diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index a7a2b09a67..340c61f39c 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1268,9 +1268,11 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
 		return false;
 	}
 
-	$s_hidden_fields = '<input type="hidden" name="user_id" value="' . $user->data['user_id'] . '" />';
-	$s_hidden_fields .= '<input type="hidden" name="sess" value="' . $user->session_id . '" />';
-	$s_hidden_fields .= '<input type="hidden" name="sid" value="' . $SID . '" />';
+	$s_hidden_fields = build_hidden_fields(array(
+		'user_id'	=> $user->data['user_id'],
+		'sess'		=> $user->session_id,
+		'sid'		=> $SID)
+	);
 
 	// generate activation key
 	$confirm_key = gen_rand_string(10);
@@ -1372,8 +1374,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		$redirect = htmlspecialchars($split_page[0][1] . '.' . $phpEx . $SID . ((!empty($split_page[0][2])) ? '&' . $split_page[0][2] : ''));
 	}
 
-	$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $redirect . '" />';
-	$s_hidden_fields .= '<input type="hidden" name="sid" value="' . $SID . '" />';
+	$s_hidden_fields = build_hidden_fields(array('redirect' => $redirect, 'sid' => $SID));
 
 	$template->assign_vars(array(
 		'LOGIN_ERROR'		=> $err,
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index 2532cafd1a..02cb476ed6 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -717,26 +717,7 @@ function handle_mark_actions($user_id, $mark_action)
 			break;
 
 		case 'delete_marked':
-			$hidden_fields = array('cur_folder_id' => $cur_folder_id, 'mark_option' => 'delete_marked', 'submit_mark' => true);
-			$hidden_fields['marked_msg_id'] = $msg_ids;
-			$s_hidden_fields = '';
 
-			foreach ($hidden_fields as $key => $var)
-			{
-				if (is_array($var))
-				{
-					foreach ($var as $_key => $_var)
-					{
-						$s_hidden_fields .= '<input type="hidden" name="' . $key . '[' . $_key . ']" value="' . $_var . '" />';
-					}
-				}
-				else
-				{
-					$s_hidden_fields .= '<input type="hidden" name="' . $key . '" value="' . $var . '" />';
-				}
-			}
-			unset($hidden_fields);
-			
 			if (confirm_box(true))
 			{
 				delete_pm($user_id, $msg_ids, $cur_folder_id);
@@ -749,7 +730,14 @@ function handle_mark_actions($user_id, $mark_action)
 			}
 			else
 			{
-				confirm_box(false, 'DELETE_MARKED_PM', $s_hidden_fields);
+				$s_hidden_fields = array(
+					'cur_folder_id'	=> $cur_folder_id, 
+					'mark_option'	=> 'delete_marked',
+					'submit_mark'	=> true,
+					'marked_msg_id'	=> $msg_ids
+				);
+
+				confirm_box(false, 'DELETE_MARKED_PM', build_hidden_fields($s_hidden_fields));
 			}
 
 			break;