diff --git a/modules/Admissions/admissions_manage_editProcess.php b/modules/Admissions/admissions_manage_editProcess.php
index 0b51ccd48d..2d5534ef1c 100644
--- a/modules/Admissions/admissions_manage_editProcess.php
+++ b/modules/Admissions/admissions_manage_editProcess.php
@@ -20,10 +20,13 @@
*/
use Gibbon\Http\Url;
+use Gibbon\Data\Validator;
use Gibbon\Domain\Admissions\AdmissionsAccountGateway;
require_once '../../gibbon.php';
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
$gibbonAdmissionsAccountID = $_POST['gibbonAdmissionsAccountID'] ?? '';
$search = $_POST['search'] ?? '';
diff --git a/modules/Admissions/applicationFormSelectProcess.php b/modules/Admissions/applicationFormSelectProcess.php
index a263cdfe7a..93be85e24c 100644
--- a/modules/Admissions/applicationFormSelectProcess.php
+++ b/modules/Admissions/applicationFormSelectProcess.php
@@ -20,6 +20,7 @@
*/
use Gibbon\Http\Url;
+use Gibbon\Data\Validator;
use Gibbon\Services\Format;
use Gibbon\Comms\EmailTemplate;
use Gibbon\Contracts\Comms\Mailer;
@@ -27,6 +28,8 @@
require_once '../../gibbon.php';
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
$gibbonFormID = $_POST['gibbonFormID'] ?? '';
$email = $_POST['admissionsLoginEmail'] ?? '';
diff --git a/modules/Admissions/applicationFormViewProcess.php b/modules/Admissions/applicationFormViewProcess.php
index 8f61362b78..03ef245b6d 100644
--- a/modules/Admissions/applicationFormViewProcess.php
+++ b/modules/Admissions/applicationFormViewProcess.php
@@ -20,12 +20,14 @@
*/
use Gibbon\Http\Url;
+use Gibbon\Data\Validator;
use Gibbon\Domain\User\UserGateway;
use Gibbon\Domain\Admissions\AdmissionsAccountGateway;
-use Gibbon\Domain\User\FamilyGateway;
require_once '../../gibbon.php';
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
$gibbonPersonID = $session->get('gibbonPersonID');
$URL = Url::fromModuleRoute('Admissions', 'applicationFormView');
diff --git a/modules/Departments/department_editProcess.php b/modules/Departments/department_editProcess.php
index 9e6cd27e46..5da7308688 100644
--- a/modules/Departments/department_editProcess.php
+++ b/modules/Departments/department_editProcess.php
@@ -22,7 +22,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['blurb' => 'HTML']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['blurb' => 'HTML', 'url*' => 'URL']);
//Module includes
include './moduleFunctions.php';
diff --git a/modules/Library/library_manage_catalog_addProcess.php b/modules/Library/library_manage_catalog_addProcess.php
index f8cf58bcca..6e39cd317e 100644
--- a/modules/Library/library_manage_catalog_addProcess.php
+++ b/modules/Library/library_manage_catalog_addProcess.php
@@ -24,7 +24,7 @@
include '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['imageLink' => 'URL', 'fieldLink' => 'URL']);
include './moduleFunctions.php';
diff --git a/modules/Library/library_manage_catalog_editProcess.php b/modules/Library/library_manage_catalog_editProcess.php
index 5fa68af149..8bf04501e0 100644
--- a/modules/Library/library_manage_catalog_editProcess.php
+++ b/modules/Library/library_manage_catalog_editProcess.php
@@ -26,7 +26,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['imageLink' => 'URL', 'fieldLink' => 'URL']);
include './moduleFunctions.php';
diff --git a/modules/Planner/planner_view_full_submitProcess.php b/modules/Planner/planner_view_full_submitProcess.php
index 1b3a681b66..23d206b7eb 100644
--- a/modules/Planner/planner_view_full_submitProcess.php
+++ b/modules/Planner/planner_view_full_submitProcess.php
@@ -23,7 +23,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['link' => 'URL']);
//Module includes
include './moduleFunctions.php';
diff --git a/modules/Planner/planner_view_full_submit_editProcess.php b/modules/Planner/planner_view_full_submit_editProcess.php
index ba00d4d8ea..bd7dcff29a 100644
--- a/modules/Planner/planner_view_full_submit_editProcess.php
+++ b/modules/Planner/planner_view_full_submit_editProcess.php
@@ -23,7 +23,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['link' => 'URL']);
//Module includes
include './moduleFunctions.php';
diff --git a/modules/Planner/resources_add_ajaxProcess.php b/modules/Planner/resources_add_ajaxProcess.php
index eb9523ded1..5197db967c 100644
--- a/modules/Planner/resources_add_ajaxProcess.php
