%d%%)", $stat['AlarmPixels'], (100*$stat['AlarmPixels']/$stat['Area']) ) ?></td>
               <td class="colFilterPx"><?= sprintf( "%d (%d%%)", $stat['FilterPixels'], (100*$stat['FilterPixels']/$stat['Area']) ) ?></td>
               <td class="colBlobPx"><?= sprintf( "%d (%d%%)", $stat['BlobPixels'], (100*$stat['BlobPixels']/$stat['Area']) ) ?></td>
-              <td class="colBlobs"><?= $stat['Blobs'] ?></td>
+              <td class="colBlobs"><?= validHtmlStr($stat['Blobs']) ?></td>
 <?php
 if ( $stat['Blobs'] > 1 )
 {
@@ -83,7 +87,7 @@ else
 <?php
 }
 ?>
-              <td class="colAlarmLimits"><?= $stat['MinX'].",".$stat['MinY']."-".$stat['MaxX'].",".$stat['MaxY'] ?></td>
+              <td class="colAlarmLimits"><?= validHtmlStr($stat['MinX'].",".$stat['MinY']."-".$stat['MaxX'].",".$stat['MaxY']) ?></td>
               <td class="colScore"><?= $stat['Score'] ?></td>
             </tr>
 <?php
diff --git a/web/skins/classic/views/status.php b/web/skins/classic/views/status.php
index 7cfa4e66f..113c23d88 100644
--- a/web/skins/classic/views/status.php
+++ b/web/skins/classic/views/status.php
@@ -20,7 +20,7 @@
 
 if ( !canView( 'System' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -28,7 +28,7 @@ $zmuCommand = getZmuCommand( " --list" );
 $result = exec( escapeshellcmd( $zmuCommand ), $output );
 
 $refresh = ZM_WEB_REFRESH_STATUS;
-$url = '?view='.$_REQUEST['view'];
+$url = '?view='.$view;
 noCacheHeaders();
 
 xhtmlHeaders(__FILE__, $SLANG['Status'] );
diff --git a/web/skins/classic/views/timeline.php b/web/skins/classic/views/timeline.php
index 24bb7b2a1..1237fd607 100644
--- a/web/skins/classic/views/timeline.php
+++ b/web/skins/classic/views/timeline.php
@@ -19,7 +19,7 @@
 
 if ( !canView( 'Events' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -72,7 +72,7 @@ if ( !isset($mode) )
     $mode = "overlay";
 
 $minEventWidth = 5;
-$maxEventWidth = 20;
+$maxEventWidth = 5;
 
 $chart = array(
     "width"=>700,
@@ -159,13 +159,13 @@ else
     $tree = false;
 
 if ( isset($_REQUEST['range']) )
-    $range = $_REQUEST['range'];
+    $range = validHtmlStr($_REQUEST['range']);
 if ( isset($_REQUEST['minTime']) )
-    $minTime = $_REQUEST['minTime'];
+    $minTime = validHtmlStr($_REQUEST['minTime']);
 if ( isset($_REQUEST['midTime']) )
-    $midTime = $_REQUEST['midTime'];
+    $midTime = validHtmlStr($_REQUEST['midTime']);
 if ( isset($_REQUEST['maxTime']) )
-    $maxTime = $_REQUEST['maxTime'];
+    $maxTime = validHtmlStr($_REQUEST['maxTime']);
 
