From 89ae9de732024e3a2e99262aa98b400a1aa6975a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Jacquet?=
 <francoisjacquet@users.noreply.github.com>
Date: Tue, 14 Jul 2020 12:52:43 +0200
Subject: [PATCH] Fix #291 XSS Use URLEscape() for forms action

---
 CHANGES.md                                         |  1 +
 modules/Accounting/DailyTotals.php                 |  2 +-
 modules/Accounting/DailyTransactions.php           |  2 +-
 modules/Accounting/Expenses.php                    |  2 +-
 modules/Accounting/Incomes.php                     |  2 +-
 modules/Accounting/Salaries.php                    |  2 +-
 modules/Accounting/StaffPayments.php               |  2 +-
 modules/Attendance/AddAbsences.php                 |  2 +-
 modules/Attendance/Administration_fast.old.php     |  4 ++--
 modules/Attendance/AttendanceCodes.php             |  2 +-
 modules/Attendance/DuplicateAttendance.php         |  2 +-
 modules/Attendance/Percent.php                     |  2 +-
 modules/Attendance/TakeAttendance.php              | 10 +++++-----
 modules/Attendance/TeacherCompletion.php           |  2 +-
 modules/Custom/AttendanceSummary.php               |  4 ++--
 modules/Custom/CreateParents.php                   |  4 ++--
 modules/Custom/NotifyParents.php                   |  2 +-
 modules/Custom/Registration.php                    |  4 ++--
 modules/Custom/RemoveAccess.php                    |  4 ++--
 modules/Discipline/DisciplineForm.php              |  2 +-
 modules/Discipline/MakeReferral.php                |  4 ++--
 modules/Discipline/Referrals.php                   |  2 +-
 modules/Eligibility/Activities.php                 |  2 +-
 modules/Eligibility/AddActivity.php                |  2 +-
 modules/Eligibility/EnterEligibility.php           |  2 +-
 modules/Eligibility/EntryTimes.php                 |  2 +-
 modules/Eligibility/Student.php                    |  4 ++--
 modules/Eligibility/TeacherCompletion.php          |  2 +-
 modules/Food_Service/AssignSchool.php              |  2 +-
 modules/Food_Service/DailyMenus.php                |  4 ++--
 modules/Food_Service/MenuItems.php                 |  2 +-
 modules/Food_Service/Menus.php                     |  2 +-
 modules/Food_Service/Students/Accounts.php         |  2 +-
 modules/Food_Service/Students/Reminders.php        |  2 +-
 modules/Food_Service/Students/ServeMenus.php       |  4 ++--
 modules/Food_Service/Students/Transactions.php     |  2 +-
 modules/Food_Service/TakeMenuCounts.php            |  8 ++++----
 modules/Food_Service/TeacherCompletion.php         |  4 ++--
 modules/Food_Service/Users/Accounts.php            |  4 ++--
 modules/Food_Service/Users/Reminders.php           |  2 +-
 modules/Food_Service/Users/ServeMenus.php          |  4 ++--
 modules/Food_Service/Users/Transactions.php        |  2 +-
 modules/Grades/AnomalousGrades.php                 |  2 +-
 modules/Grades/Assignments-new.php                 |  2 +-
 modules/Grades/Assignments.php                     | 12 ++++++------
 modules/Grades/Configuration.php                   |  2 +-
 modules/Grades/EditHistoryMarkingPeriods.php       |  2 +-
 modules/Grades/EditReportCardGrades.php            |  8 ++++----
 modules/Grades/FinalGrades.php                     |  4 ++--
 modules/Grades/GradeBreakdown.php                  |  2 +-
 modules/Grades/Grades.php                          |  2 +-
 modules/Grades/HonorRoll.php                       |  4 ++--
 modules/Grades/InputFinalGrades.php                |  4 ++--
 modules/Grades/MassCreateAssignments.php           |  4 ++--
 modules/Grades/ProgressReports.php                 |  4 ++--
 modules/Grades/ReportCardCommentCodes.php          |  4 ++--
 modules/Grades/ReportCardComments.php              |  4 ++--
 modules/Grades/ReportCardGrades.php                |  2 +-
 modules/Grades/TeacherCompletion.php               |  2 +-
 modules/Grades/Transcripts.php                     |  2 +-
 modules/Resources/Resources.php                    |  2 +-
 modules/Scheduling/Courses.php                     | 14 +++++++-------
 modules/Scheduling/IncompleteSchedules.php         |  2 +-
 modules/Scheduling/MassDrops.php                   |  2 +-
 modules/Scheduling/MassRequests.php                |  2 +-
 modules/Scheduling/MassSchedule.php                |  2 +-
 modules/Scheduling/Menu.php                        |  8 ++++----
 modules/Scheduling/PrintClassLists.php             |  4 ++--
 modules/Scheduling/PrintClassPictures.php          |  2 +-
 modules/Scheduling/PrintSchedules.php              |  4 ++--
 modules/Scheduling/Requests.php                    |  2 +-
 modules/Scheduling/Schedule.php                    |  2 +-
 modules/Scheduling/ScheduleReport.php              |  2 +-
 modules/Scheduling/UnfilledRequests.php            |  2 +-
 .../Scheduling/includes/ClassSearchWidget.fnc.php  |  4 ++--
 modules/Scheduling/new_Requests.php                |  2 +-
 modules/School_Setup/AccessLog.php                 |  4 ++--
 modules/School_Setup/Calendar.php                  |  6 +++---
 modules/School_Setup/Configuration.php             |  2 +-
 modules/School_Setup/CopySchool.php                |  2 +-
 modules/School_Setup/DatabaseBackup.php            |  2 +-
 modules/School_Setup/GradeLevels.php               |  2 +-
 modules/School_Setup/MarkingPeriods.php            |  2 +-
 modules/School_Setup/Periods.php                   |  2 +-
 modules/School_Setup/PortalNotes.php               |  2 +-
 modules/School_Setup/PortalPolls.php               |  2 +-
 modules/School_Setup/Rollover.php                  |  2 +-
 modules/School_Setup/Schools.php                   |  2 +-
 modules/School_Setup/includes/Modules.inc.php      |  4 ++--
 modules/School_Setup/includes/Plugins.inc.php      |  4 ++--
 modules/Student_Billing/DailyTotals.php            |  2 +-
 modules/Student_Billing/DailyTransactions.php      |  2 +-
 modules/Student_Billing/MassAssignFees.php         |  2 +-
 modules/Student_Billing/MassAssignPayments.php     |  2 +-
 modules/Student_Billing/StudentFees.php            |  2 +-
 modules/Student_Billing/StudentPayments.php        |  2 +-
 modules/Students/AddUsers.php                      |  2 +-
 modules/Students/AssignOtherInfo.php               |  2 +-
 modules/Students/EnrollmentCodes.php               |  2 +-
 modules/Students/Letters.php                       |  4 ++--
 modules/Students/PrintStudentInfo.php              |  4 ++--
 modules/Students/Search.inc.php                    |  8 ++++----
 modules/Students/StudentLabels.php                 |  6 ++++--
 modules/Users/AddStudents.php                      |  2 +-
 modules/Users/Exceptions.php                       |  2 +-
 modules/Users/Preferences.php                      |  2 +-
 modules/Users/Profiles.php                         |  2 +-
 modules/Users/Search.inc.php                       |  4 ++--
 modules/Users/TeacherPrograms.php                  |  2 +-
 plugins/Moodle/config.inc.php                      | 12 ++++++------
 110 files changed, 175 insertions(+), 172 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index cb0f37b7..0e06a775 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -8,6 +8,7 @@ Changes in 6.8
 - Fix Sunday is number 7 in EntryTimes.php
 - Fix SQL error multiple rows returned by subquery in CreateParents.php
 - Fix #291 XSS Use URLEscape() for links href, program wide
+- Fix #291 XSS Use URLEscape() for forms action, program wide
 - Fix hide remove button for "No Address" in Address.inc.php
 - Prompt() make Cancel primary button in Prompts.php
 - Fix SQL error foreign keys: Roll again Courses when rolling Marking Periods in Rollover.php
diff --git a/modules/Accounting/DailyTotals.php b/modules/Accounting/DailyTotals.php
index 49ab1f77..a4abf705 100644
--- a/modules/Accounting/DailyTotals.php
+++ b/modules/Accounting/DailyTotals.php
@@ -14,7 +14,7 @@ $start_date = RequestedDate( 'start', date( 'Y-m' ) . '-01' );
 // Set end date.
 $end_date = RequestedDate( 'end', DBDate() );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&accounting=" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&accounting=' ) . '" method="GET">';
 
 
 $header_checkboxes = '<label><input type="checkbox" value="true" name="accounting" id="accounting" ' .
diff --git a/modules/Accounting/DailyTransactions.php b/modules/Accounting/DailyTransactions.php
index 00d2805b..7a299b9a 100644
--- a/modules/Accounting/DailyTransactions.php
+++ b/modules/Accounting/DailyTransactions.php
@@ -7,7 +7,7 @@ $start_date = RequestedDate( 'start', date( 'Y-m' ) . '-01' );
 // Set end date.
 $end_date = RequestedDate( 'end', DBDate() );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&accounting=" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&accounting=' ) . '" method="GET">';
 
 $header_checkboxes = '<label><input type="checkbox" value="true" name="accounting" id="accounting" ' .
 ( ! isset( $_REQUEST['accounting'] )
diff --git a/modules/Accounting/Expenses.php b/modules/Accounting/Expenses.php
index 7990d44b..5fcde321 100644
--- a/modules/Accounting/Expenses.php
+++ b/modules/Accounting/Expenses.php
@@ -143,7 +143,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( ! $_REQUEST['print_statements'] && AllowEdit() )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 		DrawHeader( '', SubmitButton() );
 		$options = array();
 	}
diff --git a/modules/Accounting/Incomes.php b/modules/Accounting/Incomes.php
index 2caaa221..bdbbf021 100644
--- a/modules/Accounting/Incomes.php
+++ b/modules/Accounting/Incomes.php
@@ -136,7 +136,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( empty( $_REQUEST['print_statements'] ) )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 		if ( AllowEdit() )
 		{
diff --git a/modules/Accounting/Salaries.php b/modules/Accounting/Salaries.php
index ddd09814..b2e7ea6f 100644
--- a/modules/Accounting/Salaries.php
+++ b/modules/Accounting/Salaries.php
@@ -138,7 +138,7 @@ if ( UserStaffID() && ! $_REQUEST['modfunc'] )
 
 	if ( empty( $_REQUEST['print_statements'] ) )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 		if ( AllowEdit() )
 		{
diff --git a/modules/Accounting/StaffPayments.php b/modules/Accounting/StaffPayments.php
index 9a312165..f55daf40 100644
--- a/modules/Accounting/StaffPayments.php
+++ b/modules/Accounting/StaffPayments.php
@@ -156,7 +156,7 @@ if ( UserStaffID() && ! $_REQUEST['modfunc'] )
 	if ( empty( $_REQUEST['print_statements'] )
 		&& AllowEdit() )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 		DrawHeader( '', SubmitButton() );
 		$options = array();
 	}
diff --git a/modules/Attendance/AddAbsences.php b/modules/Attendance/AddAbsences.php
index cf693552..58529d76 100644
--- a/modules/Attendance/AddAbsences.php
+++ b/modules/Attendance/AddAbsences.php
@@ -155,7 +155,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton( _( 'Add Absences to Selected Students' ) ) );
 
diff --git a/modules/Attendance/Administration_fast.old.php b/modules/Attendance/Administration_fast.old.php
index 82692d70..e5b53b0f 100644
--- a/modules/Attendance/Administration_fast.old.php
+++ b/modules/Attendance/Administration_fast.old.php
@@ -99,7 +99,7 @@ if ( isset( $_REQUEST['student_id'] ) && $_REQUEST['student_id'] !== 'new' )
 	ORDER BY p.SORT_ORDER", $functions );
 
