diff --git a/CHANGES.md b/CHANGES.md
index cb0f37b7b30e13fb93b6af17faa07e0a9ae72f9d..0e06a775b3ccef22a78c262176cbd9f9b0610f01 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -8,6 +8,7 @@ Changes in 6.8
 - Fix Sunday is number 7 in EntryTimes.php
 - Fix SQL error multiple rows returned by subquery in CreateParents.php
 - Fix #291 XSS Use URLEscape() for links href, program wide
+- Fix #291 XSS Use URLEscape() for forms action, program wide
 - Fix hide remove button for "No Address" in Address.inc.php
 - Prompt() make Cancel primary button in Prompts.php
 - Fix SQL error foreign keys: Roll again Courses when rolling Marking Periods in Rollover.php
diff --git a/modules/Accounting/DailyTotals.php b/modules/Accounting/DailyTotals.php
index 49ab1f77c54227d6714835dbade9fcda80ce631f..a4abf705916ee095aeb9a87391d22b1ccb0fbb43 100644
--- a/modules/Accounting/DailyTotals.php
+++ b/modules/Accounting/DailyTotals.php
@@ -14,7 +14,7 @@ $start_date = RequestedDate( 'start', date( 'Y-m' ) . '-01' );
 // Set end date.
 $end_date = RequestedDate( 'end', DBDate() );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&accounting=" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&accounting=' ) . '" method="GET">';
 
 
 $header_checkboxes = '<label><input type="checkbox" value="true" name="accounting" id="accounting" ' .
diff --git a/modules/Accounting/DailyTransactions.php b/modules/Accounting/DailyTransactions.php
index 00d2805b26a4deef60b3ccff914380490c549624..7a299b9aee5544949fd020543bf8b240af11296b 100644
--- a/modules/Accounting/DailyTransactions.php
+++ b/modules/Accounting/DailyTransactions.php
@@ -7,7 +7,7 @@ $start_date = RequestedDate( 'start', date( 'Y-m' ) . '-01' );
 // Set end date.
 $end_date = RequestedDate( 'end', DBDate() );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&accounting=" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&accounting=' ) . '" method="GET">';
 
 $header_checkboxes = '<label><input type="checkbox" value="true" name="accounting" id="accounting" ' .
 ( ! isset( $_REQUEST['accounting'] )
diff --git a/modules/Accounting/Expenses.php b/modules/Accounting/Expenses.php
index 7990d44b7511c88f989d8418731fb6cdc3e7e98c..5fcde321dca61bf752445ed47a863e22dd08fbc4 100644
--- a/modules/Accounting/Expenses.php
+++ b/modules/Accounting/Expenses.php
@@ -143,7 +143,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( ! $_REQUEST['print_statements'] && AllowEdit() )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 		DrawHeader( '', SubmitButton() );
 		$options = array();
 	}
diff --git a/modules/Accounting/Incomes.php b/modules/Accounting/Incomes.php
index 2caaa2213945fddac8300d4ea3292c2c6dbc016c..bdbbf021c1a9b8cf754193c40ea7543f3a7eba0f 100644
--- a/modules/Accounting/Incomes.php
+++ b/modules/Accounting/Incomes.php
@@ -136,7 +136,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( empty( $_REQUEST['print_statements'] ) )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 		if ( AllowEdit() )
 		{
diff --git a/modules/Accounting/Salaries.php b/modules/Accounting/Salaries.php
index ddd098141f66861d02fc9b342f4718194ce16605..b2e7ea6f4c7da419f916f9ce3205235887149866 100644
--- a/modules/Accounting/Salaries.php
+++ b/modules/Accounting/Salaries.php
@@ -138,7 +138,7 @@ if ( UserStaffID() && ! $_REQUEST['modfunc'] )
 
 	if ( empty( $_REQUEST['print_statements'] ) )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 		if ( AllowEdit() )
 		{
diff --git a/modules/Accounting/StaffPayments.php b/modules/Accounting/StaffPayments.php
index 9a312165fdcc896f981326dbdef017c3a94be521..f55daf4081b014b0559c52f9ae3bbb8162e5a9ac 100644
--- a/modules/Accounting/StaffPayments.php
+++ b/modules/Accounting/StaffPayments.php
@@ -156,7 +156,7 @@ if ( UserStaffID() && ! $_REQUEST['modfunc'] )
 	if ( empty( $_REQUEST['print_statements'] )
 		&& AllowEdit() )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 		DrawHeader( '', SubmitButton() );
 		$options = array();
 	}
diff --git a/modules/Attendance/AddAbsences.php b/modules/Attendance/AddAbsences.php
index cf693552b04e8dcd33efc94ce1f9d3b3c6474dac..58529d769f7d63a6ec4aeb0833958820598cf349 100644
--- a/modules/Attendance/AddAbsences.php
+++ b/modules/Attendance/AddAbsences.php
@@ -155,7 +155,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton( _( 'Add Absences to Selected Students' ) ) );
 
diff --git a/modules/Attendance/Administration_fast.old.php b/modules/Attendance/Administration_fast.old.php
index 82692d70ec7e9fca5eb118919401b492d993cc1a..e5b53b0fcaec4bbb95f54975146f90c32c24f486 100644
--- a/modules/Attendance/Administration_fast.old.php
+++ b/modules/Attendance/Administration_fast.old.php
@@ -99,7 +99,7 @@ if ( isset( $_REQUEST['student_id'] ) && $_REQUEST['student_id'] !== 'new' )
 	ORDER BY p.SORT_ORDER", $functions );
 
 	$columns = array( 'PERIOD_TITLE' => _( 'Period' ), 'COURSE' => _( 'Course' ), 'ATTENDANCE_CODE' => _( 'Attendance Code' ), 'ATTENDANCE_TEACHER_CODE' => _( 'Teacher\'s Entry' ), 'ATTENDANCE_REASON' => _( 'Comments' ) );
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=student&student_id=' . $_REQUEST['student_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=student&student_id=' . $_REQUEST['student_id']  ) . '" method="POST">';
 	DrawHeader( ProgramTitle(), '<input type="submit" value="' . _( 'Update' ) . '" />' );
 	DrawHeader( PrepareDate( $date, '_date' ) );
 	ListOutput( $schedule_RET, $columns, _( 'Course' ), _( 'Courses' ) );
@@ -186,7 +186,7 @@ else
 		$extra['columns_after']['PERIOD_' . $period['PERIOD_ID']] = $period['SHORT_NAME'];
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 	DrawHeader( ProgramTitle(), '<input type="submit" value="' . _( 'Update' ) . '" />' );
 
 	if ( $REQ_codes )
diff --git a/modules/Attendance/AttendanceCodes.php b/modules/Attendance/AttendanceCodes.php
index d085ef8c0cf0f690a02cda9aefa276a8672cbf29..7faf2fcf26ba289d9b4b69c95936adcffc000cd0 100644
--- a/modules/Attendance/AttendanceCodes.php
+++ b/modules/Attendance/AttendanceCodes.php
@@ -258,7 +258,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$LO_RET = DBGet( $sql, $functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&table=' . $_REQUEST['table'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&table=' . $_REQUEST['table']  ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 	echo '<br />';
 
diff --git a/modules/Attendance/DuplicateAttendance.php b/modules/Attendance/DuplicateAttendance.php
index e0044b7896fa8f6fa580693ed83c7bb014992aa5..3d8654606f6fe718b852b9d3e0a95bd90f8b5557 100644
--- a/modules/Attendance/DuplicateAttendance.php
+++ b/modules/Attendance/DuplicateAttendance.php
@@ -235,7 +235,7 @@ if ( isset( $_REQUEST['search_modfunc'] )
 
 		echo ErrorMessage( $note, 'note' );
 
-		echo '<form action="Modules.php?modname=Attendance/DuplicateAttendance.php&modfunc=&search_modfunc=list&next_modname=Attendance/DuplicateAttendance.php&delete=true" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=Attendance/DuplicateAttendance.php&modfunc=&search_modfunc=list&next_modname=Attendance/DuplicateAttendance.php&delete=true' ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton( _( 'Delete' ) ) );
 
diff --git a/modules/Attendance/Percent.php b/modules/Attendance/Percent.php
index 9f5b92b1041c6a81ff349ba02471b471e745979d..62dd82d2ee5616e50552e9c62e3b34ccda8b3576 100644
--- a/modules/Attendance/Percent.php
+++ b/modules/Attendance/Percent.php
@@ -46,7 +46,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$extra['WHERE'] .= CustomFields( 'where', 'student', $extra );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&list_by_day=' . $_REQUEST['list_by_day'] . '" method="GET">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&list_by_day=' . $_REQUEST['list_by_day']  ) . '" method="GET">';
 
 	$advanced_link = 'Modules.php?modname=' . $_REQUEST['modname'] .
 		'&modfunc=search&list_by_day=' . $_REQUEST['list_by_day'] .
diff --git a/modules/Attendance/TakeAttendance.php b/modules/Attendance/TakeAttendance.php
index c7ed111e257c2c77d273d67c1bfb39b12ed48bca..cf7c152d3155112be98b0b752ea2ff25521eaf49 100644
--- a/modules/Attendance/TakeAttendance.php
+++ b/modules/Attendance/TakeAttendance.php
@@ -37,7 +37,7 @@ if ( empty(  $categories_RET  ) )
 		DrawHeader( $cp_title );
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&table=' . $_REQUEST['table'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&table=' . $_REQUEST['table']  ) . '" method="POST">';
 	DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ) );
 	echo '</form>';
 
@@ -126,8 +126,8 @@ if ( $fatal_warning )
 		DrawHeader( $cp_title );
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-		'&table=' . $_REQUEST['table'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+		'&table=' . $_REQUEST['table']  ) . '" method="POST">';
 
 	DrawHeader(
 		PrepareDate(
@@ -336,8 +336,8 @@ if ( ! empty( $daily_comment ) )
 	);
 }
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-	'&table=' . $_REQUEST['table'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+	'&table=' . $_REQUEST['table']  ) . '" method="POST">';
 
 DrawHeader( $cp_title, SubmitButton() );
 
diff --git a/modules/Attendance/TeacherCompletion.php b/modules/Attendance/TeacherCompletion.php
index ed812571a28b85ac6f8b9fc55c764c5b4d54d81c..435967bcc79f011d94a25dd04aa0d4dc26dff0cc 100644
--- a/modules/Attendance/TeacherCompletion.php
+++ b/modules/Attendance/TeacherCompletion.php
@@ -49,7 +49,7 @@ foreach ( (array) $periods_RET as $id => $period )
 
 $period_select .= "</select>";
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="GET">';
 DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ) . ' - ' . $period_select );
 DrawHeader( '', $category_select );
 echo '</form>';
diff --git a/modules/Custom/AttendanceSummary.php b/modules/Custom/AttendanceSummary.php
index 2b00dc9a565d5e4e4e43083f4401c61100d2ae07..a0da98e28ab82ae729967df187ba124ad13035f1 100644
--- a/modules/Custom/AttendanceSummary.php
+++ b/modules/Custom/AttendanceSummary.php
@@ -281,9 +281,9 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 			'&modfunc=save&include_inactive=' . issetVal( $_REQUEST['include_inactive'], '' ) .
-			'&_ROSARIO_PDF=true" method="POST">';
+			'&_ROSARIO_PDF=true' ) . '" method="POST">';
 
