diff --git a/include/class.export.php b/include/class.export.php
index 7721862600fb2f1adc5a3d167bb3a72622101dd1..e93335cb060d1ddebe01edf318e7422f65209bfd 100644
--- a/include/class.export.php
+++ b/include/class.export.php
@@ -356,7 +356,13 @@ class CsvResultsExporter extends ResultSetExporter {
         fputs($this->output, chr(0xEF) . chr(0xBB) . chr(0xBF));
         fputcsv($this->output, $this->getHeaders(), $delimiter);
         while ($row=$this->next())
-            fputcsv($this->output, $row, $delimiter);
+            fputcsv($this->output, array_map(
+                function($v){
+                    if (preg_match('/^[=\-+@].*/', $v))
+                        return "'".$v;
+                    return $v;
+                }, $row),
+            $delimiter);
 
         fclose($this->output);
     }
diff --git a/include/class.forms.php b/include/class.forms.php
index e806d00b071d9f91a838fe2c4fa38281a47bfc00..122d2602abeae60548dc0ea6e53dd389db774373 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -1300,7 +1300,8 @@ class TextboxField extends FormField {
         parent::validateEntry($value);
         $config = $this->getConfiguration();
         $validators = array(
-            '' =>       null,
+            '' =>       array(array('Validator', 'is_formula'),
+                __('Content cannot start with the following characters: = - + @')),
             'email' =>  array(array('Validator', 'is_valid_email'),
                 __('Enter a valid email address')),
             'phone' =>  array(array('Validator', 'is_phone'),
@@ -1379,6 +1380,29 @@ class TextareaField extends FormField {
         );
     }
 
+    function validateEntry($value) {
+        parent::validateEntry($value);
+        if (!$value)
+            return;
+        $config = $this->getConfiguration();
+        $validators = array(
+            '' =>       array(array('Validator', 'is_formula'),
+                __('Content cannot start with the following characters: = - + @')),
+        );
+        // Support configuration forms, as well as GUI-based form fields
+        if (!($valid = $this->get('validator')) && isset($config['validator']))
+            $valid = $config['validator'];
+        if (!isset($validators[$valid]))
+            return;
+        $func = $validators[$valid];
+        $error = $func[1];
+        if ($config['validator-error'])
+            $error = $this->getLocal('validator-error', $config['validator-error']);
+        if (is_array($func) && is_callable($func[0]))
+            if (!call_user_func($func[0], $value))
+                $this->_errors[] = $error;
+    }
+
     function hasSpecialSearch() {
         return false;
     }
diff --git a/include/class.user.php b/include/class.user.php
index f991e10ad54d0223c5b7976ce88ba0ba036a84e7..6f5238d5a20ea7af0fd39b86843c4df715c6ce68 100644
--- a/include/class.user.php
+++ b/include/class.user.php
@@ -248,7 +248,7 @@ implements TemplateVariable {
         //Validate the form
         $valid = true;
         $filter = function($f) use ($thisstaff) {
-            return !isset($thisstaff) || $f->isRequiredForStaff();
+            return !isset($thisstaff) || $f->isRequiredForStaff() || $f->isVisibleToStaff();
         };
         if (!$form->isValid($filter))
             $valid  = false;
diff --git a/include/class.validator.php b/include/class.validator.php
index 388d00ac929ccdc45a78325cae549329db761280..b6b05ddcb8ed97052d6480f3613beeceef094da2 100644
--- a/include/class.validator.php
+++ b/include/class.validator.php
@@ -204,6 +204,11 @@ class Validator {
         return $error == '';
     }
 
+    static function is_formula($text, &$error='') {
+        if (!preg_match('/^[^=\+@-].*$/', $text))
+            $error = __('Content cannot start with the following characters: = - + @');
+        return $error == '';
+    }
 
     /*
      * check_ip