 	$columns = array( 'PERIOD_TITLE' => _( 'Period' ), 'COURSE' => _( 'Course' ), 'ATTENDANCE_CODE' => _( 'Attendance Code' ), 'ATTENDANCE_TEACHER_CODE' => _( 'Teacher\'s Entry' ), 'ATTENDANCE_REASON' => _( 'Comments' ) );
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=student&student_id=' . $_REQUEST['student_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=student&student_id=' . $_REQUEST['student_id']  ) . '" method="POST">';
 	DrawHeader( ProgramTitle(), '<input type="submit" value="' . _( 'Update' ) . '" />' );
 	DrawHeader( PrepareDate( $date, '_date' ) );
 	ListOutput( $schedule_RET, $columns, _( 'Course' ), _( 'Courses' ) );
@@ -186,7 +186,7 @@ else
 		$extra['columns_after']['PERIOD_' . $period['PERIOD_ID']] = $period['SHORT_NAME'];
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 	DrawHeader( ProgramTitle(), '<input type="submit" value="' . _( 'Update' ) . '" />' );
 
 	if ( $REQ_codes )
diff --git a/modules/Attendance/AttendanceCodes.php b/modules/Attendance/AttendanceCodes.php
index d085ef8c..7faf2fcf 100644
--- a/modules/Attendance/AttendanceCodes.php
+++ b/modules/Attendance/AttendanceCodes.php
@@ -258,7 +258,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$LO_RET = DBGet( $sql, $functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&table=' . $_REQUEST['table'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&table=' . $_REQUEST['table']  ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 	echo '<br />';
 
diff --git a/modules/Attendance/DuplicateAttendance.php b/modules/Attendance/DuplicateAttendance.php
index e0044b78..3d865460 100644
--- a/modules/Attendance/DuplicateAttendance.php
+++ b/modules/Attendance/DuplicateAttendance.php
@@ -235,7 +235,7 @@ if ( isset( $_REQUEST['search_modfunc'] )
 
 		echo ErrorMessage( $note, 'note' );
 
-		echo '<form action="Modules.php?modname=Attendance/DuplicateAttendance.php&modfunc=&search_modfunc=list&next_modname=Attendance/DuplicateAttendance.php&delete=true" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=Attendance/DuplicateAttendance.php&modfunc=&search_modfunc=list&next_modname=Attendance/DuplicateAttendance.php&delete=true' ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton( _( 'Delete' ) ) );
 
diff --git a/modules/Attendance/Percent.php b/modules/Attendance/Percent.php
index 9f5b92b1..62dd82d2 100644
--- a/modules/Attendance/Percent.php
+++ b/modules/Attendance/Percent.php
@@ -46,7 +46,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$extra['WHERE'] .= CustomFields( 'where', 'student', $extra );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&list_by_day=' . $_REQUEST['list_by_day'] . '" method="GET">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&list_by_day=' . $_REQUEST['list_by_day']  ) . '" method="GET">';
 
 	$advanced_link = 'Modules.php?modname=' . $_REQUEST['modname'] .
 		'&modfunc=search&list_by_day=' . $_REQUEST['list_by_day'] .
diff --git a/modules/Attendance/TakeAttendance.php b/modules/Attendance/TakeAttendance.php
index c7ed111e..cf7c152d 100644
--- a/modules/Attendance/TakeAttendance.php
+++ b/modules/Attendance/TakeAttendance.php
@@ -37,7 +37,7 @@ if ( empty(  $categories_RET  ) )
 		DrawHeader( $cp_title );
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&table=' . $_REQUEST['table'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&table=' . $_REQUEST['table']  ) . '" method="POST">';
 	DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ) );
 	echo '</form>';
 
@@ -126,8 +126,8 @@ if ( $fatal_warning )
 		DrawHeader( $cp_title );
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-		'&table=' . $_REQUEST['table'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+		'&table=' . $_REQUEST['table']  ) . '" method="POST">';
 
 	DrawHeader(
 		PrepareDate(
@@ -336,8 +336,8 @@ if ( ! empty( $daily_comment ) )
 	);
 }
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-	'&table=' . $_REQUEST['table'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+	'&table=' . $_REQUEST['table']  ) . '" method="POST">';
 
 DrawHeader( $cp_title, SubmitButton() );
 
diff --git a/modules/Attendance/TeacherCompletion.php b/modules/Attendance/TeacherCompletion.php
index ed812571..435967bc 100644
--- a/modules/Attendance/TeacherCompletion.php
+++ b/modules/Attendance/TeacherCompletion.php
@@ -49,7 +49,7 @@ foreach ( (array) $periods_RET as $id => $period )
 
 $period_select .= "</select>";
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="GET">';
 DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ) . ' - ' . $period_select );
 DrawHeader( '', $category_select );
 echo '</form>';
diff --git a/modules/Custom/AttendanceSummary.php b/modules/Custom/AttendanceSummary.php
index 2b00dc9a..a0da98e2 100644
--- a/modules/Custom/AttendanceSummary.php
+++ b/modules/Custom/AttendanceSummary.php
@@ -281,9 +281,9 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 			'&modfunc=save&include_inactive=' . issetVal( $_REQUEST['include_inactive'], '' ) .
-			'&_ROSARIO_PDF=true" method="POST">';
+			'&_ROSARIO_PDF=true' ) . '" method="POST">';
 
 		$extra['header_right'] = SubmitButton( _( 'Create Attendance Report for Selected Students' ) );
 	}
diff --git a/modules/Custom/CreateParents.php b/modules/Custom/CreateParents.php
index 815b6e55..f9e8998a 100644
--- a/modules/Custom/CreateParents.php
+++ b/modules/Custom/CreateParents.php
@@ -40,7 +40,7 @@ elseif ( isset( $_POST['email_column'] ) )
 
 if ( empty( $email_column ) )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 	//get Student / Address fields
 	$student_columns = DBGet( "SELECT 's.CUSTOM_' || f.ID AS COLUMN, f.TITLE, c.TITLE AS CATEGORY
@@ -344,7 +344,7 @@ if ( ! $_REQUEST['modfunc'] && ! empty( $email_column ) )
 {
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		$extra['header_right'] = SubmitButton( _( 'Create Parent Accounts for Selected Students' ) );
 
diff --git a/modules/Custom/NotifyParents.php b/modules/Custom/NotifyParents.php
index 5adf6da7..66ddcf9c 100644
--- a/modules/Custom/NotifyParents.php
+++ b/modules/Custom/NotifyParents.php
@@ -139,7 +139,7 @@ if ( ! $_REQUEST['modfunc'] || $_REQUEST['search_modfunc'] === 'list' )
 {
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 		$extra['header_right'] = SubmitButton( _( 'Notify Selected Parents' ) );
 
 		$extra['extra_header_left'] = '<table class="width-100p">';
diff --git a/modules/Custom/Registration.php b/modules/Custom/Registration.php
index ac38106d..53d2cd6f 100644
--- a/modules/Custom/Registration.php
+++ b/modules/Custom/Registration.php
@@ -58,7 +58,7 @@ if ( User( 'PROFILE' ) === 'admin' )
 
 		echo ErrorMessage( $error );
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		// Preview header.
 		DrawHeader( RegistrationAdminPreviewHeader(), SubmitButton() );
@@ -163,7 +163,7 @@ else
 
 		echo ErrorMessage( $error );
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		DrawHeader( RegistrationIntroHeader(), SubmitButton() );
 
diff --git a/modules/Custom/RemoveAccess.php b/modules/Custom/RemoveAccess.php
index 9989952a..d3ee3d6d 100644
--- a/modules/Custom/RemoveAccess.php
+++ b/modules/Custom/RemoveAccess.php
@@ -98,10 +98,10 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 			'&modfunc=save&include_inactive=' . issetVal( $_REQUEST['include_inactive'], '' ) .
 			'&_search_all_schools=' . issetVal( $_REQUEST['_search_all_schools'], '' ) .
-			'&accessfunc=' . $accessfunc . '" method="POST">';
+			'&accessfunc=' . $accessfunc  ) . '" method="POST">';
 
 		$extra['header_right'] = SubmitButton( $button_label );
 
diff --git a/modules/Discipline/DisciplineForm.php b/modules/Discipline/DisciplineForm.php
index 8d6d9926..3fb10589 100644
--- a/modules/Discipline/DisciplineForm.php
+++ b/modules/Discipline/DisciplineForm.php
@@ -223,7 +223,7 @@ if ( ! $_REQUEST['modfunc'] )
 		'DATA_TYPE' => _makeType( '', 'DATA_TYPE' ),
 	);
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/Discipline/MakeReferral.php b/modules/Discipline/MakeReferral.php
index 75359fbe..abef5730 100644
--- a/modules/Discipline/MakeReferral.php
+++ b/modules/Discipline/MakeReferral.php
@@ -145,8 +145,8 @@ if ( ! $_REQUEST['modfunc'] )
 		//FJ teachers need AllowEdit (to edit the input fields)
 		$_ROSARIO['allow_edit'] = true;
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-			'&modfunc=save&include_inactive=' . $_REQUEST['include_inactive'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+			'&modfunc=save&include_inactive=' . $_REQUEST['include_inactive']  ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton( _( 'Add Referral for Selected Students' ) ) );
 
diff --git a/modules/Discipline/Referrals.php b/modules/Discipline/Referrals.php
index 555a832c..5889754c 100644
--- a/modules/Discipline/Referrals.php
+++ b/modules/Discipline/Referrals.php
@@ -172,7 +172,7 @@ if ( ! $_REQUEST['modfunc']
 	{
 		$RET = $RET[1];
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&referral_id=' . $_REQUEST['referral_id'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&referral_id=' . $_REQUEST['referral_id']  ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton() );
 
diff --git a/modules/Eligibility/Activities.php b/modules/Eligibility/Activities.php
index 031dc878..cdbe22d0 100644
--- a/modules/Eligibility/Activities.php
+++ b/modules/Eligibility/Activities.php
@@ -106,7 +106,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$link['remove']['variables'] = array( 'id' => 'ID' );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/Eligibility/AddActivity.php b/modules/Eligibility/AddActivity.php
index e3527920..9f87bbf0 100644
--- a/modules/Eligibility/AddActivity.php
+++ b/modules/Eligibility/AddActivity.php
@@ -54,7 +54,7 @@ echo ErrorMessage( $error );
 
 if ( $_REQUEST['search_modfunc'] === 'list' )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 	DrawHeader( '', SubmitButton( _( 'Add Activity to Selected Students' ) ) );
 	echo '<br />';
 
diff --git a/modules/Eligibility/EnterEligibility.php b/modules/Eligibility/EnterEligibility.php
index 62b99816..cb831309 100644
--- a/modules/Eligibility/EnterEligibility.php
+++ b/modules/Eligibility/EnterEligibility.php
@@ -198,7 +198,7 @@ $stu_RET = GetStuList( $extra );
 
