diff --git a/app/calls/v_call_edit.php b/app/calls/v_call_edit.php
index 61322896e0..0b86698678 100644
--- a/app/calls/v_call_edit.php
+++ b/app/calls/v_call_edit.php
@@ -56,8 +56,7 @@ function destination_select($select_name, $select_value, $select_default) {
 	$extension_uuid = $_REQUEST["id"];
 
 //get the extension number
-	$sql = "";
-	$sql .= "select * from v_extensions ";
+	$sql = "select * from v_extensions ";
 	$sql .= "where domain_uuid = '$domain_uuid' ";
 	$sql .= "and extension_uuid = '$extension_uuid' ";
 	if (!(if_group("admin") || if_group("superadmin"))) {
@@ -91,9 +90,15 @@ function destination_select($select_name, $select_value, $select_default) {
 			$effective_caller_id_number = $row["effective_caller_id_number"];
 			$outbound_caller_id_name = $row["outbound_caller_id_name"];
 			$outbound_caller_id_number = $row["outbound_caller_id_number"];
+			$do_not_disturb = $row["do_not_disturb"];
+			$call_forward_all = $row["call_forward_all"];
+			$call_forward_busy = $row["call_forward_busy"];
 			$description = $row["description"];
 			break; //limit to 1 row
 		}
+		if (strlen($do_not_disturb) == 0) {
+			$do_not_disturb = "false";
+		}
 	}
 	unset ($prep_statement);
 
@@ -217,7 +222,6 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 
 	//set the default action to add
 		$call_forward_action = "add";
-		$dnd_action = "add";
 		$follow_me_action = "add";
 
 	//get the hunt group timeout
@@ -278,10 +282,6 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 				$follow_me_action = "update";
 				$follow_me_uuid = $row["hunt_group_uuid"];
 			}
-			if ($row["hunt_group_type"] == 'dnd') {
-				$dnd_action = "update";
-				$dnd_uuid = $row["hunt_group_uuid"];
-			}
 		}
 		unset ($prep_statement);
 
@@ -309,6 +309,12 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 				$call_forward->call_forward_update();
 			}
 			unset($call_forward);
+
+			//synchronize the xml config
+				save_hunt_group_xml();
+
+			//synchronize the xml config
+				save_dialplan_xml();
 		}
 
 	//follow me config
@@ -353,6 +359,12 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 				$follow_me->follow_me_update();
 			}
 			unset($follow_me);
+
+			//synchronize the xml config
+				save_hunt_group_xml();
+
+			//synchronize the xml config
+				save_dialplan_xml();
 		}
 
 	//do not disturb (dnd) config
@@ -361,27 +373,12 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 			$dnd->domain_uuid = $_SESSION['domain_uuid'];
 			$dnd->domain_name = $_SESSION['domain_name'];
 			$dnd->extension = $extension;
-			$dnd->dnd_enabled = $dnd_enabled;
-			if ($dnd_enabled == "true") {
-				if ($dnd_action == "add") {
-					$dnd->dnd_uuid = uuid();
-					$dnd->dnd_add();
-				}
-			}
-			if ($dnd_action == "update") {
-				$dnd->dnd_uuid = $dnd_uuid;
-				$dnd->dnd_update();
-			}
-			$dnd->dnd_status();
+			$dnd->enabled = $dnd_enabled;
+			$dnd->set();
+			$dnd->user_status();
 			unset($dnd);
 		}
 
-	//synchronize the xml config
-		save_hunt_group_xml();
-
-	//synchronize the xml config
-		save_dialplan_xml();
-
 	//redirect the user
 		require_once "includes/header.php";
 		echo "<meta http-equiv=\"refresh\" content=\"3;url=".PROJECT_PATH."/app/calls/v_calls.php\">\n";
@@ -432,9 +429,6 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 			$follow_me_enabled = $hunt_group_enabled;
 			$follow_me_type = 'follow_me_sequence';
 		}
-		if ($row["hunt_group_type"] == 'dnd') {
-			$dnd_enabled = $hunt_group_enabled;
-		}
 
 		if ($row["hunt_group_type"] == 'call_forward' || $row["hunt_group_type"] == 'follow_me_sequence' || $row["hunt_group_type"] == 'follow_me_simultaneous') {
 			$sql = "select * from v_hunt_group_destinations ";
@@ -479,6 +473,12 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	}
 	unset ($prep_statement);
 
+//set the default
+	if (!isset($dnd_enabled)) {
+		//set the value from the database
+		$dnd_enabled = $do_not_disturb;
+	}
+
 //show the content
 	echo "<div align='center'>";
 	echo "<table width='100%' border='0' cellpadding='0' cellspacing=''>\n";
diff --git a/app/calls_active/v_calls_exec.php b/app/calls_active/v_calls_exec.php
index 0bdf087ab2..1c3d064aa2 100644
--- a/app/calls_active/v_calls_exec.php
+++ b/app/calls_active/v_calls_exec.php
@@ -47,10 +47,10 @@ else {
 