+++ b/modules/Planner/resources_add_ajaxProcess.php
@@ -22,7 +22,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['*link' => 'URL']);
$time = time();
diff --git a/modules/Planner/resources_manage_addProcess.php b/modules/Planner/resources_manage_addProcess.php
index 6d980a5fb8..d6ed3ed787 100644
--- a/modules/Planner/resources_manage_addProcess.php
+++ b/modules/Planner/resources_manage_addProcess.php
@@ -22,7 +22,7 @@
include '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['html' => 'HTML']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['html' => 'HTML', 'link' => 'URL']);
$URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/resources_manage_add.php&search='.$_GET['search'];
$time = time();
diff --git a/modules/Planner/resources_manage_editProcess.php b/modules/Planner/resources_manage_editProcess.php
index 369f27021e..80d520d062 100644
--- a/modules/Planner/resources_manage_editProcess.php
+++ b/modules/Planner/resources_manage_editProcess.php
@@ -22,7 +22,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['html' => 'HTML']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['html' => 'HTML', 'link' => 'URL']);
$gibbonResourceID = $_GET['gibbonResourceID'] ?? '';
$URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address'])."/resources_manage_edit.php&gibbonResourceID=$gibbonResourceID&search=".$_GET['search'];
diff --git a/modules/School Admin/behaviourSettingsProcess.php b/modules/School Admin/behaviourSettingsProcess.php
index 9f206a90f4..4ef53b61d0 100644
--- a/modules/School Admin/behaviourSettingsProcess.php
+++ b/modules/School Admin/behaviourSettingsProcess.php
@@ -22,7 +22,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['policyLink' => 'URL']);
$URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/behaviourSettings.php';
diff --git a/modules/School Admin/formGroup_manage_addProcess.php b/modules/School Admin/formGroup_manage_addProcess.php
index c4c0d85b37..6839ca8bf8 100644
--- a/modules/School Admin/formGroup_manage_addProcess.php
+++ b/modules/School Admin/formGroup_manage_addProcess.php
@@ -22,7 +22,7 @@
include '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['website' => 'URL']);
$gibbonSchoolYearID = $_POST['gibbonSchoolYearID'] ?? '';
$URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address'])."/formGroup_manage_add.php&gibbonSchoolYearID=$gibbonSchoolYearID";
diff --git a/modules/School Admin/formGroup_manage_editProcess.php b/modules/School Admin/formGroup_manage_editProcess.php
index a05cafa1dd..f998d03a08 100644
--- a/modules/School Admin/formGroup_manage_editProcess.php
+++ b/modules/School Admin/formGroup_manage_editProcess.php
@@ -22,7 +22,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['website' => 'URL']);
$gibbonSchoolYearID = $_POST['gibbonSchoolYearID'] ?? '';
$gibbonFormGroupID = $_GET['gibbonFormGroupID'] ?? '';
diff --git a/modules/Staff/coverage_view_editProcess.php b/modules/Staff/coverage_view_editProcess.php
index 89ac6feac2..0fa2ec3aba 100644
--- a/modules/Staff/coverage_view_editProcess.php
+++ b/modules/Staff/coverage_view_editProcess.php
@@ -25,7 +25,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['text' => 'HTML']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['text' => 'HTML', 'link' => 'URL']);
$gibbonStaffCoverageID = $_POST['gibbonStaffCoverageID'] ?? '';
diff --git a/modules/System Admin/formBuilder_addProcess.php b/modules/System Admin/formBuilder_addProcess.php
index a8bdf3323d..ffc02e4cef 100644
--- a/modules/System Admin/formBuilder_addProcess.php
+++ b/modules/System Admin/formBuilder_addProcess.php
@@ -19,10 +19,13 @@
along with this program. If not, see .
*/
+use Gibbon\Data\Validator;
use Gibbon\Domain\Forms\FormGateway;
require_once '../../gibbon.php';
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
$search = $_GET['search'] ?? '';
$URL = $session->get('absoluteURL').'/index.php?q=/modules/System Admin/formBuilder_add.php&search='.$search;
diff --git a/modules/System Admin/formBuilder_editConfigProcess.php b/modules/System Admin/formBuilder_editConfigProcess.php
index ed05a0b451..386adafc19 100644
--- a/modules/System Admin/formBuilder_editConfigProcess.php
+++ b/modules/System Admin/formBuilder_editConfigProcess.php
@@ -19,10 +19,13 @@
along with this program. If not, see .