 DrawHeader( ProgramTitle() );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 if ( $today > $END_DAY
 	| $today < $START_DAY
diff --git a/modules/Eligibility/EntryTimes.php b/modules/Eligibility/EntryTimes.php
index eb9b3158..e51c9fb9 100644
--- a/modules/Eligibility/EntryTimes.php
+++ b/modules/Eligibility/EntryTimes.php
@@ -85,7 +85,7 @@ else
 }
 
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 PopTable( 'header', _( 'Allow Eligibility Posting' ) );
 
diff --git a/modules/Eligibility/Student.php b/modules/Eligibility/Student.php
index 117fc5d8..11a8dcd2 100644
--- a/modules/Eligibility/Student.php
+++ b/modules/Eligibility/Student.php
@@ -142,9 +142,9 @@ if ( UserStudentID()
 		'END_DATE' => '&nbsp;',
 	);
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 		'&modfunc=add&start_date=' . issetVal( $_REQUEST['start_date'], '' ) .
-		'" method="POST">';
+		'' ) . '" method="POST">';
 
 	$columns = array(
 		'TITLE' => _( 'Activity' ),
diff --git a/modules/Eligibility/TeacherCompletion.php b/modules/Eligibility/TeacherCompletion.php
index 3ce01939..f668b9f1 100644
--- a/modules/Eligibility/TeacherCompletion.php
+++ b/modules/Eligibility/TeacherCompletion.php
@@ -52,7 +52,7 @@ foreach ( (array) $periods_RET as $period )
 
 $period_select .= '</select>';
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="GET">';
 
 $begin_year = DBGetOne( "SELECT min(date_part('epoch',SCHOOL_DATE)) AS SCHOOL_DATE
 	FROM ATTENDANCE_CALENDAR
diff --git a/modules/Food_Service/AssignSchool.php b/modules/Food_Service/AssignSchool.php
index 50564988..b1efa0e5 100644
--- a/modules/Food_Service/AssignSchool.php
+++ b/modules/Food_Service/AssignSchool.php
@@ -63,7 +63,7 @@ $staff_RET = DBGet( "SELECT fst.TRANSACTION_ID,fst.STAFF_ID,fst.SYEAR,
 //echo '<pre>'; var_dump($students_RET); echo '</pre>';
 //echo '<pre>'; var_dump($users_RET); echo '</pre>';
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 DrawHeader( '', SubmitButton() );
 $columns = array( 'TRANSACTION_ID' => _( 'ID' ), 'ACCOUNT_ID' => _( 'Account ID' ), 'SYEAR' => _( 'School Year' ), 'FULL_NAME' => _( 'Student' ), 'STUDENTS' => _( 'Students' ), 'SCHOOL_ID' => _( 'School' ) );
 ListOutput( $students_RET, $columns, 'Student Transaction w/o School', 'Student Transactions w/o School', false, array(), array( 'save' => false, 'search' => false ) );
diff --git a/modules/Food_Service/DailyMenus.php b/modules/Food_Service/DailyMenus.php
index 562684ad..789c51a9 100644
--- a/modules/Food_Service/DailyMenus.php
+++ b/modules/Food_Service/DailyMenus.php
@@ -301,8 +301,8 @@ else
 
 	$LO_columns = array( 'ID' => _( 'ID' ), 'SCHOOL_DATE' => _( 'Date' ), 'DESCRIPTION' => _( 'Description' ) );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&menu_id=' . $_REQUEST['menu_id'] .
-		'&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&menu_id=' . $_REQUEST['menu_id'] .
+		'&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year']  ) . '" method="POST">';
 
 	DrawHeader(
 		PrepareDate(
diff --git a/modules/Food_Service/MenuItems.php b/modules/Food_Service/MenuItems.php
index 44168f30..43e5d706 100644
--- a/modules/Food_Service/MenuItems.php
+++ b/modules/Food_Service/MenuItems.php
@@ -387,7 +387,7 @@ if ( ! $_REQUEST['modfunc'] )
 	$LO_ret = DBGet( $sql, $functions );
 	//echo '<pre>'; var_dump($LO_ret); echo '</pre>';
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id']  ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 	echo '<br />';
 
diff --git a/modules/Food_Service/Menus.php b/modules/Food_Service/Menus.php
index 44187acd..62718933 100644
--- a/modules/Food_Service/Menus.php
+++ b/modules/Food_Service/Menus.php
@@ -257,7 +257,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$LO_ret = DBGet( $sql, $functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id']  ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 	echo '<br />';
 
diff --git a/modules/Food_Service/Students/Accounts.php b/modules/Food_Service/Students/Accounts.php
index 20ad5b13..d288c293 100644
--- a/modules/Food_Service/Students/Accounts.php
+++ b/modules/Food_Service/Students/Accounts.php
@@ -138,7 +138,7 @@ if ( UserStudentID() && ! $_REQUEST['modfunc'] )
 		AND SYEAR='" . UserSyear() . "'
 		AND (START_DATE<=CURRENT_DATE AND (END_DATE IS NULL OR CURRENT_DATE<=END_DATE)))" ) );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 	DrawHeader(
 		CheckBoxOnclick(
diff --git a/modules/Food_Service/Students/Reminders.php b/modules/Food_Service/Students/Reminders.php
index c3e637f2..1962f484 100644
--- a/modules/Food_Service/Students/Reminders.php
+++ b/modules/Food_Service/Students/Reminders.php
@@ -191,7 +191,7 @@ if ( ! $_REQUEST['modfunc'] )
 {
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true' ) . '" method="POST">';
 		//DrawHeader('',SubmitButton('Create Reminders for Selected Students'));
 		//FJ add translation
 		$extra['header_right'] = SubmitButton( _( 'Create Reminders for Selected Students' ) );
diff --git a/modules/Food_Service/Students/ServeMenus.php b/modules/Food_Service/Students/ServeMenus.php
index 286814e7..a36dec0f 100644
--- a/modules/Food_Service/Students/ServeMenus.php
+++ b/modules/Food_Service/Students/ServeMenus.php
@@ -114,7 +114,7 @@ if ( UserStudentID() && ! $_REQUEST['modfunc'] )
 
 	$student = $student[1];
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=submit&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=submit&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 
 	DrawHeader(
 		'',
@@ -235,7 +235,7 @@ if ( UserStudentID() && ! $_REQUEST['modfunc'] )
 		);
 
 		echo '<br />';
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=add&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=add&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 
 		ListOutput( $LO_ret, $columns, 'Item', 'Items', $link, array(), $extra );
 
diff --git a/modules/Food_Service/Students/Transactions.php b/modules/Food_Service/Students/Transactions.php
index 5f431c82..c10f8c3f 100644
--- a/modules/Food_Service/Students/Transactions.php
+++ b/modules/Food_Service/Students/Transactions.php
@@ -89,7 +89,7 @@ if ( UserStudentID()
 	$student = $student[1];
 
 	//$PHP_tmp_SELF = PreparePHP_SELF();
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 	DrawHeader( '', ResetButton( _( 'Cancel' ) ) . SubmitButton() );
 
diff --git a/modules/Food_Service/TakeMenuCounts.php b/modules/Food_Service/TakeMenuCounts.php
index 247267b8..e7b4a07c 100644
--- a/modules/Food_Service/TakeMenuCounts.php
+++ b/modules/Food_Service/TakeMenuCounts.php
@@ -56,7 +56,7 @@ $calendar_RET = DBGet( "SELECT MINUTES FROM ATTENDANCE_CALENDAR WHERE CALENDAR_I
 
 if ( ! $calendar_RET[1]['MINUTES'] )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 	DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ) );
 	echo '</form>';
 	ErrorMessage( array( _( 'The selected date is not a school day!' ) ), 'fatal' );
@@ -64,7 +64,7 @@ if ( ! $calendar_RET[1]['MINUTES'] )
 
 if ( GetCurrentMP( $course_RET[1]['MP'], $date ) != $course_RET[1]['MARKING_PERIOD_ID'] )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 	DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ) );
 	echo '</form>';
 	ErrorMessage( array( _( 'This period does not meet in the marking period of the selected date.' ) ), 'fatal' );
@@ -90,7 +90,7 @@ switch ( $day )
 
 if ( mb_strpos( $days, $day ) === false )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&table=' . $_REQUEST['table'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&table=' . $_REQUEST['table']  ) . '" method="POST">';
 	DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ) );
 	echo '</form>';
 	ErrorMessage( array( _( 'This period does not meet on the selected date.' ) ), 'fatal' );
@@ -156,7 +156,7 @@ if ( $completed[1]['COMPLETED'] )
 	$note[] = button( 'check' ) . _( 'You have taken lunch counts today for this period.' );
 }
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ) . $date_note, SubmitButton() );
 
 echo ErrorMessage( $note, 'note' );
diff --git a/modules/Food_Service/TeacherCompletion.php b/modules/Food_Service/TeacherCompletion.php
index 822d8d82..78f91714 100644
--- a/modules/Food_Service/TeacherCompletion.php
+++ b/modules/Food_Service/TeacherCompletion.php
@@ -145,11 +145,11 @@ if ( empty( $_REQUEST['period'] ) )
 	}
 }
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 DrawHeader( PrepareDate( $date, '_date' ) . ' : ' . $period_select . ' : <input type=submit value=' . _( 'Go' ) . '>' );
 echo '</form>';
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=add&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=add&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 
 if ( count( (array) $menus_RET ) > 1 )
 {
diff --git a/modules/Food_Service/Users/Accounts.php b/modules/Food_Service/Users/Accounts.php
index 4832964a..66dacdec 100644
--- a/modules/Food_Service/Users/Accounts.php
+++ b/modules/Food_Service/Users/Accounts.php
@@ -152,7 +152,7 @@ if ( UserStaffID() && ! $_REQUEST['modfunc'] )
 
 	if ( $staff['ACCOUNT_ID'] )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 		DrawHeader(
 			'',
@@ -165,7 +165,7 @@ if ( UserStaffID() && ! $_REQUEST['modfunc'] )
 	}
 	else
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=create" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=create' ) . '" method="POST">';
 		DrawHeader( '', SubmitButton( _( 'Create Account' ) ) );
 	}
 
diff --git a/modules/Food_Service/Users/Reminders.php b/modules/Food_Service/Users/Reminders.php
index 2c35b5f3..f33084fa 100644
--- a/modules/Food_Service/Users/Reminders.php
+++ b/modules/Food_Service/Users/Reminders.php
@@ -101,7 +101,7 @@ if ( ! $_REQUEST['modfunc'] || $_REQUEST['search_modfunc'] === 'list' )
 {
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true' ) . '" method="POST">';
 		DrawHeader( '', SubmitButton( _( 'Create Reminders for Selected Users' ) ) );
 	}
 
diff --git a/modules/Food_Service/Users/ServeMenus.php b/modules/Food_Service/Users/ServeMenus.php
index f462eae9..74a1eeef 100644
--- a/modules/Food_Service/Users/ServeMenus.php
+++ b/modules/Food_Service/Users/ServeMenus.php
@@ -69,7 +69,7 @@ if ( UserStaffID()
 