 		$extra['header_right'] = SubmitButton( _( 'Create Attendance Report for Selected Students' ) );
 	}
diff --git a/modules/Custom/CreateParents.php b/modules/Custom/CreateParents.php
index 815b6e55afb727effacab516c98ab004f3c3c7da..f9e8998af234d2f26458dd3ad01ef0dd29d6a1e0 100644
--- a/modules/Custom/CreateParents.php
+++ b/modules/Custom/CreateParents.php
@@ -40,7 +40,7 @@ elseif ( isset( $_POST['email_column'] ) )
 
 if ( empty( $email_column ) )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 	//get Student / Address fields
 	$student_columns = DBGet( "SELECT 's.CUSTOM_' || f.ID AS COLUMN, f.TITLE, c.TITLE AS CATEGORY
@@ -344,7 +344,7 @@ if ( ! $_REQUEST['modfunc'] && ! empty( $email_column ) )
 {
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		$extra['header_right'] = SubmitButton( _( 'Create Parent Accounts for Selected Students' ) );
 
diff --git a/modules/Custom/NotifyParents.php b/modules/Custom/NotifyParents.php
index 5adf6da729e267981e9039951a2a18acfaf82de8..66ddcf9cea9d7755c7529098a40a1a08ce645017 100644
--- a/modules/Custom/NotifyParents.php
+++ b/modules/Custom/NotifyParents.php
@@ -139,7 +139,7 @@ if ( ! $_REQUEST['modfunc'] || $_REQUEST['search_modfunc'] === 'list' )
 {
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 		$extra['header_right'] = SubmitButton( _( 'Notify Selected Parents' ) );
 
 		$extra['extra_header_left'] = '<table class="width-100p">';
diff --git a/modules/Custom/Registration.php b/modules/Custom/Registration.php
index ac38106d3f345454cc6bcc366a0d2f8fdf147296..53d2cd6ffd63367fe1665deae70e2bd22204f011 100644
--- a/modules/Custom/Registration.php
+++ b/modules/Custom/Registration.php
@@ -58,7 +58,7 @@ if ( User( 'PROFILE' ) === 'admin' )
 
 		echo ErrorMessage( $error );
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		// Preview header.
 		DrawHeader( RegistrationAdminPreviewHeader(), SubmitButton() );
@@ -163,7 +163,7 @@ else
 
 		echo ErrorMessage( $error );
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		DrawHeader( RegistrationIntroHeader(), SubmitButton() );
 
diff --git a/modules/Custom/RemoveAccess.php b/modules/Custom/RemoveAccess.php
index 9989952acf8a87909ca35a6ca96bd7cd45ad7278..d3ee3d6d8f3bf71a0c2baa994dc2209d56e4576f 100644
--- a/modules/Custom/RemoveAccess.php
+++ b/modules/Custom/RemoveAccess.php
@@ -98,10 +98,10 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 			'&modfunc=save&include_inactive=' . issetVal( $_REQUEST['include_inactive'], '' ) .
 			'&_search_all_schools=' . issetVal( $_REQUEST['_search_all_schools'], '' ) .
-			'&accessfunc=' . $accessfunc . '" method="POST">';
+			'&accessfunc=' . $accessfunc  ) . '" method="POST">';
 
 		$extra['header_right'] = SubmitButton( $button_label );
 
diff --git a/modules/Discipline/DisciplineForm.php b/modules/Discipline/DisciplineForm.php
index 8d6d9926bacf7817921ebe6394db5501ca5973c4..3fb10589cf2967e3e10fc5b83dd6a690c26f72be 100644
--- a/modules/Discipline/DisciplineForm.php
+++ b/modules/Discipline/DisciplineForm.php
@@ -223,7 +223,7 @@ if ( ! $_REQUEST['modfunc'] )
 		'DATA_TYPE' => _makeType( '', 'DATA_TYPE' ),
 	);
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/Discipline/MakeReferral.php b/modules/Discipline/MakeReferral.php
index 75359fbe698b99854877f450ec3fba259dcc80aa..abef5730904ad64dda1ed63b777ffa01b6170387 100644
--- a/modules/Discipline/MakeReferral.php
+++ b/modules/Discipline/MakeReferral.php
@@ -145,8 +145,8 @@ if ( ! $_REQUEST['modfunc'] )
 		//FJ teachers need AllowEdit (to edit the input fields)
 		$_ROSARIO['allow_edit'] = true;
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-			'&modfunc=save&include_inactive=' . $_REQUEST['include_inactive'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+			'&modfunc=save&include_inactive=' . $_REQUEST['include_inactive']  ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton( _( 'Add Referral for Selected Students' ) ) );
 
diff --git a/modules/Discipline/Referrals.php b/modules/Discipline/Referrals.php
index 555a832c09d57d2779a44e6fa2ec48f81d737fef..5889754c674457d1cff0bb0e79a44ed99b8e481b 100644
--- a/modules/Discipline/Referrals.php
+++ b/modules/Discipline/Referrals.php
@@ -172,7 +172,7 @@ if ( ! $_REQUEST['modfunc']
 	{
 		$RET = $RET[1];
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&referral_id=' . $_REQUEST['referral_id'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&referral_id=' . $_REQUEST['referral_id']  ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton() );
 
diff --git a/modules/Eligibility/Activities.php b/modules/Eligibility/Activities.php
index 031dc878370195a26517c8c0e39e5c7e8f24f1e5..cdbe22d0c433ea3c2401b9c4a34861c4236a8b8a 100644
--- a/modules/Eligibility/Activities.php
+++ b/modules/Eligibility/Activities.php
@@ -106,7 +106,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$link['remove']['variables'] = array( 'id' => 'ID' );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/Eligibility/AddActivity.php b/modules/Eligibility/AddActivity.php
index e3527920bbbe620c22d12af73f291a364814658a..9f87bbf0497b160b1476c34c2eed9d14e56d807d 100644
--- a/modules/Eligibility/AddActivity.php
+++ b/modules/Eligibility/AddActivity.php
@@ -54,7 +54,7 @@ echo ErrorMessage( $error );
 
 if ( $_REQUEST['search_modfunc'] === 'list' )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 	DrawHeader( '', SubmitButton( _( 'Add Activity to Selected Students' ) ) );
 	echo '<br />';
 
diff --git a/modules/Eligibility/EnterEligibility.php b/modules/Eligibility/EnterEligibility.php
index 62b9981696a98c62ed70e767f4a727e00236ee8a..cb8313094ea533a46eaa934037def92e334c090f 100644
--- a/modules/Eligibility/EnterEligibility.php
+++ b/modules/Eligibility/EnterEligibility.php
@@ -198,7 +198,7 @@ $stu_RET = GetStuList( $extra );
 
 DrawHeader( ProgramTitle() );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 if ( $today > $END_DAY
 	| $today < $START_DAY
diff --git a/modules/Eligibility/EntryTimes.php b/modules/Eligibility/EntryTimes.php
index eb9b3158d58a74a4dc709825349552b8b5a78e82..e51c9fb947bec35e3233e47aea74ff408adf8134 100644
--- a/modules/Eligibility/EntryTimes.php
+++ b/modules/Eligibility/EntryTimes.php
@@ -85,7 +85,7 @@ else
 }
 
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 PopTable( 'header', _( 'Allow Eligibility Posting' ) );
 
diff --git a/modules/Eligibility/Student.php b/modules/Eligibility/Student.php
index 117fc5d8f9678623ddfe0619fb60c7c0dd571fab..11a8dcd208bb7bf4b8cba859a5fe6c0cee154c52 100644
--- a/modules/Eligibility/Student.php
+++ b/modules/Eligibility/Student.php
@@ -142,9 +142,9 @@ if ( UserStudentID()
 		'END_DATE' => '&nbsp;',
 	);
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 		'&modfunc=add&start_date=' . issetVal( $_REQUEST['start_date'], '' ) .
-		'" method="POST">';
+		'' ) . '" method="POST">';
 
 	$columns = array(
 		'TITLE' => _( 'Activity' ),
diff --git a/modules/Eligibility/TeacherCompletion.php b/modules/Eligibility/TeacherCompletion.php
index 3ce019392655eb56525a858ff80716ecf31ac54d..f668b9f1b78257f7076da263d9a92e9b5de55ecc 100644
--- a/modules/Eligibility/TeacherCompletion.php
+++ b/modules/Eligibility/TeacherCompletion.php
@@ -52,7 +52,7 @@ foreach ( (array) $periods_RET as $period )
 
 $period_select .= '</select>';
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="GET">';
 
 $begin_year = DBGetOne( "SELECT min(date_part('epoch',SCHOOL_DATE)) AS SCHOOL_DATE
 	FROM ATTENDANCE_CALENDAR
diff --git a/modules/Food_Service/AssignSchool.php b/modules/Food_Service/AssignSchool.php
index 505649886b4e99ed629166fa4d4932f93f6384c2..b1efa0e53d95bcff56c73fd8eb9e51b438f0bb54 100644
--- a/modules/Food_Service/AssignSchool.php
+++ b/modules/Food_Service/AssignSchool.php
@@ -63,7 +63,7 @@ $staff_RET = DBGet( "SELECT fst.TRANSACTION_ID,fst.STAFF_ID,fst.SYEAR,
 //echo '<pre>'; var_dump($students_RET); echo '</pre>';
 //echo '<pre>'; var_dump($users_RET); echo '</pre>';
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 DrawHeader( '', SubmitButton() );
 $columns = array( 'TRANSACTION_ID' => _( 'ID' ), 'ACCOUNT_ID' => _( 'Account ID' ), 'SYEAR' => _( 'School Year' ), 'FULL_NAME' => _( 'Student' ), 'STUDENTS' => _( 'Students' ), 'SCHOOL_ID' => _( 'School' ) );
 ListOutput( $students_RET, $columns, 'Student Transaction w/o School', 'Student Transactions w/o School', false, array(), array( 'save' => false, 'search' => false ) );
diff --git a/modules/Food_Service/DailyMenus.php b/modules/Food_Service/DailyMenus.php
index 562684adfa4da6aa2a68c454b3a0a1f1a8226595..789c51a9fcd7943695881681a808e6dda9342b95 100644
--- a/modules/Food_Service/DailyMenus.php
+++ b/modules/Food_Service/DailyMenus.php
@@ -301,8 +301,8 @@ else
 
 	$LO_columns = array( 'ID' => _( 'ID' ), 'SCHOOL_DATE' => _( 'Date' ), 'DESCRIPTION' => _( 'Description' ) );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&menu_id=' . $_REQUEST['menu_id'] .
-		'&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&menu_id=' . $_REQUEST['menu_id'] .
+		'&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year']  ) . '" method="POST">';
 
