diff --git a/app/gateways/gateways.php b/app/gateways/gateways.php
index c3a58d0c44..614e1dbbf9 100644
--- a/app/gateways/gateways.php
+++ b/app/gateways/gateways.php
@@ -129,7 +129,7 @@
 
 //prepare to page the results
 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
-	$param = "&order_by=".$order_by."&order=".$order;
+	$param = "&order_by=".escape($order_by)."&order=".escape($order);
 	if (!isset($_GET['page'])) { $_GET['page'] = 0; }
 	$_GET['page'] = check_str($_GET['page']);
 	list($paging_controls, $rows_per_page, $var_3) = paging($total_gateways, $param, $rows_per_page);
@@ -187,35 +187,35 @@
 	echo "</td>\n";
 	echo "</tr>\n";
 
-	if ($total_gateways > 0) {
+	if (is_array($gateways)) {
 		foreach($gateways as $row) {
-			$tr_link = (permission_exists('gateway_edit')) ? "href='gateway_edit.php?id=".$row['gateway_uuid']."'" : null;
+			$tr_link = (permission_exists('gateway_edit')) ? "href='gateway_edit.php?id=".escape($row['gateway_uuid'])."'" : null;
 			echo "<tr ".$tr_link.">\n";
 			if ($_GET['show'] == "all" && permission_exists('gateway_all')) {
 				if (strlen($_SESSION['domains'][$row['domain_uuid']]['domain_name']) > 0) {
-					$domain = $_SESSION['domains'][$row['domain_uuid']]['domain_name'];
+					$domain = escape($_SESSION['domains'][$row['domain_uuid']]['domain_name']);
 				}
 				else {
 					$domain = $text['label-global'];
 				}
-				echo "	<td valign='top' class='".$row_style[$c]."'>".$domain."</td>\n";
+				echo "	<td valign='top' class='".$row_style[$c]."'>".escape($domain)."</td>\n";
 			}
 			echo "	<td valign='top' class='".$row_style[$c]."'>";
 			if (permission_exists('gateway_edit')) {
-				echo "<a href='gateway_edit.php?id=".$row['gateway_uuid']."'>".$row["gateway"]."</a>";
+				echo "<a href='gateway_edit.php?id=".escape($row['gateway_uuid'])."'>".escape($row["gateway"])."</a>";
 			}
 			else {
 				echo $row["gateway"];
 			}
 			echo "</td>\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'>".$row["context"]."</td>\n";
+			echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row["context"])."</td>\n";
 			if ($fp) {
 				if ($row["enabled"] == "true") {
 					$response = switch_gateway_status($row["gateway_uuid"]);
 					if ($response == "Invalid Gateway!") {
 						//not running
 						echo "	<td valign='top' class='".$row_style[$c]."'>".$text['label-status-stopped']."</td>\n";
-						echo "	<td valign='top' class='".$row_style[$c]."'><a href='gateways.php?a=start&gateway=".$row["gateway_uuid"]."&profile=".$row["profile"]."' alt='".$text['label-action-start']."'>".$text['label-action-start']."</a></td>\n";
+						echo "	<td valign='top' class='".$row_style[$c]."'><a href='gateways.php?a=start&gateway=".escape($row["gateway_uuid"])."&profile=".escape($row["profile"])."' alt='".$text['label-action-start']."'>".$text['label-action-start']."</a></td>\n";
 						echo "	<td valign='top' class='".$row_style[$c]."'>&nbsp;</td>\n";
 					}
 					else {
@@ -224,8 +224,8 @@
 							$xml = new SimpleXMLElement($response);
 							$state = $xml->state;
 							echo "	<td valign='top' class='".$row_style[$c]."'>".$text['label-status-running']."</td>\n";
-							echo "	<td valign='top' class='".$row_style[$c]."'><a href='gateways.php?a=stop&gateway=".$row["gateway_uuid"]."&profile=".$row["profile"]."' alt='".$text['label-action-stop']."'>".$text['label-action-stop']."</a></td>\n";
-							echo "	<td valign='top' class='".$row_style[$c]."'>".$state."</td>\n"; //REGED, NOREG, UNREGED
+							echo "	<td valign='top' class='".$row_style[$c]."'><a href='gateways.php?a=stop&gateway=".escape($row["gateway_uuid"])."&profile=".escape($row["profile"])."' alt='".$text['label-action-stop']."'>".$text['label-action-stop']."</a></td>\n";
+							echo "	<td valign='top' class='".$row_style[$c]."'>".escape($state)."</td>\n"; //REGED, NOREG, UNREGED
 						}
 						catch(Exception $e) {
 								//echo $e->getMessage();
@@ -237,20 +237,20 @@
 					echo "	<td valign='top' class='".$row_style[$c]."'>&nbsp;</td>\n";
 					echo "	<td valign='top' class='".$row_style[$c]."'>&nbsp;</td>\n";
 				}
-				echo "	<td valign='top' class='".$row_style[$c]."'>".$row["hostname"]."</td>\n";
+				echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row["hostname"])."</td>\n";
 				if ($row["enabled"] == "true") {
 					echo "	<td valign='top' class='".$row_style[$c]."' style='align: center;'>".$text['label-true']."</td>\n";
 				}
 				else {
 					echo "	<td valign='top' class='".$row_style[$c]."' style='align: center;'>".$text['label-false']."</td>\n";
 				}
-				echo "	<td valign='top' class='row_stylebg'>".$row["description"]."&nbsp;</td>\n";
+				echo "	<td valign='top' class='row_stylebg'>".escape($row["description"])."&nbsp;</td>\n";
 				echo "	<td class='list_control_icons'>";
 				if (permission_exists('gateway_edit')) {
-					echo "<a href='gateway_edit.php?id=".$row['gateway_uuid']."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
+					echo "<a href='gateway_edit.php?id=".escape($row['gateway_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
 				}
 				if (permission_exists('gateway_delete')) {
-					echo "<a href='gateway_delete.php?id=".$row['gateway_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
+					echo "<a href='gateway_delete.php?id=".escape($row['gateway_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
 				}
 				echo "	</td>\n";
 				echo "</tr>\n";