 	$staff = $staff[1];
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=submit&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=submit&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 
 	DrawHeader(
 		'',
@@ -172,7 +172,7 @@ if ( UserStaffID()
 
 		echo '<br />';
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=add&menu_id=' . $_REQUEST['menu_id'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=add&menu_id=' . $_REQUEST['menu_id']  ) . '" method="POST">';
 
 		ListOutput( $LO_ret, $columns, 'Item', 'Items', $link, array(), $extra );
 
diff --git a/modules/Food_Service/Users/Transactions.php b/modules/Food_Service/Users/Transactions.php
index 51f21855..e1ee34ad 100644
--- a/modules/Food_Service/Users/Transactions.php
+++ b/modules/Food_Service/Users/Transactions.php
@@ -64,7 +64,7 @@ if ( UserStaffID()
 	$staff = $staff[1];
 
 	//$PHP_tmp_SELF = PreparePHP_SELF();
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 	DrawHeader( '', ResetButton( _( 'Cancel' ) ) . SubmitButton() );
 
diff --git a/modules/Grades/AnomalousGrades.php b/modules/Grades/AnomalousGrades.php
index 043edd57..816c3733 100644
--- a/modules/Grades/AnomalousGrades.php
+++ b/modules/Grades/AnomalousGrades.php
@@ -7,7 +7,7 @@ DrawHeader( _( 'Gradebook' ) . ' - ' . ProgramTitle() );
 
 $max_allowed = Preferences( 'ANOMALOUS_MAX', 'Gradebook' ) / 100;
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 DrawHeader(
 	CheckBoxOnclick(
diff --git a/modules/Grades/Assignments-new.php b/modules/Grades/Assignments-new.php
index a9a43508..b434b079 100644
--- a/modules/Grades/Assignments-new.php
+++ b/modules/Grades/Assignments-new.php
@@ -340,7 +340,7 @@ if ( ! $_REQUEST['modfunc'] )
 		$subject = 'Assignmemt Types';
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id']  ) . '" method="POST">';
 
 	DrawHeader( CheckBoxOnclick( 'allow_edit', _( 'Edit' ) ), SubmitButton() );
 
diff --git a/modules/Grades/Assignments.php b/modules/Grades/Assignments.php
index 5e7cf6b7..d601d7e0 100644
--- a/modules/Grades/Assignments.php
+++ b/modules/Grades/Assignments.php
@@ -560,14 +560,14 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( ! empty( $_REQUEST['assignment_id'] ) )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&assignment_type_id=' . $_REQUEST['assignment_type_id'];
+		$action = 'Modules.php?modname=' . $_REQUEST['modname'] . '&table=GRADEBOOK_ASSIGNMENTS&assignment_type_id=' . $_REQUEST['assignment_type_id'];
 
 		if ( $_REQUEST['assignment_id'] !== 'new' )
 		{
-			echo '&assignment_id=' . $_REQUEST['assignment_id'];
+			$action .= '&assignment_id=' . $_REQUEST['assignment_id'];
 		}
 
-		echo '&table=GRADEBOOK_ASSIGNMENTS" method="POST">';
+		echo '<form action="' . URLEscape( $action ) . '" method="POST">';
 
 		DrawHeader( $title, $delete_button . SubmitButton() );
 
@@ -709,14 +709,14 @@ if ( ! $_REQUEST['modfunc'] )
 	}
 	elseif ( ! empty( $_REQUEST['assignment_type_id'] ) )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&table=GRADEBOOK_ASSIGNMENT_TYPES';
+		$action = 'Modules.php?modname=' . $_REQUEST['modname'] . '&table=GRADEBOOK_ASSIGNMENT_TYPES';
 
 		if ( $_REQUEST['assignment_type_id'] !== 'new' )
 		{
-			echo '&assignment_type_id=' . $_REQUEST['assignment_type_id'];
+			$action .= '&assignment_type_id=' . $_REQUEST['assignment_type_id'];
 		}
 
-		echo '" method="POST">';
+		echo '<form action="' . URLEscape( $action ) . '" method="POST">';
 
 		DrawHeader( $title, $delete_button . SubmitButton() );
 
diff --git a/modules/Grades/Configuration.php b/modules/Grades/Configuration.php
index 40959d86..4a989753 100644
--- a/modules/Grades/Configuration.php
+++ b/modules/Grades/Configuration.php
@@ -50,7 +50,7 @@ echo ErrorMessage( $note, 'note' );
 // @since 5.8 Admin can override teachers gradebook configuration: use -1 as Staff ID.
 $gradebook_config = ProgramUserConfig( 'Gradebook', ( User( 'PROFILE' ) === 'admin' ? -1 : 0 ) );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 if ( User( 'PROFILE' ) === 'admin' )
 {
diff --git a/modules/Grades/EditHistoryMarkingPeriods.php b/modules/Grades/EditHistoryMarkingPeriods.php
index 068ea748..f07eb04f 100644
--- a/modules/Grades/EditHistoryMarkingPeriods.php
+++ b/modules/Grades/EditHistoryMarkingPeriods.php
@@ -75,7 +75,7 @@ if ( $_REQUEST['modfunc'] === 'remove' )
 
 if ( ! $_REQUEST['modfunc'] )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/Grades/EditReportCardGrades.php b/modules/Grades/EditReportCardGrades.php
index 954f0922..6ce6fc39 100644
--- a/modules/Grades/EditReportCardGrades.php
+++ b/modules/Grades/EditReportCardGrades.php
@@ -246,8 +246,8 @@ if ( UserStudentID() )
 			$mp_id = "0";
 		}
 
-		$mp_select = '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-			'&tab_id=' . $tab_id . '" method="POST">';
+		$mp_select = '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+			'&tab_id=' . $tab_id  ) . '" method="POST">';
 
 		$mp_select .= '<select name="mp_id" onchange="ajaxPostForm(this.form,true);">';
 
@@ -268,8 +268,8 @@ if ( UserStudentID() )
 		DrawHeader( $mp_select );
 
 		// FORM for updates/new records.
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-			'&modfunc=update&tab_id=' . $tab_id . '&mp_id=' . $mp_id . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+			'&modfunc=update&tab_id=' . $tab_id . '&mp_id=' . $mp_id  ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton() );
 		echo '<br />';
diff --git a/modules/Grades/FinalGrades.php b/modules/Grades/FinalGrades.php
index 551c7d1b..99312d74 100644
--- a/modules/Grades/FinalGrades.php
+++ b/modules/Grades/FinalGrades.php
@@ -520,10 +520,10 @@ if ( ! $_REQUEST['modfunc'] )
 	{
 		$_ROSARIO['allow_edit'] = true;
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 			'&modfunc=save&include_inactive=' .
 			issetVal( $_REQUEST['include_inactive'], '' ) .
-			'" method="GET">';
+			'' ) . '" method="GET">';
 
 		$extra['header_right'] = SubmitButton( _( 'Create Grade Lists for Selected Students' ) );
 
diff --git a/modules/Grades/GradeBreakdown.php b/modules/Grades/GradeBreakdown.php
index 457f72f0..2781d17d 100644
--- a/modules/Grades/GradeBreakdown.php
+++ b/modules/Grades/GradeBreakdown.php
@@ -44,7 +44,7 @@ $mps_RET = DBGet( "SELECT MARKING_PERIOD_ID,TITLE,DOES_GRADES,0,SORT_ORDER
 	AND MP='PRO'
 	ORDER BY 5,SORT_ORDER" );
 
-echo '<form action="Modules.php?modname='.$_REQUEST['modname'].'" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname='.$_REQUEST['modname'].'' ) . '" method="GET">';
 
 $mp_select = '<select name="mp_id" id="mp_id" onchange="ajaxPostForm(this.form,true);">';
 
diff --git a/modules/Grades/Grades.php b/modules/Grades/Grades.php
index 5a643da2..57edf48d 100644
--- a/modules/Grades/Grades.php
+++ b/modules/Grades/Grades.php
@@ -611,7 +611,7 @@ if ( $assignments_RET )
 
 $assignment_select .= '</select><label for="assignment_id" class="a11y-hidden">' . _( 'Assignments' ) . '</label>';
 
-// echo '<form action="Modules.php?modname='.$_REQUEST['modname'].'&student_id='.UserStudentID().'" method="POST">';
+// echo '<form action="' . URLEscape( 'Modules.php?modname='.$_REQUEST['modname'].'&student_id='.UserStudentID().'' ) . '" method="POST">';
 
 echo '<form action="' . PreparePHP_SELF( array(), array( 'values' ) ) . '" method="POST">';
 
diff --git a/modules/Grades/HonorRoll.php b/modules/Grades/HonorRoll.php
index f568b7c8..f63d7680 100644
--- a/modules/Grades/HonorRoll.php
+++ b/modules/Grades/HonorRoll.php
@@ -39,9 +39,9 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 			'&modfunc=save&include_inactive=' . issetVal( $_REQUEST['include_inactive'] ) .
-			'&_ROSARIO_PDF=true" method="POST" enctype="multipart/form-data">';
+			'&_ROSARIO_PDF=true' ) . '" method="POST" enctype="multipart/form-data">';
 
 		$extra['header_right'] = SubmitButton( _( 'Create Honor Roll for Selected Students' ) );
 
diff --git a/modules/Grades/InputFinalGrades.php b/modules/Grades/InputFinalGrades.php
index b60f773f..dbb01b66 100644
--- a/modules/Grades/InputFinalGrades.php
+++ b/modules/Grades/InputFinalGrades.php
@@ -1127,10 +1127,10 @@ $extra['DATE'] = GetMP( $_REQUEST['mp'], 'END_DATE' );
 