 	DrawHeader(
 		PrepareDate(
diff --git a/modules/Food_Service/MenuItems.php b/modules/Food_Service/MenuItems.php
index 44168f301137e0a1dd64d582658f64f1d4491408..43e5d7065e0e3c5d74f46aeae102bde3ebbc479d 100644
--- a/modules/Food_Service/MenuItems.php
+++ b/modules/Food_Service/MenuItems.php
@@ -387,7 +387,7 @@ if ( ! $_REQUEST['modfunc'] )
 	$LO_ret = DBGet( $sql, $functions );
 	//echo '<pre>'; var_dump($LO_ret); echo '</pre>';
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id']  ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 	echo '<br />';
 
diff --git a/modules/Food_Service/Menus.php b/modules/Food_Service/Menus.php
index 44187acded736aac658fd8f4f15cbfa2b656ae53..627189333cfdf949bc7bfca35d50cbb5eb38a989 100644
--- a/modules/Food_Service/Menus.php
+++ b/modules/Food_Service/Menus.php
@@ -257,7 +257,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$LO_ret = DBGet( $sql, $functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id']  ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 	echo '<br />';
 
diff --git a/modules/Food_Service/Students/Accounts.php b/modules/Food_Service/Students/Accounts.php
index 20ad5b13c8d2cbdad853206b89871f212411fbbe..d288c2930ba7fc6a26d44c79382119bcee8d8a5d 100644
--- a/modules/Food_Service/Students/Accounts.php
+++ b/modules/Food_Service/Students/Accounts.php
@@ -138,7 +138,7 @@ if ( UserStudentID() && ! $_REQUEST['modfunc'] )
 		AND SYEAR='" . UserSyear() . "'
 		AND (START_DATE<=CURRENT_DATE AND (END_DATE IS NULL OR CURRENT_DATE<=END_DATE)))" ) );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 	DrawHeader(
 		CheckBoxOnclick(
diff --git a/modules/Food_Service/Students/Reminders.php b/modules/Food_Service/Students/Reminders.php
index c3e637f2bc2c0dba225ad4083fee0ae475ba6b06..1962f48456179ece4a31c3d3473f4ed2af84fbf3 100644
--- a/modules/Food_Service/Students/Reminders.php
+++ b/modules/Food_Service/Students/Reminders.php
@@ -191,7 +191,7 @@ if ( ! $_REQUEST['modfunc'] )
 {
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true' ) . '" method="POST">';
 		//DrawHeader('',SubmitButton('Create Reminders for Selected Students'));
 		//FJ add translation
 		$extra['header_right'] = SubmitButton( _( 'Create Reminders for Selected Students' ) );
diff --git a/modules/Food_Service/Students/ServeMenus.php b/modules/Food_Service/Students/ServeMenus.php
index 286814e74d84d628383d5a7072d71cdbcc8211d3..a36dec0f8afd9448d7cb10571eda516c3d8f933a 100644
--- a/modules/Food_Service/Students/ServeMenus.php
+++ b/modules/Food_Service/Students/ServeMenus.php
@@ -114,7 +114,7 @@ if ( UserStudentID() && ! $_REQUEST['modfunc'] )
 
 	$student = $student[1];
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=submit&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=submit&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 
 	DrawHeader(
 		'',
@@ -235,7 +235,7 @@ if ( UserStudentID() && ! $_REQUEST['modfunc'] )
 		);
 
 		echo '<br />';
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=add&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=add&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 
 		ListOutput( $LO_ret, $columns, 'Item', 'Items', $link, array(), $extra );
 
diff --git a/modules/Food_Service/Students/Transactions.php b/modules/Food_Service/Students/Transactions.php
index 5f431c824b978a1cc800fba36956688367cecbfa..c10f8c3f6f4b6897aaef01a87a7564b794ac8d72 100644
--- a/modules/Food_Service/Students/Transactions.php
+++ b/modules/Food_Service/Students/Transactions.php
@@ -89,7 +89,7 @@ if ( UserStudentID()
 	$student = $student[1];
 
 	//$PHP_tmp_SELF = PreparePHP_SELF();
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 	DrawHeader( '', ResetButton( _( 'Cancel' ) ) . SubmitButton() );
 
diff --git a/modules/Food_Service/TakeMenuCounts.php b/modules/Food_Service/TakeMenuCounts.php
index 247267b8d4e2df5dc7ddad40113329730ab98a08..e7b4a07c1469ef1364d72f4289c5d9cd0f8c70bb 100644
--- a/modules/Food_Service/TakeMenuCounts.php
+++ b/modules/Food_Service/TakeMenuCounts.php
@@ -56,7 +56,7 @@ $calendar_RET = DBGet( "SELECT MINUTES FROM ATTENDANCE_CALENDAR WHERE CALENDAR_I
 
 if ( ! $calendar_RET[1]['MINUTES'] )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 	DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ) );
 	echo '</form>';
 	ErrorMessage( array( _( 'The selected date is not a school day!' ) ), 'fatal' );
@@ -64,7 +64,7 @@ if ( ! $calendar_RET[1]['MINUTES'] )
 
 if ( GetCurrentMP( $course_RET[1]['MP'], $date ) != $course_RET[1]['MARKING_PERIOD_ID'] )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 	DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ) );
 	echo '</form>';
 	ErrorMessage( array( _( 'This period does not meet in the marking period of the selected date.' ) ), 'fatal' );
@@ -90,7 +90,7 @@ switch ( $day )
 
 if ( mb_strpos( $days, $day ) === false )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&table=' . $_REQUEST['table'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&table=' . $_REQUEST['table']  ) . '" method="POST">';
 	DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ) );
 	echo '</form>';
 	ErrorMessage( array( _( 'This period does not meet on the selected date.' ) ), 'fatal' );
@@ -156,7 +156,7 @@ if ( $completed[1]['COMPLETED'] )
 	$note[] = button( 'check' ) . _( 'You have taken lunch counts today for this period.' );
 }
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ) . $date_note, SubmitButton() );
 
 echo ErrorMessage( $note, 'note' );
diff --git a/modules/Food_Service/TeacherCompletion.php b/modules/Food_Service/TeacherCompletion.php
index 822d8d82ba48e837df7fcdeedf27d0fe8023ec73..78f917149d3f1995115bf6f928f0fd9b5e4baddb 100644
--- a/modules/Food_Service/TeacherCompletion.php
+++ b/modules/Food_Service/TeacherCompletion.php
@@ -145,11 +145,11 @@ if ( empty( $_REQUEST['period'] ) )
 	}
 }
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 DrawHeader( PrepareDate( $date, '_date' ) . ' : ' . $period_select . ' : <input type=submit value=' . _( 'Go' ) . '>' );
 echo '</form>';
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=add&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=add&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 
 if ( count( (array) $menus_RET ) > 1 )
 {
diff --git a/modules/Food_Service/Users/Accounts.php b/modules/Food_Service/Users/Accounts.php
index 4832964a3f156c5a4bc7e7bf95af8a353b6c714b..66dacdec3bb68a817204eb8479e4a2edb2da554f 100644
--- a/modules/Food_Service/Users/Accounts.php
+++ b/modules/Food_Service/Users/Accounts.php
@@ -152,7 +152,7 @@ if ( UserStaffID() && ! $_REQUEST['modfunc'] )
 
 	if ( $staff['ACCOUNT_ID'] )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 		DrawHeader(
 			'',
@@ -165,7 +165,7 @@ if ( UserStaffID() && ! $_REQUEST['modfunc'] )
 	}
 	else
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=create" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=create' ) . '" method="POST">';
 		DrawHeader( '', SubmitButton( _( 'Create Account' ) ) );
 	}
 
diff --git a/modules/Food_Service/Users/Reminders.php b/modules/Food_Service/Users/Reminders.php
index 2c35b5f340a0fde6c90e1ddd836879f68e66f53d..f33084faf3f75006d4270bc887cec3154297ae07 100644
--- a/modules/Food_Service/Users/Reminders.php
+++ b/modules/Food_Service/Users/Reminders.php
@@ -101,7 +101,7 @@ if ( ! $_REQUEST['modfunc'] || $_REQUEST['search_modfunc'] === 'list' )
 {
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true' ) . '" method="POST">';
 		DrawHeader( '', SubmitButton( _( 'Create Reminders for Selected Users' ) ) );
 	}
 
diff --git a/modules/Food_Service/Users/ServeMenus.php b/modules/Food_Service/Users/ServeMenus.php
index f462eae9df5f95916bca273582f40545414f455e..74a1eeef565edd82c811297e711580cf000f8983 100644
--- a/modules/Food_Service/Users/ServeMenus.php
+++ b/modules/Food_Service/Users/ServeMenus.php
@@ -69,7 +69,7 @@ if ( UserStaffID()
 
 	$staff = $staff[1];
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=submit&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=submit&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 
 	DrawHeader(
 		'',
@@ -172,7 +172,7 @@ if ( UserStaffID()
 
 		echo '<br />';
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=add&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=add&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 
 		ListOutput( $LO_ret, $columns, 'Item', 'Items', $link, array(), $extra );
 
diff --git a/modules/Food_Service/Users/Transactions.php b/modules/Food_Service/Users/Transactions.php
index 51f21855c196b24715817ab8e6155a43b82a49c4..e1ee34ad18080a8c435fdc3767e0ccbded50ef70 100644
--- a/modules/Food_Service/Users/Transactions.php
+++ b/modules/Food_Service/Users/Transactions.php
@@ -64,7 +64,7 @@ if ( UserStaffID()
 	$staff = $staff[1];
 
 	//$PHP_tmp_SELF = PreparePHP_SELF();
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 	DrawHeader( '', ResetButton( _( 'Cancel' ) ) . SubmitButton() );
 
diff --git a/modules/Grades/AnomalousGrades.php b/modules/Grades/AnomalousGrades.php
index 043edd57ea055b86f2286ed463995822c35596ac..816c37333a146e27d01a13e5227336950c9e9475 100644
--- a/modules/Grades/AnomalousGrades.php
+++ b/modules/Grades/AnomalousGrades.php
@@ -7,7 +7,7 @@ DrawHeader( _( 'Gradebook' ) . ' - ' . ProgramTitle() );
 
 $max_allowed = Preferences( 'ANOMALOUS_MAX', 'Gradebook' ) / 100;
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 DrawHeader(
 	CheckBoxOnclick(
diff --git a/modules/Grades/Assignments-new.php b/modules/Grades/Assignments-new.php
index a9a4350877e17f9c46ba0c91a9266847bdf17222..b434b079581c11b4deb8ee6042e000744ab1e449 100644
--- a/modules/Grades/Assignments-new.php
+++ b/modules/Grades/Assignments-new.php
@@ -340,7 +340,7 @@ if ( ! $_REQUEST['modfunc'] )
 		$subject = 'Assignmemt Types';
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id']  ) . '" method="POST">';
 
 	DrawHeader( CheckBoxOnclick( 'allow_edit', _( 'Edit' ) ), SubmitButton() );
 
diff --git a/modules/Grades/Assignments.php b/modules/Grades/Assignments.php
index 5e7cf6b70f4791aa9f8743fbe7abf7d344f00cf6..d601d7e08eb89ba3984e6cf5cdb635794d1c3b5f 100644
--- a/modules/Grades/Assignments.php
+++ b/modules/Grades/Assignments.php
@@ -560,14 +560,14 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( ! empty( $_REQUEST['assignment_id'] ) )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&assignment_type_id=' . $_REQUEST['assignment_type_id'];
+		$action = 'Modules.php?modname=' . $_REQUEST['modname'] . '&table=GRADEBOOK_ASSIGNMENTS&assignment_type_id=' . $_REQUEST['assignment_type_id'];
 
 		if ( $_REQUEST['assignment_id'] !== 'new' )
 		{
-			echo '&assignment_id=' . $_REQUEST['assignment_id'];
+			$action .= '&assignment_id=' . $_REQUEST['assignment_id'];
 		}
 
