diff --git a/phpBB/db/mysql.php b/phpBB/db/mysql.php
index 8776d3e5ac..132b64f79f 100644
--- a/phpBB/db/mysql.php
+++ b/phpBB/db/mysql.php
@@ -139,7 +139,7 @@ class sql_db
 				$endtime = explode(' ', microtime());
 				$endtime = $endtime[0] + $endtime[1] - $starttime;
 
-				$this->sql_report .= "<pre>Query:\t" . preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query) . "\n\n";
+				$this->sql_report .= "<pre>Query:\t" . htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query)) . "\n\n";
 				if ($this->query_result)
 				{
 					$this->sql_report .= "Time before:  $curtime\nTime after:   $endtime\nElapsed time: <b>" . ($endtime - $curtime) . "</b>\n</pre>";
@@ -147,7 +147,7 @@ class sql_db
 				else
 				{
 					$error = $this->sql_error();
-					$this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . $error['message'] . '<br><br><pre>';
+					$this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . htmlspecialchars($error['message']) . '<br><br><pre>';
 				}
 				$this->sql_time += $endtime - $curtime;
 				if (preg_match('/^SELECT/', $query))
diff --git a/phpBB/db/mysql4.php b/phpBB/db/mysql4.php
index 921db44ba5..6c1b027697 100644
--- a/phpBB/db/mysql4.php
+++ b/phpBB/db/mysql4.php
@@ -134,12 +134,12 @@ class sql_db
 			{
 				$this->sql_error($query);
 			}
-			if (!empty($_REQUEST['explain']))
+if (!empty($_REQUEST['explain']))
 			{
 				$endtime = explode(' ', microtime());
 				$endtime = $endtime[0] + $endtime[1] - $starttime;
 
-				$this->sql_report .= "<pre>Query:\t" . preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query) . "\n\n";
+				$this->sql_report .= "<pre>Query:\t" . htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query)) . "\n\n";
 				if ($this->query_result)
 				{
 					$this->sql_report .= "Time before:  $curtime\nTime after:   $endtime\nElapsed time: <b>" . ($endtime - $curtime) . "</b>\n</pre>";
@@ -147,7 +147,7 @@ class sql_db
 				else
 				{
 					$error = $this->sql_error();
-					$this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . $error['message'] . '<br><br><pre>';
+					$this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . htmlspecialchars($error['message']) . '<br><br><pre>';
 				}
 				$this->sql_time += $endtime - $curtime;
 				if (preg_match('/^SELECT/', $query))
diff --git a/phpBB/includes/page_tail.php b/phpBB/includes/page_tail.php
index f2ff5f8cbf..32de512e4f 100644
--- a/phpBB/includes/page_tail.php
+++ b/phpBB/includes/page_tail.php
@@ -40,7 +40,7 @@ if (defined('DEBUG'))
 
 	if ($auth->acl_get('a_'))
 	{
-		$debug_output .= ' | <a href="' . $_SERVER['REQUEST_URI'] . '&amp;explain=1">Explain</a>';
+		$debug_output .= ' | <a href="' . htmlspecialchars($_SERVER['REQUEST_URI']) . '&amp;explain=1">Explain</a>';
 	}
 	$debug_output .= ' ]';
 }
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 68c8b17a9a..8784e2ee91 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -272,7 +272,7 @@ if ($user->data['user_id'] != ANONYMOUS)
 }
 
 // Was a highlight request part of the URI?
-$highlight_match = '';
+$highlight_match = $highlight = '';
 if (isset($_GET['highlight']))
 {
 	// Split words and phrases
@@ -286,6 +286,8 @@ if (isset($_GET['highlight']))
 		}
 	}
 	unset($words);
+
+	$highlight = urlencode($_GET['highlight']);
 }
 
 // Quick mod tools
@@ -300,7 +302,7 @@ $topic_mod .= ($auth->acl_gets('m_split', 'a_', $forum_id)) ? '<option value="sp
 $topic_mod .= ($auth->acl_gets('m_merge', 'a_', $forum_id)) ? '<option value="merge">' . $user->lang['Merge_topic'] . '</option>' : '';
 
 // If we've got a hightlight set pass it on to pagination.
-$pagination = ($highlight_match) ? generate_pagination("viewtopic.$phpEx$SID&amp;t=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . urlencode($_GET['highlight']), $topic_replies, $config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx$SID&amp;t=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order", $topic_replies, $config['posts_per_page'], $start);
+$pagination = ($highlight_match) ? generate_pagination("viewtopic.$phpEx$SID&amp;t=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=$highlight", $topic_replies, $config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx$SID&amp;t=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order", $topic_replies, $config['posts_per_page'], $start);
 
 // Post, reply and other URL generation for
 // templating vars
@@ -429,13 +431,13 @@ $template->assign_vars(array(
 	'S_MOD_ACTION' 			=> "modcp.$phpEx$SID&amp;t=$topic_id",
 	'S_WATCH_TOPIC' 		=> $s_watching_topic,
 
-	'U_VIEW_TOPIC' 			=> "viewtopic.$phpEx$SID&amp;t=$topic_id&amp;start=$start&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . urlencode($_GET['highlight']),
+	'U_VIEW_TOPIC' 			=> "viewtopic.$phpEx$SID&amp;t=$topic_id&amp;start=$start&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=$highlight",
 	'U_TOPIC'				=> $server_path . 'viewtopic.' . $phpEx  . '?t=' . $topic_id,
 	'U_FORUM'				=> $server_path,
 	'U_VIEW_FORUM' 			=> $view_forum_url,
 	'U_VIEW_OLDER_TOPIC'	=> $view_prev_topic_url,
 	'U_VIEW_NEWER_TOPIC'	=> $view_next_topic_url,
-	'U_PRINT_TOPIC'			=> "viewtopic.$phpEx$SID&amp;t=$topic_id&amp;start=$start&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . $_GET['highlight'] . "&amp;view=print",
+	'U_PRINT_TOPIC'			=> "viewtopic.$phpEx$SID&amp;t=$topic_id&amp;start=$start&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=$highlight&amp;view=print",
 	'U_POST_NEW_TOPIC' 		=> $new_topic_url,
 	'U_POST_REPLY_TOPIC' 	=> $reply_topic_url)
 );