 $stu_RET = GetStuList( $extra );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 	( ! empty( $categories_RET ) && GetMP( $_REQUEST['mp'], 'DOES_COMMENTS' ) == 'Y' ?
 		'&tab_id=' . $_REQUEST['tab_id'] : '' ) .
-	'&mp=' . $_REQUEST['mp'] . '" method="POST">';
+	'&mp=' . $_REQUEST['mp']  ) . '" method="POST">';
 
 if ( ! isset( $_REQUEST['_ROSARIO_PDF'] ) )
 {
diff --git a/modules/Grades/MassCreateAssignments.php b/modules/Grades/MassCreateAssignments.php
index 75d1e87c..5ad42335 100644
--- a/modules/Grades/MassCreateAssignments.php
+++ b/modules/Grades/MassCreateAssignments.php
@@ -262,7 +262,7 @@ if ( ! $_REQUEST['modfunc'] )
 	if ( $_REQUEST['assignment_type']
 		&& $_REQUEST['assignment_type'] !== 'new' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&assignment_type=' . $_REQUEST['assignment_type'] . '&table=GRADEBOOK_ASSIGNMENTS" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&assignment_type=' . $_REQUEST['assignment_type'] . '&table=GRADEBOOK_ASSIGNMENTS' ) . '" method="POST">';
 
 		$submit_button = SubmitButton( _( 'Create Assignment for Selected Course Periods' ) );
 
@@ -347,7 +347,7 @@ if ( ! $_REQUEST['modfunc'] )
 	}
 	elseif ( $_REQUEST['assignment_type'] === 'new' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&table=GRADEBOOK_ASSIGNMENT_TYPES" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&table=GRADEBOOK_ASSIGNMENT_TYPES' ) . '" method="POST">';
 
 		$submit_button = SubmitButton( _( 'Create Assignment Type for Selected Courses' ) );
 
diff --git a/modules/Grades/ProgressReports.php b/modules/Grades/ProgressReports.php
index f9492ae7..35ad981b 100644
--- a/modules/Grades/ProgressReports.php
+++ b/modules/Grades/ProgressReports.php
@@ -279,9 +279,9 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list_st' || UserStudentID() )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 			'&modfunc=save&include_inactive=' . $_REQUEST['include_inactive'] .
-			'&_ROSARIO_PDF=true" method="POST">';
+			'&_ROSARIO_PDF=true' ) . '" method="POST">';
 
 		$extra['header_right'] = Buttons( _( 'Create Progress Reports for Selected Students' ) );
 
diff --git a/modules/Grades/ReportCardCommentCodes.php b/modules/Grades/ReportCardCommentCodes.php
index 6b8550cd..d8d6c129 100644
--- a/modules/Grades/ReportCardCommentCodes.php
+++ b/modules/Grades/ReportCardCommentCodes.php
@@ -256,8 +256,8 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$LO_ret = DBGet( $sql, $functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' .
-		$_REQUEST['tab_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' .
+		$_REQUEST['tab_id']  ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 	echo '<br />';
diff --git a/modules/Grades/ReportCardComments.php b/modules/Grades/ReportCardComments.php
index 43693721..f9bcb30f 100644
--- a/modules/Grades/ReportCardComments.php
+++ b/modules/Grades/ReportCardComments.php
@@ -415,8 +415,8 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$LO_ret = DBGet( $sql, $functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&course_id=' .
-		$_REQUEST['course_id'] . '&tab_id=' . $_REQUEST['tab_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&course_id=' .
+		$_REQUEST['course_id'] . '&tab_id=' . $_REQUEST['tab_id']  ) . '" method="POST">';
 
 	DrawHeader( $subject_select . ' : ' . $course_select, SubmitButton() );
 	echo '<br />';
diff --git a/modules/Grades/ReportCardGrades.php b/modules/Grades/ReportCardGrades.php
index 20e49a64..49e57246 100644
--- a/modules/Grades/ReportCardGrades.php
+++ b/modules/Grades/ReportCardGrades.php
@@ -298,7 +298,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	$LO_ret = DBGet( $sql, $functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&tab_id=' . $_REQUEST['tab_id']  ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 	echo '<br />';
 
diff --git a/modules/Grades/TeacherCompletion.php b/modules/Grades/TeacherCompletion.php
index 2d91ab12..9e52d5db 100644
--- a/modules/Grades/TeacherCompletion.php
+++ b/modules/Grades/TeacherCompletion.php
@@ -74,7 +74,7 @@ if ( GetMP( $fy, 'DOES_GRADES' ) == 'Y' )
 
 $mp_select .= '</select>';
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="GET">';
 DrawHeader( $mp_select . ' - ' . $period_select );
 echo '</form>';
 
diff --git a/modules/Grades/Transcripts.php b/modules/Grades/Transcripts.php
index 02cc7ffa..2d4ef524 100644
--- a/modules/Grades/Transcripts.php
+++ b/modules/Grades/Transcripts.php
@@ -75,7 +75,7 @@ if ( ! $_REQUEST['modfunc'] )
 	{
 		//FJ include gentranscript.php in Transcripts.php
 		//echo '<form action="modules/Grades/gentranscript.php" method="POST">';
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true' ) . '" method="POST">';
 
 		$extra['header_right'] = Buttons( _( 'Create Transcripts for Selected Students' ) );
 
diff --git a/modules/Resources/Resources.php b/modules/Resources/Resources.php
index 4f2586f5..b74db16d 100644
--- a/modules/Resources/Resources.php
+++ b/modules/Resources/Resources.php
@@ -82,7 +82,7 @@ if ( ! $_REQUEST['modfunc'] )
 	$link['remove']['link'] = 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=remove';
 	$link['remove']['variables'] = array( 'id' => 'ID' );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 
 	ListOutput( $resources_RET, $columns, 'Resource', 'Resources', $link );
diff --git a/modules/Scheduling/Courses.php b/modules/Scheduling/Courses.php
index 4825b534..90cf8ad8 100644
--- a/modules/Scheduling/Courses.php
+++ b/modules/Scheduling/Courses.php
@@ -67,9 +67,9 @@ if ( isset( $_REQUEST['course_modfunc'] )
 
 	PopTable( 'header', _( 'Search' ) );
 
-	echo '<form name="search" action="Modules.php?modname=' . $_REQUEST['modname'] .
+	echo '<form name="search" action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 		'&modfunc=' . $_REQUEST['modfunc'] . '&course_modfunc=search&last_year=' .
-		$_REQUEST['last_year'] . '" method="POST">'; // Fix Search: Use POST for Public Pages plugin compatibility.
+		$_REQUEST['last_year']  ) . '" method="POST">'; // Fix Search: Use POST for Public Pages plugin compatibility.
 
 	echo '<table><tr><td><input type="text" name="search_term" value="' .
 		issetVal( $_REQUEST['search_term'], '' ) . '" required autofocus /></td>
@@ -867,10 +867,10 @@ if (  ( ! $_REQUEST['modfunc']
 				$new = true;
 			}
 
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 				'&subject_id=' . $_REQUEST['subject_id'] .
 				'&course_id=' . $_REQUEST['course_id'] .
-				'&course_period_id=' . $_REQUEST['course_period_id'] . '" method="POST">';
+				'&course_period_id=' . $_REQUEST['course_period_id']  ) . '" method="POST">';
 
 			DrawHeader( $title, $delete_button . SubmitButton() );
 
@@ -1295,7 +1295,7 @@ if (  ( ! $_REQUEST['modfunc']
 				$RET = array();
 			}
 
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&subject_id=' . $_REQUEST['subject_id'] . '&course_id=' . $_REQUEST['course_id'] . '" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&subject_id=' . $_REQUEST['subject_id'] . '&course_id=' . $_REQUEST['course_id']  ) . '" method="POST">';
 
 			DrawHeader( $title, $delete_button . SubmitButton() );
 
@@ -1357,7 +1357,7 @@ if (  ( ! $_REQUEST['modfunc']
 				$title = _( 'New Subject' );
 			}
 
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&subject_id=' . $_REQUEST['subject_id'] . '" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&subject_id=' . $_REQUEST['subject_id']  ) . '" method="POST">';
 
 			DrawHeader( $title, $delete_button . SubmitButton() );
 
@@ -1400,7 +1400,7 @@ if (  ( ! $_REQUEST['modfunc']
 
 		if ( $_REQUEST['modname'] === 'Scheduling/Schedule.php' )
 		{
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 			DrawHeader(
 				$choose_a_header_html,
diff --git a/modules/Scheduling/IncompleteSchedules.php b/modules/Scheduling/IncompleteSchedules.php
index 05bf77f1..d53b5c38 100644
--- a/modules/Scheduling/IncompleteSchedules.php
+++ b/modules/Scheduling/IncompleteSchedules.php
@@ -16,7 +16,7 @@ DrawHeader( ProgramTitle() );
 
 if ( ! empty( $period_select ) )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 	DrawHeader( $period_select );
 	echo '</form>';
 }
diff --git a/modules/Scheduling/MassDrops.php b/modules/Scheduling/MassDrops.php
index 6697a894..1b28c642 100644
--- a/modules/Scheduling/MassDrops.php
+++ b/modules/Scheduling/MassDrops.php
@@ -152,7 +152,7 @@ if ( $_REQUEST['modfunc'] != 'choose_course' )
 {
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 		DrawHeader( '', SubmitButton( _( 'Drop Course for Selected Students' ) ) );
 
 		echo '<br />';
diff --git a/modules/Scheduling/MassRequests.php b/modules/Scheduling/MassRequests.php
index 7c5cf19f..e6b0b3ea 100644
--- a/modules/Scheduling/MassRequests.php
+++ b/modules/Scheduling/MassRequests.php
@@ -64,7 +64,7 @@ if ( $_REQUEST['modfunc'] != 'choose_course' )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton( _( 'Add Request to Selected Students' ) ) );
 
diff --git a/modules/Scheduling/MassSchedule.php b/modules/Scheduling/MassSchedule.php
index 7abbe4be..510086fc 100644
--- a/modules/Scheduling/MassSchedule.php
+++ b/modules/Scheduling/MassSchedule.php
@@ -127,7 +127,7 @@ if ( ! $_REQUEST['modfunc'] )
 {
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton( _( 'Add Courses to Selected Students' ) ) );
 