-		echo '&table=GRADEBOOK_ASSIGNMENTS" method="POST">';
+		echo '<form action="' . URLEscape( $action ) . '" method="POST">';
 
 		DrawHeader( $title, $delete_button . SubmitButton() );
 
@@ -709,14 +709,14 @@ if ( ! $_REQUEST['modfunc'] )
 	}
 	elseif ( ! empty( $_REQUEST['assignment_type_id'] ) )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&table=GRADEBOOK_ASSIGNMENT_TYPES';
+		$action = 'Modules.php?modname=' . $_REQUEST['modname'] . '&table=GRADEBOOK_ASSIGNMENT_TYPES';
 
 		if ( $_REQUEST['assignment_type_id'] !== 'new' )
 		{
-			echo '&assignment_type_id=' . $_REQUEST['assignment_type_id'];
+			$action .= '&assignment_type_id=' . $_REQUEST['assignment_type_id'];
 		}
 
-		echo '" method="POST">';
+		echo '<form action="' . URLEscape( $action ) . '" method="POST">';
 
 		DrawHeader( $title, $delete_button . SubmitButton() );
 
diff --git a/modules/Grades/Configuration.php b/modules/Grades/Configuration.php
index 40959d8674677367b7185eb0fc8c1c21ad0b501b..4a9897533b0499f43a93e0f2f2fd9ae122b9a8eb 100644
--- a/modules/Grades/Configuration.php
+++ b/modules/Grades/Configuration.php
@@ -50,7 +50,7 @@ echo ErrorMessage( $note, 'note' );
 // @since 5.8 Admin can override teachers gradebook configuration: use -1 as Staff ID.
 $gradebook_config = ProgramUserConfig( 'Gradebook', ( User( 'PROFILE' ) === 'admin' ? -1 : 0 ) );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 if ( User( 'PROFILE' ) === 'admin' )
 {
diff --git a/modules/Grades/EditHistoryMarkingPeriods.php b/modules/Grades/EditHistoryMarkingPeriods.php
index 068ea7489e5b364205ac4c24d3e90d798fb68c18..f07eb04f32ca682743ff2205e28545969114030c 100644
--- a/modules/Grades/EditHistoryMarkingPeriods.php
+++ b/modules/Grades/EditHistoryMarkingPeriods.php
@@ -75,7 +75,7 @@ if ( $_REQUEST['modfunc'] === 'remove' )
 
 if ( ! $_REQUEST['modfunc'] )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/Grades/EditReportCardGrades.php b/modules/Grades/EditReportCardGrades.php
index 954f0922a0af88f3db662d0fba43cc2b51839a0a..6ce6fc39ae8ac2ad31288fa463037b126ddba44c 100644
--- a/modules/Grades/EditReportCardGrades.php
+++ b/modules/Grades/EditReportCardGrades.php
@@ -246,8 +246,8 @@ if ( UserStudentID() )
 			$mp_id = "0";
 		}
 
-		$mp_select = '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-			'&tab_id=' . $tab_id . '" method="POST">';
+		$mp_select = '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+			'&tab_id=' . $tab_id  ) . '" method="POST">';
 
 		$mp_select .= '<select name="mp_id" onchange="ajaxPostForm(this.form,true);">';
 
@@ -268,8 +268,8 @@ if ( UserStudentID() )
 		DrawHeader( $mp_select );
 
 		// FORM for updates/new records.
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-			'&modfunc=update&tab_id=' . $tab_id . '&mp_id=' . $mp_id . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+			'&modfunc=update&tab_id=' . $tab_id . '&mp_id=' . $mp_id  ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton() );
 		echo '<br />';
diff --git a/modules/Grades/FinalGrades.php b/modules/Grades/FinalGrades.php
index 551c7d1b3c84cb8cad577b3fb4aa4efd40d30f03..99312d74af3bdbb79caab46c8c62a4757c2678e2 100644
--- a/modules/Grades/FinalGrades.php
+++ b/modules/Grades/FinalGrades.php
@@ -520,10 +520,10 @@ if ( ! $_REQUEST['modfunc'] )
 	{
 		$_ROSARIO['allow_edit'] = true;
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 			'&modfunc=save&include_inactive=' .
 			issetVal( $_REQUEST['include_inactive'], '' ) .
-			'" method="GET">';
+			'' ) . '" method="GET">';
 
 		$extra['header_right'] = SubmitButton( _( 'Create Grade Lists for Selected Students' ) );
 
diff --git a/modules/Grades/GradeBreakdown.php b/modules/Grades/GradeBreakdown.php
index 457f72f0710d45bcc37e677f062c0c33a2c0a41f..2781d17d533add6621bf7917f8adff25906db350 100644
--- a/modules/Grades/GradeBreakdown.php
+++ b/modules/Grades/GradeBreakdown.php
@@ -44,7 +44,7 @@ $mps_RET = DBGet( "SELECT MARKING_PERIOD_ID,TITLE,DOES_GRADES,0,SORT_ORDER
 	AND MP='PRO'
 	ORDER BY 5,SORT_ORDER" );
 
-echo '<form action="Modules.php?modname='.$_REQUEST['modname'].'" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname='.$_REQUEST['modname'].'' ) . '" method="GET">';
 
 $mp_select = '<select name="mp_id" id="mp_id" onchange="ajaxPostForm(this.form,true);">';
 
diff --git a/modules/Grades/Grades.php b/modules/Grades/Grades.php
index 5a643da2b0f7fb7a2dbd582f3249537d2b8f262b..57edf48d658425325bbcb4c04c5d153f79c8284c 100644
--- a/modules/Grades/Grades.php
+++ b/modules/Grades/Grades.php
@@ -611,7 +611,7 @@ if ( $assignments_RET )
 
 $assignment_select .= '</select><label for="assignment_id" class="a11y-hidden">' . _( 'Assignments' ) . '</label>';
 
-// echo '<form action="Modules.php?modname='.$_REQUEST['modname'].'&student_id='.UserStudentID().'" method="POST">';
+// echo '<form action="' . URLEscape( 'Modules.php?modname='.$_REQUEST['modname'].'&student_id='.UserStudentID().'' ) . '" method="POST">';
 
 echo '<form action="' . PreparePHP_SELF( array(), array( 'values' ) ) . '" method="POST">';
 
diff --git a/modules/Grades/HonorRoll.php b/modules/Grades/HonorRoll.php
index f568b7c8d633389a63c55b62f95dc5c98d428e03..f63d7680c39e0f4ce7d8c5e97cac54d9a254d202 100644
--- a/modules/Grades/HonorRoll.php
+++ b/modules/Grades/HonorRoll.php
@@ -39,9 +39,9 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 			'&modfunc=save&include_inactive=' . issetVal( $_REQUEST['include_inactive'] ) .
-			'&_ROSARIO_PDF=true" method="POST" enctype="multipart/form-data">';
+			'&_ROSARIO_PDF=true' ) . '" method="POST" enctype="multipart/form-data">';
 
 		$extra['header_right'] = SubmitButton( _( 'Create Honor Roll for Selected Students' ) );
 
diff --git a/modules/Grades/InputFinalGrades.php b/modules/Grades/InputFinalGrades.php
index b60f773f00e4a95484d6156fa3b3f0e92bc773c2..dbb01b66d49f56e745e74d02acd81a5fe5a5385a 100644
--- a/modules/Grades/InputFinalGrades.php
+++ b/modules/Grades/InputFinalGrades.php
@@ -1127,10 +1127,10 @@ $extra['DATE'] = GetMP( $_REQUEST['mp'], 'END_DATE' );
 
 $stu_RET = GetStuList( $extra );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 	( ! empty( $categories_RET ) && GetMP( $_REQUEST['mp'], 'DOES_COMMENTS' ) == 'Y' ?
 		'&tab_id=' . $_REQUEST['tab_id'] : '' ) .
-	'&mp=' . $_REQUEST['mp'] . '" method="POST">';
+	'&mp=' . $_REQUEST['mp']  ) . '" method="POST">';
 
 if ( ! isset( $_REQUEST['_ROSARIO_PDF'] ) )
 {
diff --git a/modules/Grades/MassCreateAssignments.php b/modules/Grades/MassCreateAssignments.php
index 75d1e87cf5f83f3164b3bc19bf2734f5a91cea42..5ad42335d4cbead045821b4fcabeaba397b1835e 100644
--- a/modules/Grades/MassCreateAssignments.php
+++ b/modules/Grades/MassCreateAssignments.php
@@ -262,7 +262,7 @@ if ( ! $_REQUEST['modfunc'] )
 	if ( $_REQUEST['assignment_type']
 		&& $_REQUEST['assignment_type'] !== 'new' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&assignment_type=' . $_REQUEST['assignment_type'] . '&table=GRADEBOOK_ASSIGNMENTS" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&assignment_type=' . $_REQUEST['assignment_type'] . '&table=GRADEBOOK_ASSIGNMENTS' ) . '" method="POST">';
 
 		$submit_button = SubmitButton( _( 'Create Assignment for Selected Course Periods' ) );
 
@@ -347,7 +347,7 @@ if ( ! $_REQUEST['modfunc'] )
 	}
 	elseif ( $_REQUEST['assignment_type'] === 'new' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&table=GRADEBOOK_ASSIGNMENT_TYPES" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&table=GRADEBOOK_ASSIGNMENT_TYPES' ) . '" method="POST">';
 
 		$submit_button = SubmitButton( _( 'Create Assignment Type for Selected Courses' ) );
 
diff --git a/modules/Grades/ProgressReports.php b/modules/Grades/ProgressReports.php
index f9492ae7094d8f6d7269af3c5df9e78caeb26956..35ad981b8bf9942a11004d0a1ae42e26785debc8 100644
--- a/modules/Grades/ProgressReports.php
+++ b/modules/Grades/ProgressReports.php
@@ -279,9 +279,9 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list_st' || UserStudentID() )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 			'&modfunc=save&include_inactive=' . $_REQUEST['include_inactive'] .
-			'&_ROSARIO_PDF=true" method="POST">';
+			'&_ROSARIO_PDF=true' ) . '" method="POST">';
 
 		$extra['header_right'] = Buttons( _( 'Create Progress Reports for Selected Students' ) );
 
diff --git a/modules/Grades/ReportCardCommentCodes.php b/modules/Grades/ReportCardCommentCodes.php
index 6b8550cdda354946724a97882d08160b0e6df9a5..d8d6c129e04a63ae92a322a853a9744503a20e5f 100644
--- a/modules/Grades/ReportCardCommentCodes.php
+++ b/modules/Grades/ReportCardCommentCodes.php
@@ -256,8 +256,8 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$LO_ret = DBGet( $sql, $functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' .
-		$_REQUEST['tab_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' .
+		$_REQUEST['tab_id']  ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 	echo '<br />';
diff --git a/modules/Grades/ReportCardComments.php b/modules/Grades/ReportCardComments.php
index 436937217d38c58c0499c0f7224d8a3431694580..f9bcb30f40c8896891a0bfa9059a421d622566e1 100644
--- a/modules/Grades/ReportCardComments.php
+++ b/modules/Grades/ReportCardComments.php
@@ -415,8 +415,8 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$LO_ret = DBGet( $sql, $functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&course_id=' .
-		$_REQUEST['course_id'] . '&tab_id=' . $_REQUEST['tab_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&course_id=' .
+		$_REQUEST['course_id'] . '&tab_id=' . $_REQUEST['tab_id']  ) . '" method="POST">';
 
