diff --git a/include/client/edit.inc.php b/include/client/edit.inc.php
index 21f2ca726b1863bfe1b5f5eaf0f946606b0830b4..e01b2df4938ecde09b38b2db5747cb54d78d85f4 100644
--- a/include/client/edit.inc.php
+++ b/include/client/edit.inc.php
@@ -11,7 +11,7 @@ if(!defined('OSTCLIENTINC') || !$thisclient || !$ticket || !$ticket->checkUserAc
 <form action="tickets.php" method="post">
     <?php echo csrf_token(); ?>
     <input type="hidden" name="a" value="edit"/>
-    <input type="hidden" name="id" value="<?php echo $_REQUEST['id']; ?>"/>
+    <input type="hidden" name="id" value="<?php echo Format::htmlchars($_REQUEST['id']); ?>"/>
 <table width="800">
     <tbody id="dynamic-form">
     <?php if ($forms)
diff --git a/include/client/tickets.inc.php b/include/client/tickets.inc.php
index 1c227ba4cdec255b7e75607abfeab143e549d305..6fb6abaa22723d3c966e1c6191c721c6f9b26fca 100644
--- a/include/client/tickets.inc.php
+++ b/include/client/tickets.inc.php
@@ -120,7 +120,7 @@ $negorder=$order=='DESC'?'ASC':'DESC'; //Negate the sorting
     </select>
     <input type="submit" value="Go">
 </form>
-<a class="refresh" href="<?php echo $_SERVER['REQUEST_URI']; ?>">Refresh</a>
+<a class="refresh" href="<?php echo Format::htmlchars($_SERVER['REQUEST_URI']); ?>">Refresh</a>
 <table id="ticketTable" width="800" border="0" cellspacing="0" cellpadding="0">
     <caption><?php echo $showing; ?></caption>
     <thead>
diff --git a/include/staff/pwreset.login.php b/include/staff/pwreset.login.php
index 6f93f1f0118093aefd5eb7b67568a560d2fb9066..8a7455ad8b28d5283b0f3ee6cd3f303f3262af6a 100644
--- a/include/staff/pwreset.login.php
+++ b/include/staff/pwreset.login.php
@@ -11,7 +11,7 @@ $info = ($_POST)?Format::htmlchars($_POST):array();
     <form action="pwreset.php" method="post">
         <?php csrf_token(); ?>
         <input type="hidden" name="do" value="newpasswd"/>
-        <input type="hidden" name="token" value="<?php echo $_REQUEST['token']; ?>"/>
+        <input type="hidden" name="token" value="<?php echo Format::htmlchars($_REQUEST['token']); ?>"/>
         <fieldset>
             <input type="text" name="userid" id="name" value="<?php echo
                 $info['userid']; ?>" placeholder="username or email"
diff --git a/include/staff/tickets.inc.php b/include/staff/tickets.inc.php
index 47382d556d004e492468856aaccecbf602fe5185..610d25fa5390080f7382174e2fd9bf27556d446f 100644
--- a/include/staff/tickets.inc.php
+++ b/include/staff/tickets.inc.php
@@ -308,7 +308,7 @@ if ($results) {
 <div style="margin-bottom:20px">
 <form action="tickets.php" method="POST" name='tickets'>
 <?php csrf_token(); ?>
- <a class="refresh" href="<?php echo $_SERVER['REQUEST_URI']; ?>">Refresh</a>
+ <a class="refresh" href="<?php echo Format::htmlchars($_SERVER['REQUEST_URI']); ?>">Refresh</a>
  <input type="hidden" name="a" value="mass_process" >
  <input type="hidden" name="do" id="action" value="" >
  <input type="hidden" name="status" value="<?php echo Format::htmlchars($_REQUEST['status']); ?>" >