diff --git a/phpBB/modcp.php b/phpBB/modcp.php
index 9491558454..895d2de68d 100644
--- a/phpBB/modcp.php
+++ b/phpBB/modcp.php
@@ -230,6 +230,11 @@ switch( $mode )
 
 		if ( $confirm )
 		{
+  			if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) )
+			{
+				message_die(GENERAL_MESSAGE, $lang['None_selected']);
+			}
+
 			include($phpbb_root_path . 'includes/functions_search.'.$phpEx);
 
 			$topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id);
@@ -256,6 +261,11 @@ switch( $mode )
 			}
 			$db->sql_freeresult($result);
 
+			if ( $topic_id_sql == '')
+			{
+				message_die(GENERAL_MESSAGE, $lang['None_selected']);
+			}
+
 			$sql = "SELECT poster_id, COUNT(post_id) AS posts 
 				FROM " . POSTS_TABLE . " 
 				WHERE topic_id IN ($topic_id_sql) 
@@ -737,6 +747,11 @@ switch( $mode )
 			}
 			$db->sql_freeresult($result);
 
+			if ($post_id_sql == '')
+			{
+				message_die(GENERAL_MESSAGE, $lang['None_selected']);
+			}
+
 			$sql = "SELECT post_id, poster_id, topic_id, post_time
 				FROM " . POSTS_TABLE . "
 				WHERE post_id IN ($post_id_sql) 
@@ -987,7 +1002,7 @@ switch( $mode )
 		}
 
 		$ip_this_post = decode_ip($post_row['poster_ip']);
-		$ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? gethostbyaddr($ip_this_post) : $ip_this_post;
+		$ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? htmlspecialchars(gethostbyaddr($ip_this_post)) : $ip_this_post;
 
 		$poster_id = $post_row['poster_id'];
 
@@ -1033,7 +1048,7 @@ switch( $mode )
 				}
 
 				$ip = decode_ip($row['poster_ip']);
-				$ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? gethostbyaddr($ip) : $ip;
+				$ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? htmlspecialchars(gethostbyaddr($ip)) : $ip;
 
 				$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
 				$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];