 	DrawHeader( $subject_select . ' : ' . $course_select, SubmitButton() );
 	echo '<br />';
diff --git a/modules/Grades/ReportCardGrades.php b/modules/Grades/ReportCardGrades.php
index 20e49a643c5d632b6b5ea398091ed044d5ed1982..49e57246f641012457c6dfc86e01369882e805de 100644
--- a/modules/Grades/ReportCardGrades.php
+++ b/modules/Grades/ReportCardGrades.php
@@ -298,7 +298,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$LO_ret = DBGet( $sql, $functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id']  ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 	echo '<br />';
 
diff --git a/modules/Grades/TeacherCompletion.php b/modules/Grades/TeacherCompletion.php
index 2d91ab1207f0822906de26d31611774217d687a8..9e52d5db860bd6ec6e6ddffc88f355f4bef01431 100644
--- a/modules/Grades/TeacherCompletion.php
+++ b/modules/Grades/TeacherCompletion.php
@@ -74,7 +74,7 @@ if ( GetMP( $fy, 'DOES_GRADES' ) == 'Y' )
 
 $mp_select .= '</select>';
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="GET">';
 DrawHeader( $mp_select . ' - ' . $period_select );
 echo '</form>';
 
diff --git a/modules/Grades/Transcripts.php b/modules/Grades/Transcripts.php
index 02cc7ffaee278f76633b93470643d0d75dbfbbb2..2d4ef5241bed47f837bd7f3e84244ba76a44725a 100644
--- a/modules/Grades/Transcripts.php
+++ b/modules/Grades/Transcripts.php
@@ -75,7 +75,7 @@ if ( ! $_REQUEST['modfunc'] )
 	{
 		//FJ include gentranscript.php in Transcripts.php
 		//echo '<form action="modules/Grades/gentranscript.php" method="POST">';
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true' ) . '" method="POST">';
 
 		$extra['header_right'] = Buttons( _( 'Create Transcripts for Selected Students' ) );
 
diff --git a/modules/Resources/Resources.php b/modules/Resources/Resources.php
index 4f2586f5dee8574766a1090efceadbd723259f51..b74db16ddec1f54987ff3164d0fbbbb428f09e95 100644
--- a/modules/Resources/Resources.php
+++ b/modules/Resources/Resources.php
@@ -82,7 +82,7 @@ if ( ! $_REQUEST['modfunc'] )
 	$link['remove']['link'] = 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=remove';
 	$link['remove']['variables'] = array( 'id' => 'ID' );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 
 	ListOutput( $resources_RET, $columns, 'Resource', 'Resources', $link );
diff --git a/modules/Scheduling/Courses.php b/modules/Scheduling/Courses.php
index 4825b534470a1d04a86e63ebc7009d81fda60c83..90cf8ad808033c09eef4e78ba94771925ead2e25 100644
--- a/modules/Scheduling/Courses.php
+++ b/modules/Scheduling/Courses.php
@@ -67,9 +67,9 @@ if ( isset( $_REQUEST['course_modfunc'] )
 
 	PopTable( 'header', _( 'Search' ) );
 
-	echo '<form name="search" action="Modules.php?modname=' . $_REQUEST['modname'] .
+	echo '<form name="search" action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 		'&modfunc=' . $_REQUEST['modfunc'] . '&course_modfunc=search&last_year=' .
-		$_REQUEST['last_year'] . '" method="POST">'; // Fix Search: Use POST for Public Pages plugin compatibility.
+		$_REQUEST['last_year']  ) . '" method="POST">'; // Fix Search: Use POST for Public Pages plugin compatibility.
 
 	echo '<table><tr><td><input type="text" name="search_term" value="' .
 		issetVal( $_REQUEST['search_term'], '' ) . '" required autofocus /></td>
@@ -867,10 +867,10 @@ if (  ( ! $_REQUEST['modfunc']
 				$new = true;
 			}
 
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 				'&subject_id=' . $_REQUEST['subject_id'] .
 				'&course_id=' . $_REQUEST['course_id'] .
-				'&course_period_id=' . $_REQUEST['course_period_id'] . '" method="POST">';
+				'&course_period_id=' . $_REQUEST['course_period_id']  ) . '" method="POST">';
 
 			DrawHeader( $title, $delete_button . SubmitButton() );
 
@@ -1295,7 +1295,7 @@ if (  ( ! $_REQUEST['modfunc']
 				$RET = array();
 			}
 
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&subject_id=' . $_REQUEST['subject_id'] . '&course_id=' . $_REQUEST['course_id'] . '" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&subject_id=' . $_REQUEST['subject_id'] . '&course_id=' . $_REQUEST['course_id']  ) . '" method="POST">';
 
 			DrawHeader( $title, $delete_button . SubmitButton() );
 
@@ -1357,7 +1357,7 @@ if (  ( ! $_REQUEST['modfunc']
 				$title = _( 'New Subject' );
 			}
 
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&subject_id=' . $_REQUEST['subject_id'] . '" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&subject_id=' . $_REQUEST['subject_id']  ) . '" method="POST">';
 
 			DrawHeader( $title, $delete_button . SubmitButton() );
 
@@ -1400,7 +1400,7 @@ if (  ( ! $_REQUEST['modfunc']
 
 		if ( $_REQUEST['modname'] === 'Scheduling/Schedule.php' )
 		{
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 			DrawHeader(
 				$choose_a_header_html,
diff --git a/modules/Scheduling/IncompleteSchedules.php b/modules/Scheduling/IncompleteSchedules.php
index 05bf77f15c99068755facdd6ff1fd3687be46e21..d53b5c382fc5595849adf8528049ab52d1555a97 100644
--- a/modules/Scheduling/IncompleteSchedules.php
+++ b/modules/Scheduling/IncompleteSchedules.php
@@ -16,7 +16,7 @@ DrawHeader( ProgramTitle() );
 
 if ( ! empty( $period_select ) )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 	DrawHeader( $period_select );
 	echo '</form>';
 }
diff --git a/modules/Scheduling/MassDrops.php b/modules/Scheduling/MassDrops.php
index 6697a894009bc438d843da64a57ca54589176702..1b28c64289123125706999352a3bc4f1eac27963 100644
--- a/modules/Scheduling/MassDrops.php
+++ b/modules/Scheduling/MassDrops.php
@@ -152,7 +152,7 @@ if ( $_REQUEST['modfunc'] != 'choose_course' )
 {
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 		DrawHeader( '', SubmitButton( _( 'Drop Course for Selected Students' ) ) );
 
 		echo '<br />';
diff --git a/modules/Scheduling/MassRequests.php b/modules/Scheduling/MassRequests.php
index 7c5cf19fd1a0abef45633d46ca695987947cd414..e6b0b3ea2d65d9675cb53de6a2de55199993820d 100644
--- a/modules/Scheduling/MassRequests.php
+++ b/modules/Scheduling/MassRequests.php
@@ -64,7 +64,7 @@ if ( $_REQUEST['modfunc'] != 'choose_course' )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton( _( 'Add Request to Selected Students' ) ) );
 
diff --git a/modules/Scheduling/MassSchedule.php b/modules/Scheduling/MassSchedule.php
index 7abbe4be9c368f82ce73b7986e0c67bfedc2fe6d..510086fc0ebb3dd2472b936e35fb266e1c706eed 100644
--- a/modules/Scheduling/MassSchedule.php
+++ b/modules/Scheduling/MassSchedule.php
@@ -127,7 +127,7 @@ if ( ! $_REQUEST['modfunc'] )
 {
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton( _( 'Add Courses to Selected Students' ) ) );
 
diff --git a/modules/Scheduling/Menu.php b/modules/Scheduling/Menu.php
index e9544b35a3b50d0e9fe8ba437f51a0d112196faa..ae734e0d7bf280e14e5159c9be3df8038d311caf 100644
--- a/modules/Scheduling/Menu.php
+++ b/modules/Scheduling/Menu.php
@@ -20,13 +20,13 @@ $menu['Scheduling']['admin'] = array(
 	'Scheduling/MassDrops.php' => _( 'Group Drops' ),
 	1 => _( 'Reports' ),
 	'Scheduling/PrintSchedules.php' => _( 'Print Schedules' ),
-	'Scheduling/PrintClassLists.php' => _( 'Print Class Lists' ),
+	'Scheduling/PrintClassLists.php' => _( 'Print Class Lists' ), // TODO merge with PrintClassPictures.php, Parent?? ONLY Pictures.
 	'Scheduling/PrintClassPictures.php' => _( 'Print Class Pictures' ),
 	'Scheduling/PrintRequests.php' => _( 'Print Requests' ),
-	'Scheduling/MasterScheduleReport.php' => _( 'Master Schedule Report' ),
+	'Scheduling/MasterScheduleReport.php' => _( 'Master Schedule Report' ), // TODO merge with ScheduleReport.php.
 	'Scheduling/ScheduleReport.php' => _( 'Schedule Report' ),
 	'Scheduling/RequestsReport.php' => _( 'Requests Report' ),
-	'Scheduling/UnfilledRequests.php' => _( 'Unfilled Requests' ),
+	'Scheduling/UnfilledRequests.php' => _( 'Unfilled Requests' ), // TODO merge with RequestsReport.php.
 	'Scheduling/IncompleteSchedules.php' => _( 'Incomplete Schedules' ),
 	'Scheduling/AddDrop.php' => _( 'Add / Drop Report' ),
 	2 => _( 'Setup' ),
@@ -54,7 +54,7 @@ $menu['Scheduling']['parent'] = array(
 	// Activate Courses for Teachers & Parents & Students.
 	'Scheduling/Courses.php' => _( 'Courses' ),
 	1 => _( 'Reports' ),
-	// FJ activate Print Schedules for parents and students.
+	// Activate Print Schedules for parents and students.
 	'Scheduling/PrintSchedules.php' => _( 'Print Schedules' ),
 	'Scheduling/PrintClassPictures.php' => _( 'Class Pictures' ),
 );
diff --git a/modules/Scheduling/PrintClassLists.php b/modules/Scheduling/PrintClassLists.php
index ce2005399ab0ee563b128ff8edcd5b31f2c4ae16..1374e64a1cc5d9ef808beaed4fac5ecca09b4edc 100644
--- a/modules/Scheduling/PrintClassLists.php
+++ b/modules/Scheduling/PrintClassLists.php
@@ -117,8 +117,8 @@ if ( ! $_REQUEST['modfunc']
 
 	if ( $_REQUEST['modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&search_modfunc=list&_ROSARIO_PDF=true' .
-			issetVal( $extra['action'], '' ) . '" method="POST" name="search">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&search_modfunc=list&_ROSARIO_PDF=true' .
+			issetVal( $extra['action'], '' )  ) . '" method="POST" name="search">';
 