diff --git a/modules/Scheduling/Menu.php b/modules/Scheduling/Menu.php
index e9544b35..ae734e0d 100644
--- a/modules/Scheduling/Menu.php
+++ b/modules/Scheduling/Menu.php
@@ -20,13 +20,13 @@ $menu['Scheduling']['admin'] = array(
 	'Scheduling/MassDrops.php' => _( 'Group Drops' ),
 	1 => _( 'Reports' ),
 	'Scheduling/PrintSchedules.php' => _( 'Print Schedules' ),
-	'Scheduling/PrintClassLists.php' => _( 'Print Class Lists' ),
+	'Scheduling/PrintClassLists.php' => _( 'Print Class Lists' ), // TODO merge with PrintClassPictures.php, Parent?? ONLY Pictures.
 	'Scheduling/PrintClassPictures.php' => _( 'Print Class Pictures' ),
 	'Scheduling/PrintRequests.php' => _( 'Print Requests' ),
-	'Scheduling/MasterScheduleReport.php' => _( 'Master Schedule Report' ),
+	'Scheduling/MasterScheduleReport.php' => _( 'Master Schedule Report' ), // TODO merge with ScheduleReport.php.
 	'Scheduling/ScheduleReport.php' => _( 'Schedule Report' ),
 	'Scheduling/RequestsReport.php' => _( 'Requests Report' ),
-	'Scheduling/UnfilledRequests.php' => _( 'Unfilled Requests' ),
+	'Scheduling/UnfilledRequests.php' => _( 'Unfilled Requests' ), // TODO merge with RequestsReport.php.
 	'Scheduling/IncompleteSchedules.php' => _( 'Incomplete Schedules' ),
 	'Scheduling/AddDrop.php' => _( 'Add / Drop Report' ),
 	2 => _( 'Setup' ),
@@ -54,7 +54,7 @@ $menu['Scheduling']['parent'] = array(
 	// Activate Courses for Teachers & Parents & Students.
 	'Scheduling/Courses.php' => _( 'Courses' ),
 	1 => _( 'Reports' ),
-	// FJ activate Print Schedules for parents and students.
+	// Activate Print Schedules for parents and students.
 	'Scheduling/PrintSchedules.php' => _( 'Print Schedules' ),
 	'Scheduling/PrintClassPictures.php' => _( 'Class Pictures' ),
 );
diff --git a/modules/Scheduling/PrintClassLists.php b/modules/Scheduling/PrintClassLists.php
index ce200539..1374e64a 100644
--- a/modules/Scheduling/PrintClassLists.php
+++ b/modules/Scheduling/PrintClassLists.php
@@ -117,8 +117,8 @@ if ( ! $_REQUEST['modfunc']
 
 	if ( $_REQUEST['modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&search_modfunc=list&_ROSARIO_PDF=true' .
-			issetVal( $extra['action'], '' ) . '" method="POST" name="search">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&search_modfunc=list&_ROSARIO_PDF=true' .
+			issetVal( $extra['action'], '' )  ) . '" method="POST" name="search">';
 
 		$submit_button = Buttons( _( 'Create Class Lists for Selected Course Periods' ) );
 
diff --git a/modules/Scheduling/PrintClassPictures.php b/modules/Scheduling/PrintClassPictures.php
index 3e3304e4..ff67375b 100644
--- a/modules/Scheduling/PrintClassPictures.php
+++ b/modules/Scheduling/PrintClassPictures.php
@@ -219,7 +219,7 @@ if ( ! $_REQUEST['modfunc']
 
 	if ( $_REQUEST['modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&_ROSARIO_PDF=true' ) . '" method="POST">';
 
 		$extra['header_right'] = Buttons( _( 'Create Class Pictures for Selected Course Periods' ) );
 
diff --git a/modules/Scheduling/PrintSchedules.php b/modules/Scheduling/PrintSchedules.php
index 114dbc0f..9eaab9af 100644
--- a/modules/Scheduling/PrintSchedules.php
+++ b/modules/Scheduling/PrintSchedules.php
@@ -346,10 +346,10 @@ if ( ! $_REQUEST['modfunc'] )
 			$mp_options[ $mp['MARKING_PERIOD_ID'] ] = $mp['TITLE'];
 		}
 
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 			'&modfunc=save&include_inactive=' .
 			issetVal( $_REQUEST['include_inactive'], '' ) .
-			'&_ROSARIO_PDF=true" method="POST" id="printSchedulesForm">';
+			'&_ROSARIO_PDF=true' ) . '" method="POST" id="printSchedulesForm">';
 
 		$extra['header_right'] = Buttons( _( 'Create Schedules for Selected Students' ) );
 
diff --git a/modules/Scheduling/Requests.php b/modules/Scheduling/Requests.php
index c272a526..718c2aec 100644
--- a/modules/Scheduling/Requests.php
+++ b/modules/Scheduling/Requests.php
@@ -213,7 +213,7 @@ function processRequest()
 		'variables' => array( 'id' => 'REQUEST_ID' ),
 	);
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/Scheduling/Schedule.php b/modules/Scheduling/Schedule.php
index b73b8bc3..cac288ff 100644
--- a/modules/Scheduling/Schedule.php
+++ b/modules/Scheduling/Schedule.php
@@ -156,7 +156,7 @@ if ( $_REQUEST['modfunc'] === 'modify'
 if ( UserStudentID()
 	&& ! $_REQUEST['modfunc'] )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=modify" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=modify' ) . '" method="POST">';
 
 	DrawHeader( PrepareDate( $date, '_date', false, array( 'submit' => true ) ), SubmitButton() );
 
diff --git a/modules/Scheduling/ScheduleReport.php b/modules/Scheduling/ScheduleReport.php
index 861dc58a..839a234f 100644
--- a/modules/Scheduling/ScheduleReport.php
+++ b/modules/Scheduling/ScheduleReport.php
@@ -6,7 +6,7 @@ $_REQUEST['course_id'] = issetVal( $_REQUEST['course_id'], '' );
 $_REQUEST['course_period_id'] = issetVal( $_REQUEST['course_period_id'], '' );
 $_REQUEST['include_child_mps'] = issetVal( $_REQUEST['include_child_mps'], '' );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 if ( $_REQUEST['modfunc'] !== 'students' )
 {
diff --git a/modules/Scheduling/UnfilledRequests.php b/modules/Scheduling/UnfilledRequests.php
index d3be42a6..9bd14f66 100644
--- a/modules/Scheduling/UnfilledRequests.php
+++ b/modules/Scheduling/UnfilledRequests.php
@@ -11,7 +11,7 @@ if ( $_REQUEST['modname'] == 'Scheduling/UnfilledRequests.php' )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=modify" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=modify' ) . '" method="POST">';
 
 		DrawHeader( CheckBoxOnclick( 'include_seats', _( 'Show Available Seats' ) ) );
 
diff --git a/modules/Scheduling/includes/ClassSearchWidget.fnc.php b/modules/Scheduling/includes/ClassSearchWidget.fnc.php
index 9ee3b51f..afa53cea 100644
--- a/modules/Scheduling/includes/ClassSearchWidget.fnc.php
+++ b/modules/Scheduling/includes/ClassSearchWidget.fnc.php
@@ -71,9 +71,9 @@ function _classSearchWidgetFindCourse( $extra )
 
 	PopTable( 'header', _( 'Find a Course' ) );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 		'&modfunc=' . $_REQUEST['modfunc'] . '&modfunc=list&next_modname=' .
-		issetVal( $_REQUEST['next_modname'], '' ) . '" method="POST">';
+		issetVal( $_REQUEST['next_modname'], '' )  ) . '" method="POST">';
 
 	echo '<table>';
 
diff --git a/modules/Scheduling/new_Requests.php b/modules/Scheduling/new_Requests.php
index 1a50c960..0a146d8f 100644
--- a/modules/Scheduling/new_Requests.php
+++ b/modules/Scheduling/new_Requests.php
@@ -67,7 +67,7 @@ if ( $_REQUEST['modfunc'] == 'choose' )
 	AND sr.STUDENT_ID='" . UserStudentID() . "'
 	AND sr.COURSE_ID=c.COURSE_ID", $functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=verify" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=verify' ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 
 	$columns = array( '' );
diff --git a/modules/School_Setup/AccessLog.php b/modules/School_Setup/AccessLog.php
index eb785192..74ac99a7 100644
--- a/modules/School_Setup/AccessLog.php
+++ b/modules/School_Setup/AccessLog.php
@@ -41,7 +41,7 @@ echo ErrorMessage( $note, 'note' );
 
 if ( ! $_REQUEST['modfunc'] )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="GET">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="GET">';
 
 	DrawHeader(
 		_( 'From' ) . ' ' . DateInput( $start_date, 'start', '', false, false ) . ' - ' .
@@ -67,7 +67,7 @@ if ( ! $_REQUEST['modfunc'] )
 		AND LOGIN_TIME <='" . $end_date . ' 23:59:59' . "'
 		ORDER BY LOGIN_TIME DESC", $access_logs_functions );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=delete" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=delete' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton( _( 'Clear Log' ), '', '' ) );
 
diff --git a/modules/School_Setup/Calendar.php b/modules/School_Setup/Calendar.php
index fbcfa023..78f34f84 100644
--- a/modules/School_Setup/Calendar.php
+++ b/modules/School_Setup/Calendar.php
@@ -593,7 +593,7 @@ if ( $_REQUEST['modfunc'] === 'detail' )
 				$RET[1]['SCHOOL_DATE'] = issetVal( $_REQUEST['school_date'] );
 			}
 
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=detail&event_id=' . $_REQUEST['event_id'] . '&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year'] . '" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=detail&event_id=' . $_REQUEST['event_id'] . '&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year']  ) . '" method="POST">';
 		}
 		// Assignment
 		elseif ( ! empty( $_REQUEST['assignment_id'] ) )
@@ -747,7 +747,7 @@ if ( $_REQUEST['modfunc'] === 'list_events' )
 			$end_date = DBDate();
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=' . $_REQUEST['modfunc'] . '&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=' . $_REQUEST['modfunc'] . '&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year']  ) . '" method="POST">';
 
 	DrawHeader( '<a href="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&month=' . $_REQUEST['month'] . '&year=' . $_REQUEST['year'] ) . '" >' . _( 'Back to Calendar' ) . '</a>' );
 
@@ -930,7 +930,7 @@ if ( ! $_REQUEST['modfunc'] )
 		$calendar_RET = DBGet( $calendar_SQL, array(), array( 'SCHOOL_DATE' ) );
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 	// Admin Headers
 	if ( AllowEdit() )
diff --git a/modules/School_Setup/Configuration.php b/modules/School_Setup/Configuration.php
index e1bcd348..7602fb25 100644
--- a/modules/School_Setup/Configuration.php
+++ b/modules/School_Setup/Configuration.php
@@ -148,7 +148,7 @@ else
 
 	if ( ! $_REQUEST['modfunc'] )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] . '&modfunc=update" method="POST" enctype="multipart/form-data">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] . '&modfunc=update' ) . '" method="POST" enctype="multipart/form-data">';
 
 		if ( AllowEdit() )
 		{
diff --git a/modules/School_Setup/CopySchool.php b/modules/School_Setup/CopySchool.php
index 279df577..d82ccb24 100644
--- a/modules/School_Setup/CopySchool.php
+++ b/modules/School_Setup/CopySchool.php
@@ -78,7 +78,7 @@ if ( $go
 	}
 