 if ( isset($range) )
 {
@@ -386,10 +386,13 @@ foreach( dbFetchAll( $eventsSql ) as $event )
     {
         if ( $startIndex == $endIndex )
         {
+            $framesSql = "select FrameId,Score from Frames where EventId = '".$event['Id']."' and Score > 0 order by Score desc limit 1";
+            $frame = dbFetchOne( $framesSql );
+
             $i = $startIndex;
             if ( !isset($currFrameSlots[$i]) )
             {
-                $currFrameSlots[$i] = array( "count"=>1, "value"=>$event['MaxScore'], "event"=>$event );
+                $currFrameSlots[$i] = array( "count"=>1, "value"=>$event['MaxScore'], "event"=>$event, "frame"=>$frame );
             }
             else
             {
@@ -398,6 +401,7 @@ foreach( dbFetchAll( $eventsSql ) as $event )
                 {
                     $currFrameSlots[$i]['value'] = $event['MaxScore'];
                     $currFrameSlots[$i]['event'] = $event;
+                    $currFrameSlots[$i]['frame'] = $frame;
                 }
             }
             if ( $event['MaxScore'] > $chart['data']['y']['hi'] )
@@ -407,7 +411,7 @@ foreach( dbFetchAll( $eventsSql ) as $event )
         }
         else
         {
-            $framesSql = "select F.FrameId,F.Delta,unix_timestamp(F.TimeStamp) as TimeT,F.Score from Frames as F where F.EventId = '".$event['Id']."' and F.Score > 0";
+            $framesSql = "select FrameId,Delta,unix_timestamp(TimeStamp) as TimeT,Score from Frames where EventId = '".$event['Id']."' and Score > 0";
             foreach( dbFetchAll( $framesSql ) as $frame )
             {
                 if ( $frame['Score'] == 0 )
@@ -447,21 +451,23 @@ ksort( $monitorIds, SORT_NUMERIC );
 ksort( $monEventSlots, SORT_NUMERIC );
 ksort( $monFrameSlots, SORT_NUMERIC );
 
-// Add on missing frames
-$xcount = 0;
-foreach( array_keys($monFrameSlots) as $monitorId )
+// No longer needed?
+if ( true )
 {
-    unset( $currFrameSlots );
-    $currFrameSlots = &$monFrameSlots[$monitorId];
-    for ( $i = 0; $i < $chart['graph']['width']; $i++ )
+    // Add on missing frames
+    foreach( array_keys($monFrameSlots) as $monitorId )
     {
-        if ( isset($currFrameSlots[$i]) )
+        unset( $currFrameSlots );
+        $currFrameSlots = &$monFrameSlots[$monitorId];
+        for ( $i = 0; $i < $chart['graph']['width']; $i++ )
         {
-            if ( !isset($currFrameSlots[$i]['frame']) )
+            if ( isset($currFrameSlots[$i]) )
             {
-                $xcount++;
-                $framesSql = "select F.FrameId,F.Score from Frames as F where F.EventId = '".$currFrameSlots[$i]['event']['Id']."' and F.Score > 0 order by F.FrameId limit 0,1";
-                $currFrameSlots[$i]['frame'] = dbFetchOne( $framesSql );
+                if ( !isset($currFrameSlots[$i]['frame']) )
+                {
+                    $framesSql = "select FrameId,Score from Frames where EventId = '".$currFrameSlots[$i]['event']['Id']."' and Score > 0 order by FrameId limit 1";
+                    $currFrameSlots[$i]['frame'] = dbFetchOne( $framesSql );
+                }
             }
         }
     }
@@ -815,7 +821,7 @@ xhtmlHeaders(__FILE__, $SLANG['Timeline'] );
             <div id="instruction">
               <p>Pass your mouse over the graph to view a snapshot image and event details.</p>
               <p>Click on the coloured sections of the graph, or the image, to view the event.</p>
-              <p>Click on the background of the graph to zoom in to a smaller time period basd around your click.</p>
+              <p>Click on the background to zoom in to a smaller time period basd around your click.</p>
               <p>Use the controls below to zoom out or navigate back and forward through the time range.</p>
             </div>
             <div id="eventData">
diff --git a/web/skins/classic/views/user.php b/web/skins/classic/views/user.php
index 5c8f4ae5e..90be8f3cb 100644
--- a/web/skins/classic/views/user.php
+++ b/web/skins/classic/views/user.php
@@ -22,10 +22,10 @@ $selfEdit = ZM_USER_SELF_EDIT && $_REQUEST['uid'] == $user['Id'];
 