 		$submit_button = Buttons( _( 'Create Class Lists for Selected Course Periods' ) );
 
diff --git a/modules/Scheduling/PrintClassPictures.php b/modules/Scheduling/PrintClassPictures.php
index 3e3304e499416710732701821ff9bb058fd8ddd0..ff67375bd7d481be99adc556c9ba2f612988d5de 100644
--- a/modules/Scheduling/PrintClassPictures.php
+++ b/modules/Scheduling/PrintClassPictures.php
@@ -219,7 +219,7 @@ if ( ! $_REQUEST['modfunc']
 
 	if ( $_REQUEST['modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true' ) . '" method="POST">';
 
 		$extra['header_right'] = Buttons( _( 'Create Class Pictures for Selected Course Periods' ) );
 
diff --git a/modules/Scheduling/PrintSchedules.php b/modules/Scheduling/PrintSchedules.php
index 114dbc0fbd0661c740a984207d809d282e3d3f6f..9eaab9aff0f06e7fa1796b079e968c6dbeef6ded 100644
--- a/modules/Scheduling/PrintSchedules.php
+++ b/modules/Scheduling/PrintSchedules.php
@@ -346,10 +346,10 @@ if ( ! $_REQUEST['modfunc'] )
 			$mp_options[ $mp['MARKING_PERIOD_ID'] ] = $mp['TITLE'];
 		}
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 			'&modfunc=save&include_inactive=' .
 			issetVal( $_REQUEST['include_inactive'], '' ) .
-			'&_ROSARIO_PDF=true" method="POST" id="printSchedulesForm">';
+			'&_ROSARIO_PDF=true' ) . '" method="POST" id="printSchedulesForm">';
 
 		$extra['header_right'] = Buttons( _( 'Create Schedules for Selected Students' ) );
 
diff --git a/modules/Scheduling/Requests.php b/modules/Scheduling/Requests.php
index c272a526a4db320b4f275457f8077dc3cf8c349d..718c2aec7905934b14e691c575249fb0263ba5b3 100644
--- a/modules/Scheduling/Requests.php
+++ b/modules/Scheduling/Requests.php
@@ -213,7 +213,7 @@ function processRequest()
 		'variables' => array( 'id' => 'REQUEST_ID' ),
 	);
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/Scheduling/Schedule.php b/modules/Scheduling/Schedule.php
index b73b8bc3c399c62b55666e162c6052e1b2efa819..cac288ff6a7f4866f004eeadda68ab2e6e7568d7 100644
--- a/modules/Scheduling/Schedule.php
+++ b/modules/Scheduling/Schedule.php
@@ -156,7 +156,7 @@ if ( $_REQUEST['modfunc'] === 'modify'
 if ( UserStudentID()
 	&& ! $_REQUEST['modfunc'] )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=modify" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=modify' ) . '" method="POST">';
 
 	DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ), SubmitButton() );
 
diff --git a/modules/Scheduling/ScheduleReport.php b/modules/Scheduling/ScheduleReport.php
index 861dc58a5b67fd48c0dbd9a4d7e10c64a453ae48..839a234fb2bbe11b4ad61a846059ee563875eccb 100644
--- a/modules/Scheduling/ScheduleReport.php
+++ b/modules/Scheduling/ScheduleReport.php
@@ -6,7 +6,7 @@ $_REQUEST['course_id'] = issetVal( $_REQUEST['course_id'], '' );
 $_REQUEST['course_period_id'] = issetVal( $_REQUEST['course_period_id'], '' );
 $_REQUEST['include_child_mps'] = issetVal( $_REQUEST['include_child_mps'], '' );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 if ( $_REQUEST['modfunc'] !== 'students' )
 {
diff --git a/modules/Scheduling/UnfilledRequests.php b/modules/Scheduling/UnfilledRequests.php
index d3be42a63d4f44161f56e91232b0a977e7a9a9d9..9bd14f6688c200fe30147f22edd011cc5bd26411 100644
--- a/modules/Scheduling/UnfilledRequests.php
+++ b/modules/Scheduling/UnfilledRequests.php
@@ -11,7 +11,7 @@ if ( $_REQUEST['modname'] == 'Scheduling/UnfilledRequests.php' )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=modify" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=modify' ) . '" method="POST">';
 
 		DrawHeader( CheckBoxOnclick( 'include_seats', _( 'Show Available Seats' ) ) );
 
diff --git a/modules/Scheduling/includes/ClassSearchWidget.fnc.php b/modules/Scheduling/includes/ClassSearchWidget.fnc.php
index 9ee3b51f932d29d9d7cd818b8a77b4d57fb15278..afa53cea4fba76bff0eb58d32fc4bdd1d092504b 100644
--- a/modules/Scheduling/includes/ClassSearchWidget.fnc.php
+++ b/modules/Scheduling/includes/ClassSearchWidget.fnc.php
@@ -71,9 +71,9 @@ function _classSearchWidgetFindCourse( $extra )
 
 	PopTable( 'header', _( 'Find a Course' ) );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 		'&modfunc=' . $_REQUEST['modfunc'] . '&modfunc=list&next_modname=' .
-		issetVal( $_REQUEST['next_modname'], '' ) . '" method="POST">';
+		issetVal( $_REQUEST['next_modname'], '' )  ) . '" method="POST">';
 
 	echo '<table>';
 
diff --git a/modules/Scheduling/new_Requests.php b/modules/Scheduling/new_Requests.php
index 1a50c96017edf19a5e57c6c8f2e7e1ddbafbf5d1..0a146d8f84b5484bf2474121713e9c02f2168f60 100644
--- a/modules/Scheduling/new_Requests.php
+++ b/modules/Scheduling/new_Requests.php
@@ -67,7 +67,7 @@ if ( $_REQUEST['modfunc'] == 'choose' )
 	AND sr.STUDENT_ID='" . UserStudentID() . "'
 	AND sr.COURSE_ID=c.COURSE_ID", $functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=verify" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=verify' ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 
 	$columns = array( '' );
diff --git a/modules/School_Setup/AccessLog.php b/modules/School_Setup/AccessLog.php
index eb7851929c1213b9f61b97d3c7c5d980aae9dc44..74ac99a77bba605f2c5bd7fc4c3bb8cd53a10733 100644
--- a/modules/School_Setup/AccessLog.php
+++ b/modules/School_Setup/AccessLog.php
@@ -41,7 +41,7 @@ echo ErrorMessage( $note, 'note' );
 
 if ( ! $_REQUEST['modfunc'] )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="GET">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="GET">';
 
 	DrawHeader(
 		_( 'From' ) . ' ' . DateInput( $start_date, 'start', '', false, false ) . ' - ' .
@@ -67,7 +67,7 @@ if ( ! $_REQUEST['modfunc'] )
 		AND LOGIN_TIME <='" . $end_date . ' 23:59:59' . "'
 		ORDER BY LOGIN_TIME DESC", $access_logs_functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=delete" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=delete' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton( _( 'Clear Log' ), '', '' ) );
 
diff --git a/modules/School_Setup/Calendar.php b/modules/School_Setup/Calendar.php
index fbcfa02356c099aab6ddfbf6a054a5db84d2fcea..78f34f845b97d57e324d4df94c7dd059889455bd 100644
--- a/modules/School_Setup/Calendar.php
+++ b/modules/School_Setup/Calendar.php
@@ -593,7 +593,7 @@ if ( $_REQUEST['modfunc'] === 'detail' )
 				$RET[1]['SCHOOL_DATE'] = issetVal( $_REQUEST['school_date'] );
 			}
 
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=detail&event_id=' . $_REQUEST['event_id'] . '&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year'] . '" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=detail&event_id=' . $_REQUEST['event_id'] . '&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year']  ) . '" method="POST">';
 		}
 		// Assignment
 		elseif ( ! empty( $_REQUEST['assignment_id'] ) )
@@ -747,7 +747,7 @@ if ( $_REQUEST['modfunc'] === 'list_events' )
 			$end_date = DBDate();
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=' . $_REQUEST['modfunc'] . '&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=' . $_REQUEST['modfunc'] . '&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year']  ) . '" method="POST">';
 
 	DrawHeader( '<a href="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year'] ) . '" >' . _( 'Back to Calendar' ) . '</a>' );
 
@@ -930,7 +930,7 @@ if ( ! $_REQUEST['modfunc'] )
 		$calendar_RET = DBGet( $calendar_SQL, array(), array( 'SCHOOL_DATE' ) );
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 	// Admin Headers
 	if ( AllowEdit() )
diff --git a/modules/School_Setup/Configuration.php b/modules/School_Setup/Configuration.php
index e1bcd348895fab96ad386e780e686103effbb773..7602fb2534935651a96914837ff83d2424ddf826 100644
--- a/modules/School_Setup/Configuration.php
+++ b/modules/School_Setup/Configuration.php
@@ -148,7 +148,7 @@ else
 
 	if ( ! $_REQUEST['modfunc'] )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] . '&modfunc=update" method="POST" enctype="multipart/form-data">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] . '&modfunc=update' ) . '" method="POST" enctype="multipart/form-data">';
 
 		if ( AllowEdit() )
 		{
diff --git a/modules/School_Setup/CopySchool.php b/modules/School_Setup/CopySchool.php
index 279df577a1290b45834eba8f6c34eda352bac160..d82ccb248a1cb74d4724e1648a2bd6487980c2f7 100644
--- a/modules/School_Setup/CopySchool.php
+++ b/modules/School_Setup/CopySchool.php
@@ -78,7 +78,7 @@ if ( $go
 	}
 
 	// Print success message
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 	$note[] = button( 'check' ) .'&nbsp;' .
 		sprintf( _( 'The data have been copied to a new school called "%s".' ), $_REQUEST['title'] ) .
diff --git a/modules/School_Setup/DatabaseBackup.php b/modules/School_Setup/DatabaseBackup.php
index 2ca87967355b48d82ba5572020fc88e351852efd..59a8786e7b50f796162405fe97788c08564bef76 100644
--- a/modules/School_Setup/DatabaseBackup.php
+++ b/modules/School_Setup/DatabaseBackup.php
@@ -56,7 +56,7 @@ if ( ! $_REQUEST['modfunc'] )
 {
 	echo '<br />';
 	PopTable( 'header', _( 'Database Backup' ) );
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=backup&_ROSARIO_PDF=true" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=backup&_ROSARIO_PDF=true' ) . '" method="POST">';
 	echo '<br />';
 	echo _( 'Download backup files periodically in case of system failure.' );
 	echo '<br /><br />';
diff --git a/modules/School_Setup/GradeLevels.php b/modules/School_Setup/GradeLevels.php
index d02f06eaa65d0ec4ef73fe2b4f738ed2549667d2..b7b4e07215e8534eb38a0ca955716a6d2ca1c28b 100644
--- a/modules/School_Setup/GradeLevels.php
+++ b/modules/School_Setup/GradeLevels.php
@@ -115,7 +115,7 @@ if ( ! $_REQUEST['modfunc'] )
 		'NEXT_GRADE_ID' => _makeGradeInput( '', 'NEXT_GRADE_ID' ),
 	);
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/School_Setup/MarkingPeriods.php b/modules/School_Setup/MarkingPeriods.php
index 7a2007c2f3a1334d446dfc5625e96739ef6612ee..4681d4c8c3271fb06766876f036680e008d03f9b 100644
--- a/modules/School_Setup/MarkingPeriods.php
+++ b/modules/School_Setup/MarkingPeriods.php
@@ -450,7 +450,7 @@ if ( ! $_REQUEST['modfunc'] )
 		}
 	}
 
