diff --git a/include/class.config.php b/include/class.config.php
index ef616e0fb7110244bb90db488660167512b97c11..6ce3716b931d710751b6ecc122f31798a7b459fb 100644
--- a/include/class.config.php
+++ b/include/class.config.php
@@ -1115,6 +1115,8 @@ class OsticketConfig extends Config {
         $f['default_timezone']=array('type'=>'string',   'required'=>1, 'error'=>__('Default Timezone is required'));
         $f['system_language']=array('type'=>'string',   'required'=>1, 'error'=>__('A primary system language is required'));
 
+        $vars = Format::htmlchars($vars, true);
+
         // Make sure the selected backend is valid
         $storagebk = null;
         if (isset($vars['default_storage_bk'])) {
diff --git a/include/class.format.php b/include/class.format.php
index de7bc98bbd0d409de7ed45c0ac0c09f45a7ba9ea..9b5f0fe5a6efaf7c9e603465d2d55aabadf3df19 100644
--- a/include/class.format.php
+++ b/include/class.format.php
@@ -349,8 +349,13 @@ class Format {
     function htmlchars($var, $sanitize = false) {
         static $phpversion = null;
 
-        if (is_array($var))
-            return array_map(array('Format', 'htmlchars'), $var);
+        if (is_array($var)) {
+            $result = array();
+            foreach ($var as $k => $v)
+                $result[$k] = self::htmlchars($v, $sanitize);
+
+            return $result;
+        }
 
         if ($sanitize)
             $var = Format::sanitize($var);
diff --git a/include/class.thread.php b/include/class.thread.php
index 027f3b5cc5b47be959e28aeb3a4c70362a4fd984..082e2536af186a60c5badb54117b1cb9365ea7b5 100644
--- a/include/class.thread.php
+++ b/include/class.thread.php
@@ -2191,7 +2191,7 @@ class TextThreadEntryBody extends ThreadEntryBody {
     }
 
     function getClean() {
-        return  Format::stripEmptyLines(parent::getClean());
+        return  Format::htmlchars(Format::stripEmptyLines(parent::getClean()), true);
     }
 
     function prepend($what) {
diff --git a/include/staff/helptopic.inc.php b/include/staff/helptopic.inc.php
index 8cb90850d546d9080495833ea95de0d1f5376f1a..79f7763883956325a34a6465e5719dcc0fe52c17 100644
--- a/include/staff/helptopic.inc.php
+++ b/include/staff/helptopic.inc.php
@@ -20,7 +20,7 @@ if($topic && $_REQUEST['a']!='add') {
     $qs += array('a' => $_REQUEST['a']);
     $forms = TicketForm::objects();
 }
-$info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
+$info=Format::htmlchars(($errors && $_POST)?$_POST:$info, true);
 ?>
 
 <h2><?php echo $title; ?>
diff --git a/include/staff/tickets.inc.php b/include/staff/tickets.inc.php
index c786e28468ab527ec60b88aaf24040d65f1601f9..e036785c1222a92c75319f0864b502f52a7af374 100644
--- a/include/staff/tickets.inc.php
+++ b/include/staff/tickets.inc.php
@@ -253,7 +253,10 @@ elseif ($_SESSION[$queue_sort_key][0] == 'relevance') {
 }
 
 if (isset($_GET['sort'])) {
-    $_SESSION[$queue_sort_key] = array($_GET['sort'], $_GET['dir']);
+    $_SESSION[$queue_sort_key] = array(
+            Format::htmlchars($_GET['sort']),
+            Format::htmlchars($_GET['dir'])
+        );
 }
 elseif (!isset($_SESSION[$queue_sort_key])) {
     $_SESSION[$queue_sort_key] = array($queue_sort_options[0], 0);
diff --git a/scp/forms.php b/scp/forms.php
index 5a4978e0982e98ccfd7d39068e724e6fd2ab1133..da5663a817df06f5068a69e083ddaca6e172a653 100644
--- a/scp/forms.php
+++ b/scp/forms.php
@@ -7,6 +7,7 @@ if($_REQUEST['id'] && !($form=DynamicForm::lookup($_REQUEST['id'])))
     $errors['err']=sprintf(__('%s: Unknown or invalid ID.'), __('custom form'));
 
 if($_POST) {
+    $_POST = Format::htmlchars($_POST, true);
     $fields = array('title', 'notes', 'instructions');
     $required = array('title');
     $max_sort = 0;