 if ( !canEdit( 'System' ) && !$selfEdit )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
-$sql = "select * from Users where Id = '".$_REQUEST['uid']."'";
+$sql = "select * from Users where Id = '".dbEscape($_REQUEST['uid'])."'";
 if ( !($newUser = dbFetchOne( $sql )) )
 {
     $newUser = array();
@@ -60,9 +60,9 @@ xhtmlHeaders(__FILE__, $SLANG['User']." - ".$newUser['Username'] );
     </div>
     <div id="content">
       <form name="contentForm" method="post" action="<?= $_SERVER['PHP_SELF'] ?>" onsubmit="return validateForm( this, <?= empty($newUser['Password'])?'true':'false' ?> )">
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
         <input type="hidden" name="action" value="user"/>
-        <input type="hidden" name="uid" value="<?= $_REQUEST['uid'] ?>"/>
+        <input type="hidden" name="uid" value="<?= validHtmlStr($_REQUEST['uid']) ?>"/>
         <input type="hidden" name="newUser[MonitorIds]" value="<?= $newUser['MonitorIds'] ?>"/>
         <table id="contentTable" class="major" cellspacing="0">
           <tbody>
diff --git a/web/skins/classic/views/version.php b/web/skins/classic/views/version.php
index 71c549089..e9164137b 100644
--- a/web/skins/classic/views/version.php
+++ b/web/skins/classic/views/version.php
@@ -20,7 +20,7 @@
 
 if ( !canEdit( 'System' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 $options = array(
diff --git a/web/skins/classic/views/video.php b/web/skins/classic/views/video.php
index dd3e49b14..fad27ca5b 100644
--- a/web/skins/classic/views/video.php
+++ b/web/skins/classic/views/video.php
@@ -20,7 +20,7 @@
 
 if ( !canView( 'Events' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
@@ -32,10 +32,14 @@ else
 $sql = "select E.*,M.Name as MonitorName,M.Width,M.Height,M.DefaultRate,M.DefaultScale from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = ".dbEscape($_REQUEST['eid']).$midSql;
 $event = dbFetchOne( $sql );
 
-if ( !isset( $_REQUEST['rate'] ) )
-    $_REQUEST['rate'] = reScale( RATE_BASE, $event['DefaultRate'], ZM_WEB_DEFAULT_RATE );
-if ( !isset( $_REQUEST['scale'] ) )
-    $_REQUEST['scale'] = reScale( SCALE_BASE, $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE );
+if ( isset( $_REQUEST['rate'] ) )
+    $rate = validInt($_REQUEST['rate']);
+else
+    $rate = reScale( RATE_BASE, $event['DefaultRate'], ZM_WEB_DEFAULT_RATE );
+if ( isset( $_REQUEST['scale'] ) )
+    $scale = validInt($_REQUEST['scale']);
+else
+    $scale = reScale( SCALE_BASE, $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE );
 
 $eventPath = getEventPath( $event );
 
@@ -76,14 +80,16 @@ if ( $dir = opendir( $eventPath ) )
 
 if ( isset($_REQUEST['deleteIndex']) )
 {
-    unlink( $videoFiles[$_REQUEST['deleteIndex']] );
-    unset( $videoFiles[$_REQUEST['deleteIndex']] );
+    $deleteIndex = validInt($_REQUEST['deleteIndex']);
+    unlink( $videoFiles[$deleteIndex] );
+    unset( $videoFiles[$deleteIndex] );
 }
 
 if ( isset($_REQUEST['downloadIndex']) )
 {
-    header( "Content-disposition: attachment; filename=".$videoFiles[$_REQUEST['downloadIndex']]."; size=".filesize($videoFiles[$_REQUEST['downloadIndex']]) );
-    readfile( $videoFiles[$_REQUEST['downloadIndex']] );
+    $downloadIndex = validInt($_REQUEST['downloadIndex']);
+    header( "Content-disposition: attachment; filename=".$videoFiles[$downloadIndex]."; size=".filesize($videoFiles[$downloadIndex]) );
+    readfile( $videoFiles[$downloadIndex] );
     exit;
 }
 