 	// Print success message
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 	$note[] = button( 'check' ) .'&nbsp;' .
 		sprintf( _( 'The data have been copied to a new school called "%s".' ), $_REQUEST['title'] ) .
diff --git a/modules/School_Setup/DatabaseBackup.php b/modules/School_Setup/DatabaseBackup.php
index 2ca87967..59a8786e 100644
--- a/modules/School_Setup/DatabaseBackup.php
+++ b/modules/School_Setup/DatabaseBackup.php
@@ -56,7 +56,7 @@ if ( ! $_REQUEST['modfunc'] )
 {
 	echo '<br />';
 	PopTable( 'header', _( 'Database Backup' ) );
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=backup&_ROSARIO_PDF=true" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=backup&_ROSARIO_PDF=true' ) . '" method="POST">';
 	echo '<br />';
 	echo _( 'Download backup files periodically in case of system failure.' );
 	echo '<br /><br />';
diff --git a/modules/School_Setup/GradeLevels.php b/modules/School_Setup/GradeLevels.php
index d02f06ea..b7b4e072 100644
--- a/modules/School_Setup/GradeLevels.php
+++ b/modules/School_Setup/GradeLevels.php
@@ -115,7 +115,7 @@ if ( ! $_REQUEST['modfunc'] )
 		'NEXT_GRADE_ID' => _makeGradeInput( '', 'NEXT_GRADE_ID' ),
 	);
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/School_Setup/MarkingPeriods.php b/modules/School_Setup/MarkingPeriods.php
index 7a2007c2..4681d4c8 100644
--- a/modules/School_Setup/MarkingPeriods.php
+++ b/modules/School_Setup/MarkingPeriods.php
@@ -450,7 +450,7 @@ if ( ! $_REQUEST['modfunc'] )
 		}
 	}
 
-	echo '<form action="' . $mp_href . '" method="POST">';
+	echo '<form action="' . URLEscape( $mp_href ) . '" method="POST">';
 
 	DrawHeader( $title, $delete_button . SubmitButton() );
 
diff --git a/modules/School_Setup/Periods.php b/modules/School_Setup/Periods.php
index 81b5405f..e79555f4 100644
--- a/modules/School_Setup/Periods.php
+++ b/modules/School_Setup/Periods.php
@@ -150,7 +150,7 @@ if ( ! $_REQUEST['modfunc'] )
 		'BLOCK' => _makeTextInput( '', 'BLOCK' ),
 	); // 'ATTENDANCE'=>_makeCheckboxInput('','ATTENDANCE'),'START_TIME'=>_makeTimeInput('','START_TIME'),'END_TIME'=>_makeTimeInput('','END_TIME')
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/School_Setup/PortalNotes.php b/modules/School_Setup/PortalNotes.php
index 3da3c5f7..2398794c 100644
--- a/modules/School_Setup/PortalNotes.php
+++ b/modules/School_Setup/PortalNotes.php
@@ -244,7 +244,7 @@ if ( ! $_REQUEST['modfunc'] )
 	$link['remove']['link'] = 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=remove';
 	$link['remove']['variables'] = array( 'id' => 'ID' );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST" enctype="multipart/form-data" onsubmit="if (document.getElementById(\'FILE_ATTACHED_FILE\').value) document.getElementById(\'loading\').innerHTML=\'<span class=loading></span>\';">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST" enctype="multipart/form-data" onsubmit="if (document.getElementById(\'FILE_ATTACHED_FILE\').value) document.getElementById(\'loading\').innerHTML=\'<span class=loading></span>\';">';
 
 	DrawHeader( '', SubmitButton() );
 
diff --git a/modules/School_Setup/PortalPolls.php b/modules/School_Setup/PortalPolls.php
index 08b5bdd1..c0cb7b51 100644
--- a/modules/School_Setup/PortalPolls.php
+++ b/modules/School_Setup/PortalPolls.php
@@ -282,7 +282,7 @@ if ( ! $_REQUEST['modfunc'] )
 	$link['remove']['link'] = 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=remove';
 	$link['remove']['variables'] = array( 'id' => 'ID' );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 
 	ListOutput( $polls_RET, $columns, 'Poll', 'Polls', $link );
diff --git a/modules/School_Setup/Rollover.php b/modules/School_Setup/Rollover.php
index 2a0cdc2c..4dbcd129 100644
--- a/modules/School_Setup/Rollover.php
+++ b/modules/School_Setup/Rollover.php
@@ -154,7 +154,7 @@ if ( Prompt(
 		$error[] = _( 'You <i>must</i> roll users, school periods, marking periods, calendars, and report card codes at the same time or before rolling courses.' );
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 	if ( ! $error )
 	{
diff --git a/modules/School_Setup/Schools.php b/modules/School_Setup/Schools.php
index a001d5f9..5dd0cf03 100644
--- a/modules/School_Setup/Schools.php
+++ b/modules/School_Setup/Schools.php
@@ -169,7 +169,7 @@ if ( ! $_REQUEST['modfunc'] )
 	$schooldata = $schooldata[1];
 	$school_name = SchoolInfo( 'TITLE' );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST" enctype="multipart/form-data">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST" enctype="multipart/form-data">';
 
 	$delete_button = '';
 
diff --git a/modules/School_Setup/includes/Modules.inc.php b/modules/School_Setup/includes/Modules.inc.php
index 2439b7e8..f43a3a2c 100644
--- a/modules/School_Setup/includes/Modules.inc.php
+++ b/modules/School_Setup/includes/Modules.inc.php
@@ -279,8 +279,8 @@ if ( ! $_REQUEST['modfunc'] )
 		&& is_writable( 'modules/' ) )
 	{
 		// @since 6.4 Add-on zip upload.
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] .
-			'&modfunc=upload" method="POST" enctype="multipart/form-data">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] .
+			'&modfunc=upload' ) . '" method="POST" enctype="multipart/form-data">';
 
 		echo button( 'add' ) . ' ';
 
diff --git a/modules/School_Setup/includes/Plugins.inc.php b/modules/School_Setup/includes/Plugins.inc.php
index ebf9439f..94c4c99b 100644
--- a/modules/School_Setup/includes/Plugins.inc.php
+++ b/modules/School_Setup/includes/Plugins.inc.php
@@ -270,8 +270,8 @@ if ( ! $_REQUEST['modfunc'] )
 		&& is_writable( 'plugins/' ) )
 	{
 		// @since 6.4 Add-on zip upload.
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] .
-			'&modfunc=upload" method="POST" enctype="multipart/form-data">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] .
+			'&modfunc=upload' ) . '" method="POST" enctype="multipart/form-data">';
 
 		echo button( 'add' ) . ' ';
 
diff --git a/modules/Student_Billing/DailyTotals.php b/modules/Student_Billing/DailyTotals.php
index 52516528..0872712a 100644
--- a/modules/Student_Billing/DailyTotals.php
+++ b/modules/Student_Billing/DailyTotals.php
@@ -14,7 +14,7 @@ $start_date = RequestedDate( 'start', date( 'Y-m' ) . '-01' );
 // Set end date.
 $end_date = RequestedDate( 'end', DBDate() );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="GET">';
 
 DrawHeader( _( 'Report Timeframe' ) . ': ' .
 	PrepareDate( $start_date, '_start' ) . ' ' . _( 'to' ) . ' ' .
diff --git a/modules/Student_Billing/DailyTransactions.php b/modules/Student_Billing/DailyTransactions.php
index c9bc270e..6a92ac78 100644
--- a/modules/Student_Billing/DailyTransactions.php
+++ b/modules/Student_Billing/DailyTransactions.php
@@ -8,7 +8,7 @@ $start_date = RequestedDate( 'start', date( 'Y-m' ) . '-01' );
 // Set end date.
 $end_date = RequestedDate( 'end', DBDate() );
 
-echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="GET">';
+echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="GET">';
 
 DrawHeader( _( 'Report Timeframe' ) . ': ' . PrepareDate( $start_date, '_start', false ) .
 	' ' . _( 'to' ) . ' ' . PrepareDate( $end_date, '_end', false ) . Buttons( _( 'Go' ) ) );
diff --git a/modules/Student_Billing/MassAssignFees.php b/modules/Student_Billing/MassAssignFees.php
index a9663402..5cc174bb 100644
--- a/modules/Student_Billing/MassAssignFees.php
+++ b/modules/Student_Billing/MassAssignFees.php
@@ -54,7 +54,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 		DrawHeader( '', SubmitButton( _( 'Add Fee to Selected Students' ) ) );
 
 		echo '<br />';
diff --git a/modules/Student_Billing/MassAssignPayments.php b/modules/Student_Billing/MassAssignPayments.php
index 9cb007db..b7e15648 100644
--- a/modules/Student_Billing/MassAssignPayments.php
+++ b/modules/Student_Billing/MassAssignPayments.php
@@ -60,7 +60,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 		DrawHeader( '', SubmitButton( _( 'Add Payment to Selected Students' ) ) );
 
diff --git a/modules/Student_Billing/StudentFees.php b/modules/Student_Billing/StudentFees.php
index 8a168cc4..d1389c73 100644
--- a/modules/Student_Billing/StudentFees.php
+++ b/modules/Student_Billing/StudentFees.php
@@ -193,7 +193,7 @@ if ( UserStudentID()
 
 	if ( empty( $_REQUEST['print_statements'] ) )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 		//DrawStudentHeader();
 
 		if ( AllowEdit() )
diff --git a/modules/Student_Billing/StudentPayments.php b/modules/Student_Billing/StudentPayments.php
index e7fb93a4..64e9d179 100644
--- a/modules/Student_Billing/StudentPayments.php
+++ b/modules/Student_Billing/StudentPayments.php
@@ -204,7 +204,7 @@ if ( UserStudentID()
 
 	if ( empty( $_REQUEST['print_statements'] ) )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 		if ( AllowEdit() )
 		{
diff --git a/modules/Students/AddUsers.php b/modules/Students/AddUsers.php
index ee340a72..d24fc468 100644
--- a/modules/Students/AddUsers.php
+++ b/modules/Students/AddUsers.php
@@ -73,7 +73,7 @@ if ( ! $_REQUEST['modfunc'] )
 	{
 		if ( $_REQUEST['search_modfunc'] === 'list' )
 		{
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 
 			DrawHeader( '', SubmitButton( _( 'Add Selected Parents' ) ) );
 		}
diff --git a/modules/Students/AssignOtherInfo.php b/modules/Students/AssignOtherInfo.php
index 49db72a1..f0715335 100644
--- a/modules/Students/AssignOtherInfo.php
+++ b/modules/Students/AssignOtherInfo.php
@@ -206,7 +206,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 		DrawHeader( '', SubmitButton() );
 		echo '<br />';
 
diff --git a/modules/Students/EnrollmentCodes.php b/modules/Students/EnrollmentCodes.php
index f1f3ccf1..326d32d1 100644
--- a/modules/Students/EnrollmentCodes.php
+++ b/modules/Students/EnrollmentCodes.php
@@ -128,7 +128,7 @@ if ( ! $_REQUEST['modfunc'] )
 	$link['remove']['link'] = 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=remove';
 	$link['remove']['variables'] = array( 'id' => _( 'ID' ) );
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 	DrawHeader( '', SubmitButton() );
 
