diff --git a/feed.php b/feed.php
index 3688accc1..4ac1f31b7 100644
--- a/feed.php
+++ b/feed.php
@@ -16,17 +16,18 @@ $user->session_start(['req_login' => true]);
 
 $mode = $_REQUEST['mode'] ?? '';
 $type = $_POST['type'] ?? '';
-$id = $_POST['id'] ?? 0;
+$id = isset($_POST['id']) ? (int)$_POST['id'] : 0;
 $timecheck = TIMENOW - 600;
 
 if (!$mode) {
     bb_simple_die($lang['ATOM_NO_MODE']);
 }
 
-if ($mode == 'get_feed_url' && ($type == 'f' || $type == 'u') && $id >= 0) {
+if ($mode === 'get_feed_url' && ($type === 'f' || $type === 'u') && $id >= 0) {
     if ($type == 'f') {
         // Check if the user has actually sent a forum ID
         $sql = "SELECT allow_reg_tracker, forum_name FROM " . BB_FORUMS . " WHERE forum_id = $id LIMIT 1";
+        //DIE($sql);
         if (!$forum_data = DB()->fetch_row($sql)) {
             if ($id == 0) {
                 $forum_data = [];
@@ -44,7 +45,7 @@ if ($mode == 'get_feed_url' && ($type == 'f' || $type == 'u') && $id >= 0) {
             }
         }
     }
-    if ($type == 'u') {
+    if ($type === 'u') {
         // Check if the user has actually sent a user ID
         if ($id < 1) {
             bb_simple_die($lang['ATOM_ERROR'] . ' #2');
diff --git a/info.php b/info.php
index 426bb5447..45adc9645 100644
--- a/info.php
+++ b/info.php
@@ -18,7 +18,7 @@ global $lang;
 
 $info = [];
 $html_dir = LANG_DIR . 'html/';
-$req_mode = (string)$_REQUEST['show'];
+$req_mode = (string)($_REQUEST['show'] ?? '');
 
 switch ($req_mode) {
     case 'advert':
diff --git a/library/includes/functions.php b/library/includes/functions.php
index f70ff74fb..badca93c1 100644
--- a/library/includes/functions.php
+++ b/library/includes/functions.php
@@ -2062,7 +2062,7 @@ function hash_search($hash)
     $hash = htmlCHR(trim($hash));
     $info_hash_where = null;
 
-    if (!isset($hash)) {
+    if (!isset($hash) || !ctype_xdigit($hash)) {
         bb_die(sprintf($lang['HASH_INVALID'], $hash));
     }
 
diff --git a/privmsg.php b/privmsg.php
index d876a6254..175b9286a 100644
--- a/privmsg.php
+++ b/privmsg.php
@@ -40,7 +40,7 @@ $confirmed = (isset($_POST['confirm'])) ? true : 0;
 $delete = (isset($_POST['delete'])) ? true : 0;
 $delete_all = (isset($_POST['deleteall'])) ? true : 0;
 $save = (isset($_POST['save'])) ? true : 0;
-$mode = isset($_REQUEST['mode']) ? (string)$_REQUEST['mode'] : '';
+$mode = isset($_REQUEST['mode']) ? htmlCHR($_REQUEST['mode']) : '';
 
 $refresh = $preview || $submit_search;