@@ -103,12 +109,13 @@ xhtmlHeaders(__FILE__, $SLANG['Video'] );
 <?php
 if ( isset($_REQUEST['showIndex']) )
 {
-    preg_match( '/([^\/]+)\.([^.]+)$/', $videoFiles[$_REQUEST['showIndex']], $matches );
+    $showIndex = validInt($_REQUEST['showIndex']);
+    preg_match( '/([^\/]+)\.([^.]+)$/', $videoFiles[$showIndex], $matches );
     $name = $matches[1];
     $videoFormat = $matches[2];
 ?>
-      <h3 id="videoFile"><?= $videoFiles[$_REQUEST['showIndex']] ?></h3>
-      <div id="imageFeed"><?php outputVideoStream( 'videoStream', $videoFiles[$_REQUEST['showIndex']], $_REQUEST['width'], $_REQUEST['height'], $videoFormat, $name ) ?></div>
+      <h3 id="videoFile"><?= $videoFiles[$showIndex] ?></h3>
+      <div id="imageFeed"><?php outputVideoStream( 'videoStream', $videoFiles[$showIndex], validInt($_REQUEST['width']), validInt($_REQUEST['height']), $videoFormat, $name ) ?></div>
 <?php
 }
 else
@@ -207,7 +214,7 @@ else
           <td><?= filesize( $file ) ?></td>
           <td><?= $rateText ?></td>
           <td><?= $scaleText ?></td>
-          <td><?= makePopupLink( '?view='.$_REQUEST['view'].'&eid='.$event['Id'].'&width='.$width.'&height='.$height.'&showIndex='.$index, 'zmVideo'.$event['Id'].'-'.$scale, array( 'videoview', $width, $height ), $SLANG['View'] ); ?>&nbsp;/&nbsp;<a href="<?= $file ?>" onclick="downloadVideo( <?= $index ?> ); return( false );"><?= $SLANG['Download'] ?></a>&nbsp;/&nbsp;<a href="#" onclick="deleteVideo( <?= $index ?> ); return( false );"><?= $SLANG['Delete'] ?></a></td>
+          <td><?= makePopupLink( '?view='.$view.'&eid='.$event['Id'].'&width='.$width.'&height='.$height.'&showIndex='.$index, 'zmVideo'.$event['Id'].'-'.$scale, array( 'videoview', $width, $height ), $SLANG['View'] ); ?>&nbsp;/&nbsp;<a href="<?= $file ?>" onclick="downloadVideo( <?= $index ?> ); return( false );"><?= $SLANG['Download'] ?></a>&nbsp;/&nbsp;<a href="#" onclick="deleteVideo( <?= $index ?> ); return( false );"><?= $SLANG['Delete'] ?></a></td>
         </tr>
 <?php
                 $index++;
diff --git a/web/skins/classic/views/watch.php b/web/skins/classic/views/watch.php
index c127f80c2..d0f55fdc4 100644
--- a/web/skins/classic/views/watch.php
+++ b/web/skins/classic/views/watch.php
@@ -20,37 +20,41 @@
 
 if ( !canView( 'Stream' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
-$sql = "select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = '".$_REQUEST['mid']."'";
+$sql = "select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = '".dbEscape($_REQUEST['mid'])."'";
 $monitor = dbFetchOne( $sql );
 
-if ( !isset($_REQUEST['control']) )
-    $_REQUEST['control'] = (canView( 'Control' ) && ($monitor['DefaultView'] == 'Control'));
+if ( isset($_REQUEST['control']) )
+    $control = validInt($_REQUEST['control']);
+else
+    $control = (canView( 'Control' ) && ($monitor['DefaultView'] == 'Control'));
 