-	echo '<form action="' . $mp_href . '" method="POST">';
+	echo '<form action="' . URLEscape( $mp_href ) . '" method="POST">';
 
 	DrawHeader( $title, $delete_button . SubmitButton() );
 
diff --git a/modules/School_Setup/Periods.php b/modules/School_Setup/Periods.php
index 81b5405f08a602146f5b0a04a0ed14a0fd1ea021..e79555f492c90a446e5aeef1d40bb03830c7b1ba 100644
--- a/modules/School_Setup/Periods.php
+++ b/modules/School_Setup/Periods.php
@@ -150,7 +150,7 @@ if ( ! $_REQUEST['modfunc'] )
 		'BLOCK' => _makeTextInput( '', 'BLOCK' ),
 	); // 'ATTENDANCE'=>_makeCheckboxInput('','ATTENDANCE'),'START_TIME'=>_makeTimeInput('','START_TIME'),'END_TIME'=>_makeTimeInput('','END_TIME')
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/School_Setup/PortalNotes.php b/modules/School_Setup/PortalNotes.php
index 3da3c5f7b12748d9a4ee93db0817cb13a935b5ef..2398794c62e0eac76731a2a843b3434422fd17e2 100644
--- a/modules/School_Setup/PortalNotes.php
+++ b/modules/School_Setup/PortalNotes.php
@@ -244,7 +244,7 @@ if ( ! $_REQUEST['modfunc'] )
 	$link['remove']['link'] = 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=remove';
 	$link['remove']['variables'] = array( 'id' => 'ID' );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST" enctype="multipart/form-data" onsubmit="if (document.getElementById(\'FILE_ATTACHED_FILE\').value) document.getElementById(\'loading\').innerHTML=\'<span class=loading></span>\';">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST" enctype="multipart/form-data" onsubmit="if (document.getElementById(\'FILE_ATTACHED_FILE\').value) document.getElementById(\'loading\').innerHTML=\'<span class=loading></span>\';">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/School_Setup/PortalPolls.php b/modules/School_Setup/PortalPolls.php
index 08b5bdd1e62351fcf42f95de5e10695e5e696eda..c0cb7b51a5626fa6402cae89053142bf84da905d 100644
--- a/modules/School_Setup/PortalPolls.php
+++ b/modules/School_Setup/PortalPolls.php
@@ -282,7 +282,7 @@ if ( ! $_REQUEST['modfunc'] )
 	$link['remove']['link'] = 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=remove';
 	$link['remove']['variables'] = array( 'id' => 'ID' );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 
 	ListOutput( $polls_RET, $columns, 'Poll', 'Polls', $link );
diff --git a/modules/School_Setup/Rollover.php b/modules/School_Setup/Rollover.php
index 2a0cdc2ca0e5f66aa78ce38613928749e1f2c845..4dbcd129eb5a6c51147fec176c862171369dd118 100644
--- a/modules/School_Setup/Rollover.php
+++ b/modules/School_Setup/Rollover.php
@@ -154,7 +154,7 @@ if ( Prompt(
 		$error[] = _( 'You <i>must</i> roll users, school periods, marking periods, calendars, and report card codes at the same time or before rolling courses.' );
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 	if ( ! $error )
 	{
diff --git a/modules/School_Setup/Schools.php b/modules/School_Setup/Schools.php
index a001d5f9c49aa2ab478985efbdec51f200e08054..5dd0cf030147b08abfb6fc9296a3fda0e23911ef 100644
--- a/modules/School_Setup/Schools.php
+++ b/modules/School_Setup/Schools.php
@@ -169,7 +169,7 @@ if ( ! $_REQUEST['modfunc'] )
 	$schooldata = $schooldata[1];
 	$school_name = SchoolInfo( 'TITLE' );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST" enctype="multipart/form-data">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST" enctype="multipart/form-data">';
 
 	$delete_button = '';
 
diff --git a/modules/School_Setup/includes/Modules.inc.php b/modules/School_Setup/includes/Modules.inc.php
index 2439b7e820caee811eec9fa6abcf132d383eb6ae..f43a3a2c14ca7921f2a51d7218c05835dc9356d1 100644
--- a/modules/School_Setup/includes/Modules.inc.php
+++ b/modules/School_Setup/includes/Modules.inc.php
@@ -279,8 +279,8 @@ if ( ! $_REQUEST['modfunc'] )
 		&& is_writable( 'modules/' ) )
 	{
 		// @since 6.4 Add-on zip upload.
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] .
-			'&modfunc=upload" method="POST" enctype="multipart/form-data">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] .
+			'&modfunc=upload' ) . '" method="POST" enctype="multipart/form-data">';
 
 		echo button( 'add' ) . ' ';
 
diff --git a/modules/School_Setup/includes/Plugins.inc.php b/modules/School_Setup/includes/Plugins.inc.php
index ebf9439fec4e87f26478ab480b998b9811e141a4..94c4c99b44c412935ae23d17a925c222e6f80f0d 100644
--- a/modules/School_Setup/includes/Plugins.inc.php
+++ b/modules/School_Setup/includes/Plugins.inc.php
@@ -270,8 +270,8 @@ if ( ! $_REQUEST['modfunc'] )
 		&& is_writable( 'plugins/' ) )
 	{
 		// @since 6.4 Add-on zip upload.
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] .
-			'&modfunc=upload" method="POST" enctype="multipart/form-data">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] .
+			'&modfunc=upload' ) . '" method="POST" enctype="multipart/form-data">';
 
 		echo button( 'add' ) . ' ';
 
diff --git a/modules/Student_Billing/DailyTotals.php b/modules/Student_Billing/DailyTotals.php
index 52516528797f787c8a1e4487fd47ba4b714abefb..0872712aa4e17a2749ed2eb0f8c2ff813537658c 100644
--- a/modules/Student_Billing/DailyTotals.php
+++ b/modules/Student_Billing/DailyTotals.php
@@ -14,7 +14,7 @@ $start_date = RequestedDate( 'start', date( 'Y-m' ) . '-01' );
 // Set end date.
 $end_date = RequestedDate( 'end', DBDate() );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="GET">';
 
 DrawHeader( _( 'Report Timeframe' ) . ': ' .
 	PrepareDate( $start_date, '_start' ) . ' ' . _( 'to' ) . ' ' .
diff --git a/modules/Student_Billing/DailyTransactions.php b/modules/Student_Billing/DailyTransactions.php
index c9bc270ed1fd35f0034bab3a07c1206f6e7fca2f..6a92ac7881d17387808a9c56d04a6f3bf9bb6a8e 100644
--- a/modules/Student_Billing/DailyTransactions.php
+++ b/modules/Student_Billing/DailyTransactions.php
@@ -8,7 +8,7 @@ $start_date = RequestedDate( 'start', date( 'Y-m' ) . '-01' );
 // Set end date.
 $end_date = RequestedDate( 'end', DBDate() );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="GET">';
 
 DrawHeader( _( 'Report Timeframe' ) . ': ' . PrepareDate( $start_date, '_start', false ) .
 	' ' . _( 'to' ) . ' ' . PrepareDate( $end_date, '_end', false ) . Buttons( _( 'Go' ) ) );
diff --git a/modules/Student_Billing/MassAssignFees.php b/modules/Student_Billing/MassAssignFees.php
index a9663402abd91850517d1094111c66639bfe91f0..5cc174bbf297a477388df391c4cf408178827fce 100644
--- a/modules/Student_Billing/MassAssignFees.php
+++ b/modules/Student_Billing/MassAssignFees.php
@@ -54,7 +54,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 		DrawHeader( '', SubmitButton( _( 'Add Fee to Selected Students' ) ) );
 
 		echo '<br />';
diff --git a/modules/Student_Billing/MassAssignPayments.php b/modules/Student_Billing/MassAssignPayments.php
index 9cb007db247caff11bf6fec9c594da359b543eb3..b7e156483bbb4743e603fccbc2fe2e3677b20f36 100644
--- a/modules/Student_Billing/MassAssignPayments.php
+++ b/modules/Student_Billing/MassAssignPayments.php
@@ -60,7 +60,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton( _( 'Add Payment to Selected Students' ) ) );
 
diff --git a/modules/Student_Billing/StudentFees.php b/modules/Student_Billing/StudentFees.php
index 8a168cc4a3e898142c6bcb3ecd8c4c51d90361f4..d1389c733d7ce9fbf34887a5316e9efc17296c58 100644
--- a/modules/Student_Billing/StudentFees.php
+++ b/modules/Student_Billing/StudentFees.php
@@ -193,7 +193,7 @@ if ( UserStudentID()
 
 	if ( empty( $_REQUEST['print_statements'] ) )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 		//DrawStudentHeader();
 
 		if ( AllowEdit() )
diff --git a/modules/Student_Billing/StudentPayments.php b/modules/Student_Billing/StudentPayments.php
index e7fb93a4e9630ff83ed4cf291cb958a94cb2fc00..64e9d179942225e74f2f7003f6e9d5fbd33eab36 100644
--- a/modules/Student_Billing/StudentPayments.php
+++ b/modules/Student_Billing/StudentPayments.php
@@ -204,7 +204,7 @@ if ( UserStudentID()
 
 	if ( empty( $_REQUEST['print_statements'] ) )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 		if ( AllowEdit() )
 		{
diff --git a/modules/Students/AddUsers.php b/modules/Students/AddUsers.php
index ee340a7257a6b0dfe390867090b62b006505d278..d24fc46812861002011fbb77103d23e0a8c0965a 100644
--- a/modules/Students/AddUsers.php
+++ b/modules/Students/AddUsers.php
@@ -73,7 +73,7 @@ if ( ! $_REQUEST['modfunc'] )
 	{
 		if ( $_REQUEST['search_modfunc'] === 'list' )
 		{
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 			DrawHeader( '', SubmitButton( _( 'Add Selected Parents' ) ) );
 		}
diff --git a/modules/Students/AssignOtherInfo.php b/modules/Students/AssignOtherInfo.php
index 49db72a14b9bee64119116ebb0ca67e1ca465d42..f07153353dee50820773ce29bc511dbaba85b964 100644
--- a/modules/Students/AssignOtherInfo.php
+++ b/modules/Students/AssignOtherInfo.php
@@ -206,7 +206,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 		DrawHeader( '', SubmitButton() );
 		echo '<br />';
 
diff --git a/modules/Students/EnrollmentCodes.php b/modules/Students/EnrollmentCodes.php
index f1f3ccf18a24019262b873c01ae7db3ef357fd16..326d32d15d9507b9cff7bb826a7588bf25bf08b2 100644
--- a/modules/Students/EnrollmentCodes.php
+++ b/modules/Students/EnrollmentCodes.php
@@ -128,7 +128,7 @@ if ( ! $_REQUEST['modfunc'] )
 	$link['remove']['link'] = 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=remove';
 	$link['remove']['variables'] = array( 'id' => _( 'ID' ) );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 
 	ListOutput( $codes_RET, $columns, 'Enrollment Code', 'Enrollment Codes', $link );
diff --git a/modules/Students/Letters.php b/modules/Students/Letters.php
index 055681135b4b2c266c66c3a13b3895d6aa5f819e..e1d238b3810493725b37b63cb13f82d3edb7d642 100644
--- a/modules/Students/Letters.php
+++ b/modules/Students/Letters.php
@@ -160,9 +160,9 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&include_inactive=' .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&include_inactive=' .
 			issetVal( $_REQUEST['include_inactive'], '' ) . '&_search_all_schools=' .
-			issetVal( $_REQUEST['_search_all_schools'], '' ) . '&_ROSARIO_PDF=true" method="POST">';
+			issetVal( $_REQUEST['_search_all_schools'], '' ) . '&_ROSARIO_PDF=true' ) . '" method="POST">';
 
