diff --git a/app/provision_editor/fileread.php b/app/provision_editor/fileread.php
index 3885abaded..46e74805a4 100644
--- a/app/provision_editor/fileread.php
+++ b/app/provision_editor/fileread.php
@@ -25,6 +25,7 @@
 */
 include "root.php";
 require_once "includes/require.php";
+require_once "includes/checkauth.php";
 if (permission_exists('xml_editor_view')) {
 	//access granted
 }
@@ -33,7 +34,7 @@ else {
 	exit;
 }
 
-$filename = $_POST["file"];
+$filename = check_str($_POST["file"]);
 $filename = str_replace ("\\", "/", $filename);
 
 $handle = fopen($filename, "r");
diff --git a/app/xml_edit/fileread.php b/app/xml_edit/fileread.php
index 3885abaded..46e74805a4 100644
--- a/app/xml_edit/fileread.php
+++ b/app/xml_edit/fileread.php
@@ -25,6 +25,7 @@
 */
 include "root.php";
 require_once "includes/require.php";
+require_once "includes/checkauth.php";
 if (permission_exists('xml_editor_view')) {
 	//access granted
 }
@@ -33,7 +34,7 @@ else {
 	exit;
 }
 
-$filename = $_POST["file"];
+$filename = check_str($_POST["file"]);
 $filename = str_replace ("\\", "/", $filename);
 
 $handle = fopen($filename, "r");
diff --git a/includes/install/scripts/call_flow_monitor.lua b/includes/install/scripts/call_flow_monitor.lua
index 3f1da3dfca..380795ff22 100644
--- a/includes/install/scripts/call_flow_monitor.lua
+++ b/includes/install/scripts/call_flow_monitor.lua
@@ -25,7 +25,11 @@
 --	POSSIBILITY OF SUCH DAMAGE.
 
 --set the time between loops in seconds
-	sleep = 500;
+	sleep = 300;
+
+--set the debug level
+	debug["log"] = false;
+	debug["sql"] = false;
 
 --include the lua script
 	scripts_dir = string.sub(debug.getinfo(1).source,2,string.len(debug.getinfo(1).source)-(string.len(argv[0])+1));
@@ -74,8 +78,10 @@
 			sql = [[select d.domain_name, f.call_flow_uuid, f.call_flow_extension, f.call_flow_feature_code, f.call_flow_status, f.call_flow_label, f.call_flow_anti_label
 			from v_call_flows as f, v_domains as d 
 			where f.domain_uuid = d.domain_uuid]]
-			--and call_flow_enabled = 'true' 
-			--freeswitch.consoleLog("notice", "SQL:" .. sql .. "\n");
+			--and call_flow_enabled = 'true'
+			if (debug["sql"]) then
+				freeswitch.consoleLog("notice", "SQL:" .. sql .. "\n");
+			end
 			x = 0;
 			dbh:query(sql, function(row)
 				domain_name = row.domain_name;
@@ -103,7 +109,9 @@
 						event:addHeader("answer-state", "terminated");
 						event:fire();
 					--show in the console
-						freeswitch.consoleLog("notice", "Call Flow: label="..call_flow_label..",status=true,uuid="..call_flow_uuid.."\n");
+						if (debug["log"]) then
+							freeswitch.consoleLog("notice", "Call Flow: label="..call_flow_label..",status=true,uuid="..call_flow_uuid.."\n");
+						end
 				else
 					--set presence in - turn lamp on
 						event = freeswitch.Event("PRESENCE_IN");
@@ -120,7 +128,9 @@
 						event:addHeader("answer-state", "confirmed");
 						event:fire();
 					--show in the console
-						freeswitch.consoleLog("notice", "Call Flow: label="..call_flow_anti_label..",status=false,uuid="..call_flow_uuid.."\n");
+						if (debug["log"]) then
+							freeswitch.consoleLog("notice", "Call Flow: label="..call_flow_anti_label..",status=false,uuid="..call_flow_uuid.."\n");
+						end
 				end
 			end);
 
@@ -131,4 +141,4 @@
 
 		--sleep a moment to prevent using unecessary resources
 			freeswitch.msleep(sleep*1000);
-	end
+	end
\ No newline at end of file