 $showControls = ( ZM_OPT_CONTROL && $monitor['Controllable'] && canView( 'Control' ) );
 
-if ( !isset( $_REQUEST['scale'] ) )
-    $_REQUEST['scale'] = reScale( SCALE_BASE, $monitor['DefaultScale'], ZM_WEB_DEFAULT_SCALE );
+if ( isset( $_REQUEST['scale'] ) )
+    $scale = validInt($_REQUEST['scale']);
+else
+    $scale = reScale( SCALE_BASE, $monitor['DefaultScale'], ZM_WEB_DEFAULT_SCALE );
 
 $connkey = generateConnKey();
 
 if ( ZM_STREAM_METHOD == 'mpeg' && ZM_MPEG_LIVE_FORMAT )
 {
     $streamMode = "mpeg";
-    $streamSrc = getStreamSrc( array( "mode=".$streamMode, "monitor=".$monitor['Id'], "scale=".$_REQUEST['scale'], "bitrate=".ZM_WEB_VIDEO_BITRATE, "maxfps=".ZM_WEB_VIDEO_MAXFPS, "format=".ZM_MPEG_LIVE_FORMAT ) );
+    $streamSrc = getStreamSrc( array( "mode=".$streamMode, "monitor=".$monitor['Id'], "scale=".$scale, "bitrate=".ZM_WEB_VIDEO_BITRATE, "maxfps=".ZM_WEB_VIDEO_MAXFPS, "format=".ZM_MPEG_LIVE_FORMAT ) );
 }
 elseif ( canStream() )
 {
     $streamMode = "jpeg";
-    $streamSrc = getStreamSrc( array( "mode=".$streamMode, "monitor=".$monitor['Id'], "scale=".$_REQUEST['scale'], "maxfps=".ZM_WEB_VIDEO_MAXFPS ) );
+    $streamSrc = getStreamSrc( array( "mode=".$streamMode, "monitor=".$monitor['Id'], "scale=".$scale, "maxfps=".ZM_WEB_VIDEO_MAXFPS ) );
 }
 else
 {
     $streamMode = "single";
-    $streamSrc = getStreamSrc( array( "mode=".$streamMode, "monitor=".$monitor['Id'], "scale=".$_REQUEST['scale'] ) );
+    $streamSrc = getStreamSrc( array( "mode=".$streamMode, "monitor=".$monitor['Id'], "scale=".$scale ) );
 }
 