 //http get variables set to php variables
 	if (count($_GET)>0) {
-		$switch_cmd = trim($_GET["cmd"]);
-		$action = trim($_GET["action"]);
-		$data = trim($_GET["data"]);
-		$direction = trim($_GET["direction"]);
+		$switch_cmd = trim(check_str($_GET["cmd"]));
+		$action = trim(check_str($_GET["action"]));
+		$data = trim(check_str($_GET["data"]));
+		$direction = trim(check_str($_GET["direction"]));
 		$username = $_SESSION['username'];
 	}
 
@@ -73,7 +73,6 @@ else {
 		exit;
 	}
 
-
 if (count($_GET)>0) {
 
 	//setup the event socket connection
diff --git a/app/click_to_call/app_config.php b/app/click_to_call/app_config.php
index 9812e0f72f..f32f1427dc 100644
--- a/app/click_to_call/app_config.php
+++ b/app/click_to_call/app_config.php
@@ -10,11 +10,11 @@
 		$apps[$x]['description']['en'] = 'Originate calls with a URL.';
 
 	//menu details
-		$apps[$x]['menu'][0]['title']['en'] = 'Click to Call';
-		$apps[$x]['menu'][0]['uuid'] = 'f862556f-9ddd-2697-fdf4-bed08ec63aa5';
-		$apps[$x]['menu'][0]['parent_uuid'] = 'fd29e39c-c936-f5fc-8e2b-611681b266b5';
-		$apps[$x]['menu'][0]['category'] = 'internal';
-		$apps[$x]['menu'][0]['path'] = '/app/click_to_call/click_to_call.php';
+		//$apps[$x]['menu'][0]['title']['en'] = 'Click to Call';
+		//$apps[$x]['menu'][0]['uuid'] = 'f862556f-9ddd-2697-fdf4-bed08ec63aa5';
+		//$apps[$x]['menu'][0]['parent_uuid'] = 'fd29e39c-c936-f5fc-8e2b-611681b266b5';
+		//$apps[$x]['menu'][0]['category'] = 'internal';
+		//$apps[$x]['menu'][0]['path'] = '/app/click_to_call/click_to_call.php';
 		//$apps[$x]['menu'][0]['groups'][] = 'superadmin';
 
 	//permission details
diff --git a/app/click_to_call/click_to_call.php b/app/click_to_call/click_to_call.php
index 3b96cac20b..13591374c5 100644
--- a/app/click_to_call/click_to_call.php
+++ b/app/click_to_call/click_to_call.php
@@ -41,17 +41,17 @@ require_once "includes/header.php";
 
 if (is_array($_REQUEST) && !empty($_REQUEST['src']) && !empty($_REQUEST['dest'])) {
 	//get the http variables and set them as variables
-		$src = $_REQUEST['src'];
-		$dest = $_REQUEST['dest'];
-		$ringback = $_REQUEST['ringback'];
+		$src = check_str($_REQUEST['src']);
+		$dest = check_str($_REQUEST['dest']);
+		$ringback = check_str($_REQUEST['ringback']);
 		$src = str_replace(array('.', '(', ')', '-', ' '), '', $src);
 		$dest = str_replace(array('.', '(', ')', '-', ' '), '', $dest);
-		$src_cid_name = $_REQUEST['src_cid_name'];
-		$src_cid_number = $_REQUEST['src_cid_number'];
-		$dest_cid_name = $_REQUEST['dest_cid_name'];
-		$dest_cid_number = $_REQUEST['dest_cid_number'];
-		$auto_answer = $_REQUEST['auto_answer']; //true,false
-		$rec = $_REQUEST['rec']; //true,false
+		$src_cid_name = check_str($_REQUEST['src_cid_name']);
+		$src_cid_number = check_str($_REQUEST['src_cid_number']);
+		$dest_cid_name = check_str($_REQUEST['dest_cid_name']);
+		$dest_cid_number = check_str($_REQUEST['dest_cid_number']);
+		$auto_answer = check_str($_REQUEST['auto_answer']); //true,false
+		$rec = check_str($_REQUEST['rec']); //true,false
 		if ($auto_answer == "true") {
 			$sip_auto_answer = "sip_auto_answer=true,"; 
 		}
@@ -105,8 +105,7 @@ if (is_array($_REQUEST) && !empty($_REQUEST['src']) && !empty($_REQUEST['dest'])
 			if (strlen($src) < 7) {
 				if (strlen($dest_cid_number) == 0) {
 					//get the caller id from the extension caller id comes from the extension (the source number)
-						$sql = "";
-						$sql .= "select * from v_extensions ";
+						$sql = "select * from v_extensions ";
 						$sql .= "where domain_uuid = '$domain_uuid' ";
 						$sql .= "and extension = '$src' ";
 						$prep_statement = $db->prepare(check_sql($sql));
@@ -360,4 +359,4 @@ if (is_array($_REQUEST) && !empty($_REQUEST['src']) && !empty($_REQUEST['dest'])
 