*/
+use Gibbon\Data\Validator;
use Gibbon\Domain\Forms\FormGateway;
require_once '../../gibbon.php';
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['studentDefaultWebsite' => 'URL', 'applicationRefereeLink' => 'URL']);
+
$gibbonFormID = $_POST['gibbonFormID'] ?? '';
$URL = $session->get('absoluteURL').'/index.php?q=/modules/System Admin/formBuilder_edit.php&gibbonFormID='.$gibbonFormID;
diff --git a/modules/System Admin/formBuilder_editProcess.php b/modules/System Admin/formBuilder_editProcess.php
index 80a59f3f8a..2af3e2049b 100644
--- a/modules/System Admin/formBuilder_editProcess.php
+++ b/modules/System Admin/formBuilder_editProcess.php
@@ -19,10 +19,13 @@
along with this program. If not, see .
*/
+use Gibbon\Data\Validator;
use Gibbon\Domain\Forms\FormGateway;
require_once '../../gibbon.php';
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
$gibbonFormID = $_POST['gibbonFormID'] ?? '';
$URL = $session->get('absoluteURL').'/index.php?q=/modules/System Admin/formBuilder_edit.php&gibbonFormID='.$gibbonFormID;
diff --git a/modules/System Admin/formBuilder_page_addProcess.php b/modules/System Admin/formBuilder_page_addProcess.php
index 0668e09857..0b653a61e6 100644
--- a/modules/System Admin/formBuilder_page_addProcess.php
+++ b/modules/System Admin/formBuilder_page_addProcess.php
@@ -20,9 +20,12 @@
*/
use Gibbon\Domain\Forms\FormPageGateway;
+use Gibbon\Data\Validator;
require_once '../../gibbon.php';
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['introduction' => 'HTML', 'postscript' => 'HTML']);
+
$gibbonFormID = $_POST['gibbonFormID'] ?? '';
$redirect = $_POST['redirect'] ?? '';
diff --git a/modules/System Admin/formBuilder_page_editProcess.php b/modules/System Admin/formBuilder_page_editProcess.php
index 7896e365cd..e3de6d95a1 100644
--- a/modules/System Admin/formBuilder_page_editProcess.php
+++ b/modules/System Admin/formBuilder_page_editProcess.php
@@ -20,9 +20,12 @@
*/
use Gibbon\Domain\Forms\FormPageGateway;
+use Gibbon\Data\Validator;
require_once '../../gibbon.php';
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['introduction' => 'HTML', 'postscript' => 'HTML']);
+
$gibbonFormID = $_POST['gibbonFormID'] ?? '';
$gibbonFormPageID = $_POST['gibbonFormPageID'] ?? '';
diff --git a/modules/System Admin/formBuilder_page_edit_field_addProcess.php b/modules/System Admin/formBuilder_page_edit_field_addProcess.php
index c669ac6f9d..97d07dddb0 100644
--- a/modules/System Admin/formBuilder_page_edit_field_addProcess.php
+++ b/modules/System Admin/formBuilder_page_edit_field_addProcess.php
@@ -21,9 +21,12 @@
use Gibbon\Domain\Forms\FormFieldGateway;
use Gibbon\Forms\Builder\FormBuilder;
+use Gibbon\Data\Validator;
require_once '../../gibbon.php';
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
$urlParams = [
'gibbonFormID' => $_POST['gibbonFormID'] ?? '',
'gibbonFormPageID' => $_POST['gibbonFormPageID'] ?? '',
diff --git a/modules/System Admin/formBuilder_page_edit_field_editProcess.php b/modules/System Admin/formBuilder_page_edit_field_editProcess.php
index d7feee801b..1ed529152d 100644
--- a/modules/System Admin/formBuilder_page_edit_field_editProcess.php
+++ b/modules/System Admin/formBuilder_page_edit_field_editProcess.php
@@ -20,9 +20,12 @@
*/
use Gibbon\Domain\Forms\FormFieldGateway;
+use Gibbon\Data\Validator;
require_once '../../gibbon.php';
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
$urlParams = [
'gibbonFormID' => $_REQUEST['gibbonFormID'] ?? '',
'gibbonFormPageID' => $_REQUEST['gibbonFormPageID'] ?? '',
diff --git a/modules/System Admin/systemSettingsProcess.php b/modules/System Admin/systemSettingsProcess.php
index 701fc6a03b..48408a0d9d 100644
--- a/modules/System Admin/systemSettingsProcess.php
+++ b/modules/System Admin/systemSettingsProcess.php