 noCacheHeaders();
@@ -70,13 +74,13 @@ if ( $showControls )
     if ( canView( 'Control' ) )
     {
 ?>
-          <div id="controlControl"<?= $_REQUEST['control']?' class="hidden"':'' ?>><a id="controlLink" href="#" onclick="showControls(); return( false );"><?= $SLANG['Control'] ?></a></div>
+          <div id="controlControl"<?= $control?' class="hidden"':'' ?>><a id="controlLink" href="#" onclick="showControls(); return( false );"><?= $SLANG['Control'] ?></a></div>
 <?php
     }
     if ( canView( 'Events' ) )
     {
 ?>
-          <div id="eventsControl"<?= $_REQUEST['control']?'':' class="hidden"' ?>><a id="eventsLink" href="#" onclick="showEvents(); return( false );"><?= $SLANG['Events'] ?></a></div>
+          <div id="eventsControl"<?= $control?'':' class="hidden"' ?>><a id="eventsLink" href="#" onclick="showEvents(); return( false );"><?= $SLANG['Events'] ?></a></div>
 <?php
     }
 }
@@ -96,18 +100,18 @@ if ( canView( 'Control' ) && $monitor['Type'] == "Local" )
 <?php
 if ( $streamMode === "mpeg" )
 {
-    outputVideoStream( "liveStream", $streamSrc, reScale( $monitor['Width'], $_REQUEST['scale'] ), reScale( $monitor['Height'], $_REQUEST['scale'] ), ZM_MPEG_LIVE_FORMAT, $monitor['Name'] );
+    outputVideoStream( "liveStream", $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), ZM_MPEG_LIVE_FORMAT, $monitor['Name'] );
 }
 elseif ( $streamMode == "jpeg" )
 {
     if ( canStreamNative() )
-        outputImageStream( "liveStream", $streamSrc, reScale( $monitor['Width'], $_REQUEST['scale'] ), reScale( $monitor['Height'], $_REQUEST['scale'] ), $monitor['Name'] );
+        outputImageStream( "liveStream", $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), $monitor['Name'] );
     elseif ( canStreamApplet() )
-        outputHelperStream( "liveStream", $streamSrc, reScale( $monitor['Width'], $_REQUEST['scale'] ), reScale( $monitor['Height'], $_REQUEST['scale'] ), $monitor['Name'] );
+        outputHelperStream( "liveStream", $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), $monitor['Name'] );
 }
 else
 {
-    outputImageStill( "liveStream", $streamSrc, reScale( $monitor['Width'], $_REQUEST['scale'] ), reScale( $monitor['Height'], $_REQUEST['scale'] ), $monitor['Name'] );
+    outputImageStill( "liveStream", $streamSrc, reScale( $monitor['Width'], $scale ), reScale( $monitor['Height'], $scale ), $monitor['Name'] );
 }
 ?>
       </div>
@@ -151,7 +155,7 @@ if ( $showControls )
     foreach ( getSkinIncludes( 'includes/control_functions.php' ) as $includeFile )
         require_once $includeFile;
 ?>
-      <div id="ptzControls" class="ptzControls<?= $_REQUEST['control']?'':' hidden' ?>">
+      <div id="ptzControls" class="ptzControls<?= $control?'':' hidden' ?>">
 <?= ptzControls( $monitor ) ?>
       </div>
 <?php
@@ -159,7 +163,7 @@ if ( $showControls )
 if ( canView( 'Events' ) )
 {
 ?>
-      <div id="events"<?= $_REQUEST['control']?' class="hidden"':'' ?>>
+      <div id="events"<?= $control?' class="hidden"':'' ?>>
         <table id="eventList" cellspacing="0">
           <thead>
             <tr>
diff --git a/web/skins/classic/views/zone.php b/web/skins/classic/views/zone.php
index fa4aa750d..f7b917e26 100644
--- a/web/skins/classic/views/zone.php
+++ b/web/skins/classic/views/zone.php
@@ -20,10 +20,13 @@
 
 if ( !canView( 'Monitors' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
+$mid = validInt($_REQUEST['mid']);
+$zid = !empty($_REQUEST['zid'])?validInt($_REQUEST['zid']):0;
+
 $scale = SCALE_BASE;
 
 $hicolor = "0x00ff00"; // Green
@@ -56,7 +59,7 @@ foreach ( getEnumValues( 'Zones', 'CheckMethod' ) as $optCheckMethod )
     $optCheckMethods[$optCheckMethod] = $optCheckMethod;
 }
 
-$monitor = dbFetchMonitor ( $_REQUEST['mid'] );
+$monitor = dbFetchMonitor ( $mid );
 
 $minX = 0;
 $maxX = $monitor['Width']-1;
@@ -65,16 +68,16 @@ $maxY = $monitor['Height']-1;
 