 		$extra['header_right'] = SubmitButton( _( 'Print Letters for Selected Students' ) );
 
diff --git a/modules/Students/PrintStudentInfo.php b/modules/Students/PrintStudentInfo.php
index 53b27829a419537c14d3dcaa6f770081fa2c857d..924caab93efd7b886e10ab568db2cff95407113c 100644
--- a/modules/Students/PrintStudentInfo.php
+++ b/modules/Students/PrintStudentInfo.php
@@ -277,9 +277,9 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&include_inactive=' .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&include_inactive=' .
 			issetVal( $_REQUEST['include_inactive'], '' ) . '&_search_all_schools=' .
-			issetVal( $_REQUEST['_search_all_schools'], '' ) . '&_ROSARIO_PDF=true" method="POST">';
+			issetVal( $_REQUEST['_search_all_schools'], '' ) . '&_ROSARIO_PDF=true' ) . '" method="POST">';
 
 		$extra['header_right'] = SubmitButton( _( 'Print Info for Selected Students' ) );
 
diff --git a/modules/Students/Search.inc.php b/modules/Students/Search.inc.php
index 032bcfdb4a61da51e693e9f15c7fb86c226bd6ff..1a8f426d72a36d394d260e6a44ca759978e6d0d5 100644
--- a/modules/Students/Search.inc.php
+++ b/modules/Students/Search.inc.php
@@ -36,11 +36,11 @@ if ( empty( $_REQUEST['search_modfunc'] ) )
 				! empty( $extra['search_title'] ) ? $extra['search_title'] : _( 'Find a Student' )
 			);
 
-			echo '<form name="search" id="search" action="Modules.php?modname=' . $_REQUEST['modname'] .
+			echo '<form name="search" id="search" action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 				'&modfunc=' . $_REQUEST['modfunc'] .
 				'&search_modfunc=list&next_modname=' . $_REQUEST['next_modname'] .
 				'&advanced=' . ( ! empty( $_REQUEST['advanced'] ) ? $_REQUEST['advanced'] : '' ) .
-				( ! empty( $extra['action'] ) ? $extra['action'] : '' ) . '" method="GET">';
+				( ! empty( $extra['action'] ) ? $extra['action'] : '' )  ) . '" method="GET">';
 
 			echo '<table class="width-100p col1-align-right" id="general_table">';
 
@@ -158,8 +158,8 @@ if ( empty( $_REQUEST['search_modfunc'] ) )
 
 			PopTable( 'header', _( 'Search' ) );
 
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=' . $_REQUEST['modfunc'] .
-				'&search_modfunc=list&next_modname=' . $_REQUEST['next_modname'] . $extra['action'] . '" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=' . $_REQUEST['modfunc'] .
+				'&search_modfunc=list&next_modname=' . $_REQUEST['next_modname'] . $extra['action']  ) . '" method="POST">';
 			echo '<table>';
 
 			if ( $extra['search'] )
diff --git a/modules/Students/StudentLabels.php b/modules/Students/StudentLabels.php
index ac37e220338d2da78ce27833da58af2140cda767..bc211d92329224bdf92113b501febc8dc1f6f8e8 100644
--- a/modules/Students/StudentLabels.php
+++ b/modules/Students/StudentLabels.php
@@ -50,7 +50,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' .
+		$action = 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' .
 			( empty( $_REQUEST['include_inactive'] ) ?
 				'' :
 				'&include_inactive=' . $_REQUEST['include_inactive'] ) .
@@ -65,7 +65,9 @@ if ( ! $_REQUEST['modfunc'] )
 					'' :
 					'&w_course_period_id=' . $_REQUEST['w_course_period_id'] ) :
 				'' ) .
-			'&_ROSARIO_PDF=true" method="POST">';
+			'&_ROSARIO_PDF=true';
+
+		echo '<form action="' . URLEscape( $action ) . '" method="POST">';
 
 		$extra['header_right'] = Buttons( _( 'Create Labels for Selected Students' ) );
 
diff --git a/modules/Users/AddStudents.php b/modules/Users/AddStudents.php
index 191f41e671a2a0619eaee6ead70a91625f47069e..f23a1cd9cf00b9813819f16f33220828c39fbdad 100644
--- a/modules/Users/AddStudents.php
+++ b/modules/Users/AddStudents.php
@@ -94,7 +94,7 @@ if ( ! $_REQUEST['modfunc'] )
 	{
 		if ( $_REQUEST['search_modfunc'] === 'list' )
 		{
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 			DrawHeader( '', SubmitButton( _( 'Add Selected Students' ) ) );
 		}
 
diff --git a/modules/Users/Exceptions.php b/modules/Users/Exceptions.php
index 375caa541f38c5657179c8ca073a06a656e11a38..2c6eca6e0cf17ab8b65490fea762562f5a68afdb 100644
--- a/modules/Users/Exceptions.php
+++ b/modules/Users/Exceptions.php
@@ -159,7 +159,7 @@ if ( UserStaffID()
 
 	if ( ! $staff_RET[1]['PROFILE_ID'] )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 		DrawHeader( _( 'Select the programs with which this user can use and save information.' ), SubmitButton() );
 		echo '<br />';
 		PopTable( 'header', _( 'Permissions' ) );
diff --git a/modules/Users/Preferences.php b/modules/Users/Preferences.php
index 49cad459f45d78e381e5c9a1b5f7ea61ec42aa0a..b23e85f362b46391322f506ef7df78c16e5bae22 100644
--- a/modules/Users/Preferences.php
+++ b/modules/Users/Preferences.php
@@ -122,7 +122,7 @@ if ( ! $_REQUEST['modfunc'] )
 		$_REQUEST['tab'] = 'password';
 	}
 
-	echo Form( 'Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] );
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] ) . '" method="POST">';
 
 	DrawHeader( '', Buttons( _( 'Save' ) ) );
 
diff --git a/modules/Users/Profiles.php b/modules/Users/Profiles.php
index c84faf77e05659d7352f3f9f57fd2cd01ec982ea..54c6794c0311e8e5dd3033fab6a0fbbc064bc903 100644
--- a/modules/Users/Profiles.php
+++ b/modules/Users/Profiles.php
@@ -251,7 +251,7 @@ if ( $_REQUEST['modfunc']
 
 if ( $_REQUEST['modfunc'] != 'delete' )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&profile_id=' . $_REQUEST['profile_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&profile_id=' . $_REQUEST['profile_id']  ) . '" method="POST">';
 	DrawHeader( _( 'Select the programs that users of this profile can use and which programs those users can use to save information.' ), SubmitButton() );
 	echo '<br />';
 	echo '<table><tr class="st"><td class="valign-top">';
diff --git a/modules/Users/Search.inc.php b/modules/Users/Search.inc.php
index eb8ab23ca65328d4f3903c832db48534ec586f67..dee78d94ba7bf68b97577b55abfbaffa484fabbf 100644
--- a/modules/Users/Search.inc.php
+++ b/modules/Users/Search.inc.php
@@ -30,11 +30,11 @@ if ( empty( $_REQUEST['search_modfunc'] ) )
 				! empty( $extra['search_title'] ) ? $extra['search_title'] : _( 'Find a User' )
 			);
 
-			echo '<form name="search" id="search" action="Modules.php?modname=' . $_REQUEST['modname'] .
+			echo '<form name="search" id="search" action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 				'&modfunc=' . $_REQUEST['modfunc'] .
 				'&search_modfunc=list&next_modname=' . $_REQUEST['next_modname'] .
 				'&advanced=' . issetVal( $_REQUEST['advanced'], '' ) .
-				issetVal( $extra['action'], '' ) . '" method="GET">';
+				issetVal( $extra['action'], '' )  ) . '" method="GET">';
 
 			echo '<table class="width-100p col1-align-right" id="general_table">';
 
diff --git a/modules/Users/TeacherPrograms.php b/modules/Users/TeacherPrograms.php
index a920428dd3ef40abdae1421d5f73a2e2b37d039d..d44bb729faba6a8c6e9d6072d1cd13b03eac1c0d 100644
--- a/modules/Users/TeacherPrograms.php
+++ b/modules/Users/TeacherPrograms.php
@@ -35,7 +35,7 @@ Search( 'staff_id', $extra );
 
 if ( UserStaffID() )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 	// FJ multiple school periods for a course period
 	//$QI = DBQuery("SELECT cp.PERIOD_ID,cp.COURSE_PERIOD_ID,sp.TITLE,sp.SHORT_NAME,cp.MARKING_PERIOD_ID,cp.DAYS,c.TITLE AS COURSE_TITLE FROM COURSE_PERIODS cp,SCHOOL_PERIODS sp,COURSES c WHERE c.COURSE_ID=cp.COURSE_ID AND cp.PERIOD_ID=sp.PERIOD_ID AND cp.SYEAR='".UserSyear()."' AND cp.SCHOOL_ID='".UserSchool()."' AND cp.TEACHER_ID='".UserStaffID()."' AND cp.MARKING_PERIOD_ID IN (".GetAllMP('QTR',UserMP()).") ORDER BY sp.SORT_ORDER");
diff --git a/plugins/Moodle/config.inc.php b/plugins/Moodle/config.inc.php
index a854ffaf5493070f45d0943e0072e8a2ca7e110a..4c8e987aa0d4dab6c7db448418050f1f9b4101b8 100644
--- a/plugins/Moodle/config.inc.php
+++ b/plugins/Moodle/config.inc.php
@@ -130,8 +130,8 @@ if ( ! empty( $_REQUEST['import_users'] ) )
 	}
 	else
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-			'&tab=plugins&modfunc=config&plugin=Moodle&import_users=true" method="POST" class="import-users-form">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+			'&tab=plugins&modfunc=config&plugin=Moodle&import_users=true' ) . '" method="POST" class="import-users-form">';
 
 		DrawHeader(
 			'',
@@ -202,8 +202,8 @@ if ( empty( $_REQUEST['save'] )
 		ErrorMessage( $error, 'fatal' );
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-		'&tab=plugins&modfunc=config&plugin=Moodle&save=true" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+		'&tab=plugins&modfunc=config&plugin=Moodle&save=true' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
@@ -275,8 +275,8 @@ if ( empty( $_REQUEST['save'] )
 
 	echo '</div></form>';
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-		'&tab=plugins&modfunc=config&plugin=Moodle&import_users=true" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+		'&tab=plugins&modfunc=config&plugin=Moodle&import_users=true' ) . '" method="POST">';
 
 	echo '<br /><div class="center">';