@@ -25,7 +25,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['indexText' => 'HTML', 'analytics' => 'RAW']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['indexText' => 'HTML', 'analytics' => 'RAW', 'emailLink' => 'URL', 'webLink' => 'URL']);
include '../../config.php';
// Module includes
diff --git a/modules/System Admin/thirdPartySettings_ssoEditProcess.php b/modules/System Admin/thirdPartySettings_ssoEditProcess.php
index 273eba03cb..ef2ecf0f8a 100644
--- a/modules/System Admin/thirdPartySettings_ssoEditProcess.php
+++ b/modules/System Admin/thirdPartySettings_ssoEditProcess.php
@@ -24,7 +24,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['authorizeEndpoint' => 'URL', 'tokenEndpoint' => 'URL', 'userEndpoint' => 'URL']);
$sso = $_POST['sso'] ?? '';
diff --git a/modules/User Admin/applicationFormSettingsProcess.php b/modules/User Admin/applicationFormSettingsProcess.php
index d1f18c27d5..54add3d337 100644
--- a/modules/User Admin/applicationFormSettingsProcess.php
+++ b/modules/User Admin/applicationFormSettingsProcess.php
@@ -24,7 +24,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['introduction' => 'HTML', 'postscript' => 'HTML']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['introduction' => 'HTML', 'postscript' => 'HTML', 'applicationFormRefereeLink' => 'URL', 'studentDefaultWebsite' => 'URL']);
$URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/applicationFormSettings.php';
diff --git a/modules/User Admin/staffApplicationFormSettingsProcess.php b/modules/User Admin/staffApplicationFormSettingsProcess.php
index b0782aafdd..c8dc9b1b13 100644
--- a/modules/User Admin/staffApplicationFormSettingsProcess.php
+++ b/modules/User Admin/staffApplicationFormSettingsProcess.php
@@ -22,7 +22,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['staffApplicationFormIntroduction' => 'HTML', 'staffApplicationFormQuestions' => 'HTML', 'staffApplicationFormPostscript' => 'HTML', 'staffApplicationFormAgreement' => 'HTML', 'staffApplicationFormRequiredDocumentsText' => 'HTML', 'staffApplicationFormNotificationMessage' => 'HTML']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['staffApplicationFormIntroduction' => 'HTML', 'staffApplicationFormQuestions' => 'HTML', 'staffApplicationFormPostscript' => 'HTML', 'staffApplicationFormAgreement' => 'HTML', 'staffApplicationFormRequiredDocumentsText' => 'HTML', 'staffApplicationFormNotificationMessage' => 'HTML', 'refereeLinks' => 'URL']);
$URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/staffApplicationFormSettings.php';
diff --git a/modules/User Admin/user_manage_addProcess.php b/modules/User Admin/user_manage_addProcess.php
index a21cb49295..88bb889094 100644
--- a/modules/User Admin/user_manage_addProcess.php
+++ b/modules/User Admin/user_manage_addProcess.php
@@ -30,7 +30,7 @@
include '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['website' => 'URL']);
$URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/user_manage_add.php&search='.$_GET['search'];
diff --git a/modules/User Admin/user_manage_editProcess.php b/modules/User Admin/user_manage_editProcess.php
index 6d83ca6b0c..8f4603c29a 100644
--- a/modules/User Admin/user_manage_editProcess.php
+++ b/modules/User Admin/user_manage_editProcess.php
@@ -30,7 +30,7 @@
require_once '../../gibbon.php';
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['website' => 'URL']);
//Module includes
include './moduleFunctions.php';
diff --git a/preferencesProcess.php b/preferencesProcess.php
index 09f9785ed9..5c33ae293b 100644
--- a/preferencesProcess.php
+++ b/preferencesProcess.php
@@ -26,7 +26,7 @@
// Sanitize the whole $_POST array
$validator = $container->get(Validator::class);
-$_POST = $validator->sanitize($_POST);
+$_POST = $validator->sanitize($_POST, ['personalBackground' => 'URL']);
$calendarFeedPersonal = $_POST['calendarFeedPersonal'] ?? '';
$personalBackground = $_POST['personalBackground'] ?? '';