 if ( !isset($newZone) )
 {
-    if ( $_REQUEST['zid'] > 0 )
+    if ( $zid > 0 )
     {
-        $zone = dbFetchOne( "select * from Zones where MonitorId = '".dbEscape($_REQUEST['mid'])."' and Id = '".dbEscape($_REQUEST['zid'])."'" );
+        $zone = dbFetchOne( "select * from Zones where MonitorId = '".dbEscape($monitor['Id'])."' and Id = '".dbEscape($zid)."'" );
     }
     else
     {
         $zone = array(
             'Name' => $SLANG['New'],
             'Id' => 0,
-            'MonitorId' => $_REQUEST['mid'],
+            'MonitorId' => $monitor['Id'],
             'NumCoords' => 4,
             'Coords' => sprintf( "%d,%d %d,%d, %d,%d %d,%d", $minX, $minY, $maxX, $minY, $maxX, $maxY, $minX, $maxY ),
             'Area' => $monitor['Width'] * $monitor['Height'],
@@ -113,10 +116,8 @@ $selfIntersecting = isSelfIntersecting( $newZone['Points'] );
 
 $wd = getcwd();
 chdir( ZM_DIR_IMAGES );
-$command = getZmuCommand( " -m ".$_REQUEST['mid']." -z" );
-if ( !isset($_REQUEST['zid']) )
-    $_REQUEST['zid'] = 0;
-$command .= '"'.$_REQUEST['zid'].' '.$hicolor.' '.$newZone['Coords'].'"';
+$command = getZmuCommand( " -m ".$mid." -z" );
+$command .= '"'.$zid.' '.$hicolor.' '.$newZone['Coords'].'"';
 $status = exec( escapeshellcmd( $command ) );
 chdir( $wd );
 
@@ -133,10 +134,10 @@ xhtmlHeaders(__FILE__, $SLANG['Zone'] );
     </div>
     <div id="content">
       <form name="zoneForm" id="zoneForm" method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
         <input type="hidden" name="action" value="zone"/>
-        <input type="hidden" name="mid" value="<?= $_REQUEST['mid'] ?>"/>
-        <input type="hidden" name="zid" value="<?= $_REQUEST['zid'] ?>"/>
+        <input type="hidden" name="mid" value="<?= $mid ?>"/>
+        <input type="hidden" name="zid" value="<?= $zid ?>"/>
         <input type="hidden" name="newZone[NumCoords]" value="<?= count($newZone['Points']) ?>"/>
         <input type="hidden" name="newZone[Coords]" value="<?= $newZone['Coords'] ?>"/>
         <input type="hidden" name="newZone[Area]" value="<?= $newZone['Area'] ?>"/>
diff --git a/web/skins/classic/views/zones.php b/web/skins/classic/views/zones.php
index 255bccb4c..e81e2abe3 100644
--- a/web/skins/classic/views/zones.php
+++ b/web/skins/classic/views/zones.php
@@ -20,18 +20,19 @@
 
 if ( !canView( 'Monitors' ) )
 {
-    $_REQUEST['view'] = "error";
+    $view = "error";
     return;
 }
 
+$mid = validInt($_REQUEST['mid']);
 $wd = getcwd();
 chdir( ZM_DIR_IMAGES );
-$status = exec( escapeshellcmd( getZmuCommand( " -m ".$_REQUEST['mid']." -z" ) ) );
+$status = exec( escapeshellcmd( getZmuCommand( " -m ".$mid." -z" ) ) );
 chdir( $wd );
 
-$monitor = dbFetchMonitor( $_REQUEST['mid'] );
+$monitor = dbFetchMonitor( $mid );
 