 //show the footer
 	require_once "includes/footer.php";
-?>
+?>
\ No newline at end of file
diff --git a/app/conferences_active/conference_exec.php b/app/conferences_active/conference_exec.php
index 896f78bda6..41764fcd3d 100644
--- a/app/conferences_active/conference_exec.php
+++ b/app/conferences_active/conference_exec.php
@@ -39,11 +39,11 @@ else {
 
 //get the http values and set them as php variables
 	if (count($_GET)>0) {
-		$cmd = trim($_GET["cmd"]);
-		$name = trim($_GET["name"]);
-		$data = trim($_GET["data"]);
-		$id = trim($_GET["id"]);
-		$direction = trim($_GET["direction"]);
+		$cmd = trim(check_str($_GET["cmd"]));
+		$name = trim(check_str($_GET["name"]));
+		$data = trim(check_str($_GET["data"]));
+		$id = trim(check_str($_GET["id"]));
+		$direction = trim(check_str($_GET["direction"]));
 	}
 
 //authorized commands
diff --git a/app/exec/v_exec.php b/app/exec/v_exec.php
index e67237910d..e7446e20a7 100644
--- a/app/exec/v_exec.php
+++ b/app/exec/v_exec.php
@@ -36,9 +36,9 @@ else {
 
 //get the html values and set them as variables
 	if (count($_POST)>0) {
-		$shell_cmd = trim($_POST["shell_cmd"]);
-		$php_cmd = trim($_POST["php_cmd"]);
-		$switch_cmd = trim($_POST["switch_cmd"]);
+		$shell_cmd = trim(check_str($_POST["shell_cmd"]));
+		$php_cmd = trim(check_str($_POST["php_cmd"]));
+		$switch_cmd = trim(check_str($_POST["switch_cmd"]));
 	}
 
 //show the header
@@ -201,4 +201,4 @@ else {
 
 //show the footer
 	require_once "includes/footer.php";
-?>
+?>
\ No newline at end of file
diff --git a/includes/captcha/img.php b/includes/captcha/img.php
index f92bda8f57..ab2964af8c 100644
--- a/includes/captcha/img.php
+++ b/includes/captcha/img.php
@@ -95,7 +95,6 @@ function imagettfbbox_custom($size, $angle, $font, $text) {
   return $bbox;
 }
 
-
 // Create the image
 $size = imagettfbbox_custom($fontsize, 0, $font, $text);
 $width = $size[2] + $size[0] + 8;
@@ -120,4 +119,4 @@ header("Content-type: image/png");
 // Using imagepng() results in clearer text compared with
 imagepng($im);
 imagedestroy($im);
-?>
+?>
\ No newline at end of file
diff --git a/includes/checkauth.php b/includes/checkauth.php
index a44bbc2091..ff6f31eb34 100644
--- a/includes/checkauth.php
+++ b/includes/checkauth.php
@@ -100,7 +100,7 @@ session_start();
 			if ($auth_failed) {
 				//log the failed auth attempt to the system, to be available for fail2ban.
 					openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
-					syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".$_REQUEST["username"]);
+					syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".check_str($_REQUEST["username"]));
 					closelog();
 				//redirect the user to the login page
 					$php_self = $_SERVER["PHP_SELF"];
diff --git a/includes/classes/switch_modules.php b/includes/classes/switch_modules.php
index 0396740487..3a4b5eb1ca 100644
--- a/includes/classes/switch_modules.php
+++ b/includes/classes/switch_modules.php
@@ -142,8 +142,8 @@ echo $mod->dir."\n";
 						$mod['module_label'] = 'CID Lookup';
 						$mod['module_category'] = 'Applications';
 						$mod['module_description'] = 'Lookup caller id info.';
-						$mod['module_enabled'] = 'true';
-						$mod['module_default_enabled'] = 'true';
+						$mod['module_enabled'] = 'false';
+						$mod['module_default_enabled'] = 'false';
 						break;
 					case "mod_cluechoo":
 						$mod['module_label'] = 'Cluechoo';
@@ -645,8 +645,8 @@ echo $mod->dir."\n";
 						$mod['module_label'] = 'XML RPC';
 						$mod['module_category'] = 'XML Interfaces';
 						$mod['module_description'] = 'XML Remote Procedure Calls. Issue commands from your web application.';
-						$mod['module_enabled'] = 'true';
-						$mod['module_default_enabled'] = 'true';
+						$mod['module_enabled'] = 'false';
+						$mod['module_default_enabled'] = 'false';
 						break;
 					default:
 						$mod['module_category'] = 'Auto';