diff --git a/docs/CHANGES.txt b/docs/CHANGES.txt
index 2504ddca..875d7b7d 100644
--- a/docs/CHANGES.txt
+++ b/docs/CHANGES.txt
@@ -1,5 +1,8 @@
 CHANGE LOG
 
+2015-11-19 by lawnmower
+Fix several XSS and SQLi vulerabilities
+
 2015-11-14 by techietrash
 Fix ctrl+click group collapsing/expanding on OSX
 
diff --git a/sections/reports/ajax_resolve_report.php b/sections/reports/ajax_resolve_report.php
index 7292c335..85c822d2 100644
--- a/sections/reports/ajax_resolve_report.php
+++ b/sections/reports/ajax_resolve_report.php
@@ -1,11 +1,11 @@
 <?
 authorize();
 
-if ((!check_perms('admin_reports') && !check_perms('project_team') && !check_perms('site_moderate_forums')) || (empty($_POST['reportid']) && !is_number($_POST['reportid']))) {
+if (!check_perms('admin_reports') && !check_perms('project_team') && !check_perms('site_moderate_forums')) {
 	ajax_error();
 }
 
-$ReportID = $_POST['reportid'];
+$ReportID = (int) $_POST['reportid'];
 
 $DB->query("
 	SELECT Type
diff --git a/sections/reports/takeresolve.php b/sections/reports/takeresolve.php
index 28466fcd..127be59a 100644
--- a/sections/reports/takeresolve.php
+++ b/sections/reports/takeresolve.php
@@ -5,11 +5,7 @@
 	error(403);
 }
 
-if (empty($_POST['reportid']) && !is_number($_POST['reportid'])) {
-	error(403);
-}
-
-$ReportID = $_POST['reportid'];
+$ReportID = (int) $_POST['reportid'];
 
 $DB->query("
 	SELECT Type
diff --git a/sections/reportsv2/ajax_create_report.php b/sections/reportsv2/ajax_create_report.php
index 2f3fa6ea..3f68b08d 100644
--- a/sections/reportsv2/ajax_create_report.php
+++ b/sections/reportsv2/ajax_create_report.php
@@ -50,7 +50,7 @@
 }
 
 
-$ExtraID = $_POST['otherid'];
+$ExtraID = db_string($_POST['otherid']);
 
 if (!empty($_POST['extra'])) {
 	$Extra = db_string($_POST['extra']);
diff --git a/sections/reportsv2/ajax_update_comment.php b/sections/reportsv2/ajax_update_comment.php
index 60f2adb5..12b05fc5 100644
--- a/sections/reportsv2/ajax_update_comment.php
+++ b/sections/reportsv2/ajax_update_comment.php
@@ -7,12 +7,7 @@
 	error(403);
 }
 
-if (empty($_POST['reportid']) || !is_number($_POST['reportid'])) {
-	echo 'HAX ATTEMPT!'.$_GET['reportid'];
-	die();
-}
-
-$ReportID = $_POST['reportid'];
+$ReportID = (int) $_POST['reportid'];
 
 $Message = db_string($_POST['comment']);
 //Message can be blank!
diff --git a/sections/reportsv2/ajax_update_resolve.php b/sections/reportsv2/ajax_update_resolve.php
index df207978..f2e6928b 100644
--- a/sections/reportsv2/ajax_update_resolve.php
+++ b/sections/reportsv2/ajax_update_resolve.php
@@ -5,23 +5,13 @@
 	error(403);
 }
 
-if (empty($_GET['reportid']) || !is_number($_GET['reportid'])) {
-	echo 'HAX ATTEMPT!'.$_GET['reportid'];
-	die();
-}
-
-if (empty($_GET['categoryid']) || !is_number($_GET['categoryid'])) {
-	echo 'HAX ATTEMPT!!'.$_GET['categoryid'];
-	die();
-}
-
 if (empty($_GET['newresolve'])) {
 	echo "No new resolve";
 	die();
 }
 
-$ReportID = $_GET['reportid'];
-$CategoryID = $_GET['categoryid'];
+$ReportID = (int) $_GET['reportid'];
+$CategoryID = (int) $_GET['categoryid'];
 $NewType = $_GET['newresolve'];
 
 if (!empty($Types[$CategoryID])) {
diff --git a/sections/user/manage_linked.php b/sections/user/manage_linked.php
index f2254c51..47b30e3a 100644
--- a/sections/user/manage_linked.php
+++ b/sections/user/manage_linked.php
@@ -6,7 +6,7 @@
 	error(403);
 }
 
-$UserID = $_REQUEST['userid'];
+$UserID = (int) $_REQUEST['userid'];
 
 switch ($_REQUEST['dupeaction']) {
 	case 'remove':