-$sql = "select * from Zones where MonitorId = '".dbEscape($_REQUEST['mid'])."' order by Area desc";
+$sql = "select * from Zones where MonitorId = '".$mid."' order by Area desc";
 $zones = array();
 foreach( dbFetchAll( $sql ) as $row )
 {
@@ -58,7 +59,7 @@ xhtmlHeaders(__FILE__, $SLANG['Zones'] );
 foreach( array_reverse($zones) as $zone )
 {
 ?>
-        <area shape="poly" coords="<?= $zone['AreaCoords'] ?>" href="#" onclick="createPopup( '?view=zone&mid=<?= $_REQUEST['mid'] ?>&zid=<?= $zone['Id'] ?>', 'zmZone', 'zone', <?= $monitor['Width'] ?>, <?= $monitor['Height'] ?> ); return( false );"/>
+        <area shape="poly" coords="<?= $zone['AreaCoords'] ?>" href="#" onclick="createPopup( '?view=zone&mid=<?= $mid ?>&zid=<?= $zone['Id'] ?>', 'zmZone', 'zone', <?= $monitor['Width'] ?>, <?= $monitor['Height'] ?> ); return( false );"/>
 <?php
 }
 ?>
@@ -66,9 +67,9 @@ foreach( array_reverse($zones) as $zone )
       </map>
       <img src="<?= ZM_DIR_IMAGES.'/'.$image ?>" alt="zones" usemap="#zoneMap" width="<?= $monitor['Width'] ?>" height="<?= $monitor['Height'] ?>" border="0"/>
       <form name="contentForm" id="contentForm" method="get" action="<?= $_SERVER['PHP_SELF'] ?>">
-        <input type="hidden" name="view" value="<?= $_REQUEST['view'] ?>"/>
+        <input type="hidden" name="view" value="<?= $view ?>"/>
         <input type="hidden" name="action" value="delete"/>
-        <input type="hidden" name="mid" value="<?= $_REQUEST['mid'] ?>"/>
+        <input type="hidden" name="mid" value="<?= $mid ?>"/>
         <table id="contentTable" class="major" cellspacing="0">
           <thead>
             <tr>
@@ -84,7 +85,7 @@ foreach( $zones as $zone )
 {
 ?>
             <tr>
-              <td class="colName"><a href="#" onclick="createPopup( '?view=zone&mid=<?= $_REQUEST['mid'] ?>&zid=<?= $zone['Id'] ?>', 'zmZone', 'zone', <?= $monitor['Width'] ?>, <?= $monitor['Height'] ?> ); return( false );"><?= $zone['Name'] ?></a></td>
+              <td class="colName"><a href="#" onclick="createPopup( '?view=zone&mid=<?= $mid ?>&zid=<?= $zone['Id'] ?>', 'zmZone', 'zone', <?= $monitor['Width'] ?>, <?= $monitor['Height'] ?> ); return( false );"><?= $zone['Name'] ?></a></td>
               <td class="colType"><?= $zone['Type'] ?></td>
               <td class="colUnits"><?= $zone['Area'] ?>&nbsp;/&nbsp;<?= sprintf( "%.2f", ($zone['Area']*100)/($monitor['Width']*$monitor['Height']) ) ?></td>
               <td class="colMark"><input type="checkbox" name="markZids[]" value="<?= $zone['Id'] ?>" onclick="configureDeleteButton( this );"<?php if ( !canEdit( 'Monitors' ) ) { ?> disabled="disabled"<?php } ?>/></td>
@@ -95,7 +96,7 @@ foreach( $zones as $zone )
           </tbody>
         </table>
         <div id="contentButtons">
-          <input type="button" value="<?= $SLANG['AddNewZone'] ?>" onclick="createPopup( '?view=zone&mid=<?= $_REQUEST['mid'] ?>&zid=0', 'zmZone', 'zone', <?= $monitor['Width'] ?>, <?= $monitor['Height'] ?> );"<?php if ( !canEdit( 'Monitors' ) ) { ?> disabled="disabled"<?php } ?>/>
+          <input type="button" value="<?= $SLANG['AddNewZone'] ?>" onclick="createPopup( '?view=zone&mid=<?= $mid ?>&zid=0', 'zmZone', 'zone', <?= $monitor['Width'] ?>, <?= $monitor['Height'] ?> );"<?php if ( !canEdit( 'Monitors' ) ) { ?> disabled="disabled"<?php } ?>/>
           <input type="submit" name="deleteBtn" value="<?= $SLANG['Delete'] ?>" disabled="disabled"/>
         </div>
       </form>