 	ListOutput( $codes_RET, $columns, 'Enrollment Code', 'Enrollment Codes', $link );
diff --git a/modules/Students/Letters.php b/modules/Students/Letters.php
index 05568113..e1d238b3 100644
--- a/modules/Students/Letters.php
+++ b/modules/Students/Letters.php
@@ -160,9 +160,9 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&include_inactive=' .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&include_inactive=' .
 			issetVal( $_REQUEST['include_inactive'], '' ) . '&_search_all_schools=' .
-			issetVal( $_REQUEST['_search_all_schools'], '' ) . '&_ROSARIO_PDF=true" method="POST">';
+			issetVal( $_REQUEST['_search_all_schools'], '' ) . '&_ROSARIO_PDF=true' ) . '" method="POST">';
 
 		$extra['header_right'] = SubmitButton( _( 'Print Letters for Selected Students' ) );
 
diff --git a/modules/Students/PrintStudentInfo.php b/modules/Students/PrintStudentInfo.php
index 53b27829..924caab9 100644
--- a/modules/Students/PrintStudentInfo.php
+++ b/modules/Students/PrintStudentInfo.php
@@ -277,9 +277,9 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&include_inactive=' .
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save&include_inactive=' .
 			issetVal( $_REQUEST['include_inactive'], '' ) . '&_search_all_schools=' .
-			issetVal( $_REQUEST['_search_all_schools'], '' ) . '&_ROSARIO_PDF=true" method="POST">';
+			issetVal( $_REQUEST['_search_all_schools'], '' ) . '&_ROSARIO_PDF=true' ) . '" method="POST">';
 
 		$extra['header_right'] = SubmitButton( _( 'Print Info for Selected Students' ) );
 
diff --git a/modules/Students/Search.inc.php b/modules/Students/Search.inc.php
index 032bcfdb..1a8f426d 100644
--- a/modules/Students/Search.inc.php
+++ b/modules/Students/Search.inc.php
@@ -36,11 +36,11 @@ if ( empty( $_REQUEST['search_modfunc'] ) )
 				! empty( $extra['search_title'] ) ? $extra['search_title'] : _( 'Find a Student' )
 			);
 
-			echo '<form name="search" id="search" action="Modules.php?modname=' . $_REQUEST['modname'] .
+			echo '<form name="search" id="search" action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 				'&modfunc=' . $_REQUEST['modfunc'] .
 				'&search_modfunc=list&next_modname=' . $_REQUEST['next_modname'] .
 				'&advanced=' . ( ! empty( $_REQUEST['advanced'] ) ? $_REQUEST['advanced'] : '' ) .
-				( ! empty( $extra['action'] ) ? $extra['action'] : '' ) . '" method="GET">';
+				( ! empty( $extra['action'] ) ? $extra['action'] : '' )  ) . '" method="GET">';
 
 			echo '<table class="width-100p col1-align-right" id="general_table">';
 
@@ -158,8 +158,8 @@ if ( empty( $_REQUEST['search_modfunc'] ) )
 
 			PopTable( 'header', _( 'Search' ) );
 
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=' . $_REQUEST['modfunc'] .
-				'&search_modfunc=list&next_modname=' . $_REQUEST['next_modname'] . $extra['action'] . '" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=' . $_REQUEST['modfunc'] .
+				'&search_modfunc=list&next_modname=' . $_REQUEST['next_modname'] . $extra['action']  ) . '" method="POST">';
 			echo '<table>';
 
 			if ( $extra['search'] )
diff --git a/modules/Students/StudentLabels.php b/modules/Students/StudentLabels.php
index ac37e220..bc211d92 100644
--- a/modules/Students/StudentLabels.php
+++ b/modules/Students/StudentLabels.php
@@ -50,7 +50,7 @@ if ( ! $_REQUEST['modfunc'] )
 
 	if ( $_REQUEST['search_modfunc'] === 'list' )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' .
+		$action = 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' .
 			( empty( $_REQUEST['include_inactive'] ) ?
 				'' :
 				'&include_inactive=' . $_REQUEST['include_inactive'] ) .
@@ -65,7 +65,9 @@ if ( ! $_REQUEST['modfunc'] )
 					'' :
 					'&w_course_period_id=' . $_REQUEST['w_course_period_id'] ) :
 				'' ) .
-			'&_ROSARIO_PDF=true" method="POST">';
+			'&_ROSARIO_PDF=true';
+
+		echo '<form action="' . URLEscape( $action ) . '" method="POST">';
 
 		$extra['header_right'] = Buttons( _( 'Create Labels for Selected Students' ) );
 
diff --git a/modules/Users/AddStudents.php b/modules/Users/AddStudents.php
index 191f41e6..f23a1cd9 100644
--- a/modules/Users/AddStudents.php
+++ b/modules/Users/AddStudents.php
@@ -94,7 +94,7 @@ if ( ! $_REQUEST['modfunc'] )
 	{
 		if ( $_REQUEST['search_modfunc'] === 'list' )
 		{
-			echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save" method="POST">';
+			echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=save' ) . '" method="POST">';
 			DrawHeader( '', SubmitButton( _( 'Add Selected Students' ) ) );
 		}
 
diff --git a/modules/Users/Exceptions.php b/modules/Users/Exceptions.php
index 375caa54..2c6eca6e 100644
--- a/modules/Users/Exceptions.php
+++ b/modules/Users/Exceptions.php
@@ -159,7 +159,7 @@ if ( UserStaffID()
 
 	if ( ! $staff_RET[1]['PROFILE_ID'] )
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update' ) . '" method="POST">';
 		DrawHeader( _( 'Select the programs with which this user can use and save information.' ), SubmitButton() );
 		echo '<br />';
 		PopTable( 'header', _( 'Permissions' ) );
diff --git a/modules/Users/Preferences.php b/modules/Users/Preferences.php
index 49cad459..b23e85f3 100644
--- a/modules/Users/Preferences.php
+++ b/modules/Users/Preferences.php
@@ -122,7 +122,7 @@ if ( ! $_REQUEST['modfunc'] )
 		$_REQUEST['tab'] = 'password';
 	}
 
-	echo Form( 'Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] );
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&tab=' . $_REQUEST['tab'] ) . '" method="POST">';
 
 	DrawHeader( '', Buttons( _( 'Save' ) ) );
 
diff --git a/modules/Users/Profiles.php b/modules/Users/Profiles.php
index c84faf77..54c6794c 100644
--- a/modules/Users/Profiles.php
+++ b/modules/Users/Profiles.php
@@ -251,7 +251,7 @@ if ( $_REQUEST['modfunc']
 
 if ( $_REQUEST['modfunc'] != 'delete' )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&profile_id=' . $_REQUEST['profile_id'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update&profile_id=' . $_REQUEST['profile_id']  ) . '" method="POST">';
 	DrawHeader( _( 'Select the programs that users of this profile can use and which programs those users can use to save information.' ), SubmitButton() );
 	echo '<br />';
 	echo '<table><tr class="st"><td class="valign-top">';
diff --git a/modules/Users/Search.inc.php b/modules/Users/Search.inc.php
index eb8ab23c..dee78d94 100644
--- a/modules/Users/Search.inc.php
+++ b/modules/Users/Search.inc.php
@@ -30,11 +30,11 @@ if ( empty( $_REQUEST['search_modfunc'] ) )
 				! empty( $extra['search_title'] ) ? $extra['search_title'] : _( 'Find a User' )
 			);
 
-			echo '<form name="search" id="search" action="Modules.php?modname=' . $_REQUEST['modname'] .
+			echo '<form name="search" id="search" action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
 				'&modfunc=' . $_REQUEST['modfunc'] .
 				'&search_modfunc=list&next_modname=' . $_REQUEST['next_modname'] .
 				'&advanced=' . issetVal( $_REQUEST['advanced'], '' ) .
-				issetVal( $extra['action'], '' ) . '" method="GET">';
+				issetVal( $extra['action'], '' )  ) . '" method="GET">';
 
 			echo '<table class="width-100p col1-align-right" id="general_table">';
 
diff --git a/modules/Users/TeacherPrograms.php b/modules/Users/TeacherPrograms.php
index a920428d..d44bb729 100644
--- a/modules/Users/TeacherPrograms.php
+++ b/modules/Users/TeacherPrograms.php
@@ -35,7 +35,7 @@ Search( 'staff_id', $extra );
 
 if ( UserStaffID() )
 {
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname']  ) . '" method="POST">';
 
 	// FJ multiple school periods for a course period
 	//$QI = DBQuery("SELECT cp.PERIOD_ID,cp.COURSE_PERIOD_ID,sp.TITLE,sp.SHORT_NAME,cp.MARKING_PERIOD_ID,cp.DAYS,c.TITLE AS COURSE_TITLE FROM COURSE_PERIODS cp,SCHOOL_PERIODS sp,COURSES c WHERE c.COURSE_ID=cp.COURSE_ID AND cp.PERIOD_ID=sp.PERIOD_ID AND cp.SYEAR='".UserSyear()."' AND cp.SCHOOL_ID='".UserSchool()."' AND cp.TEACHER_ID='".UserStaffID()."' AND cp.MARKING_PERIOD_ID IN (".GetAllMP('QTR',UserMP()).") ORDER BY sp.SORT_ORDER");
diff --git a/plugins/Moodle/config.inc.php b/plugins/Moodle/config.inc.php
index a854ffaf..4c8e987a 100644
--- a/plugins/Moodle/config.inc.php
+++ b/plugins/Moodle/config.inc.php
@@ -130,8 +130,8 @@ if ( ! empty( $_REQUEST['import_users'] ) )
 	}
 	else
 	{
-		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-			'&tab=plugins&modfunc=config&plugin=Moodle&import_users=true" method="POST" class="import-users-form">';
+		echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+			'&tab=plugins&modfunc=config&plugin=Moodle&import_users=true' ) . '" method="POST" class="import-users-form">';
 
 		DrawHeader(
 			'',
@@ -202,8 +202,8 @@ if ( empty( $_REQUEST['save'] )
 		ErrorMessage( $error, 'fatal' );
 	}
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-		'&tab=plugins&modfunc=config&plugin=Moodle&save=true" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+		'&tab=plugins&modfunc=config&plugin=Moodle&save=true' ) . '" method="POST">';
 
 	DrawHeader( '', SubmitButton() );
 
@@ -275,8 +275,8 @@ if ( empty( $_REQUEST['save'] )
 
 	echo '</div></form>';
 
-	echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] .
-		'&tab=plugins&modfunc=config&plugin=Moodle&import_users=true" method="POST">';
+	echo '<form action="' . URLEscape( 'Modules.php?modname=' . $_REQUEST['modname'] .
+		'&tab=plugins&modfunc=config&plugin=Moodle&import_users=true' ) . '" method="POST">';
 
 	echo '<br /><div class="center">';
 
-- 
GitLab