diff --git a/gulliver/methods/genericAjax.php b/gulliver/methods/genericAjax.php
index 1a52c1087..f0f53b9f1 100755
--- a/gulliver/methods/genericAjax.php
+++ b/gulliver/methods/genericAjax.php
@@ -1,10 +1,10 @@
 <?php
 G::LoadSystem('inputfilter');
 $filter = new InputFilter();
-$_GET = $filter->xssFilterHard($_GET);
-$_POST = $filter->xssFilterHard($_POST);
-$_REQUEST = $filter->xssFilterHard($_REQUEST);
-$_SESSION = $filter->xssFilterHard($_SESSION);
+$_GET = $filter->xssFilterHard($_GET,"url");
+$_POST = $filter->xssFilterHard($_POST,"url");
+$_REQUEST = $filter->xssFilterHard($_REQUEST,"url");
+$_SESSION = $filter->xssFilterHard($_SESSION,"url");
 
 $request = isset($_POST['request'])? $_POST['request']: null;
 if( !isset($request) ){
diff --git a/gulliver/system/class.inputfilter.php b/gulliver/system/class.inputfilter.php
index 138be6c11..92abbad53 100644
--- a/gulliver/system/class.inputfilter.php
+++ b/gulliver/system/class.inputfilter.php
@@ -372,7 +372,7 @@ class InputFilter
       * @param Array or String $input
       * @return Array or String $input
       */
-    public function xssFilter($input)
+    public function xssFilter($input, $type = "")
     {
         if(is_array($input)) {
             if(sizeof($input)) {
@@ -380,7 +380,16 @@ class InputFilter
                     if(is_array($val) && sizeof($val)) {
                         $input[$i] = $this->xssFilter($val);
                     } else {
-                        $input[$i] = addslashes(htmlspecialchars(filter_var($val, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8'));
+                        if(!empty($val)) {
+                            if($type != "url") {
+                                $inputFiltered = addslashes(htmlspecialchars(filter_var($val, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8'));
+                            } else {
+                                $inputFiltered = filter_var($val, FILTER_SANITIZE_STRING);
+                            }
+                        } else {
+                            $inputFiltered = "";
+                        }
+                        $input[$i] = $inputFiltered;
                     }
                 }
             }    
@@ -389,7 +398,11 @@ class InputFilter
             if(!isset($input) || trim($input) === '' || $input === NULL ) {
                 return '';
             } else {
-                return addslashes(htmlspecialchars(filter_var($input, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8'));
+                if($type != "url") {
+                    return addslashes(htmlspecialchars(filter_var($input, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8'));
+                } else {
+                    return filter_var($input, FILTER_SANITIZE_STRING);
+                }
             }
         }
     }
@@ -401,10 +414,9 @@ class InputFilter
       * @param Array or String $input
       * @return Array or String $input
       */
-    function xssFilterHard($input)
+    function xssFilterHard($input, $type = "")
     { 
         require_once (PATH_THIRDPARTY . 'HTMLPurifier/HTMLPurifier.auto.php');
-        //G::LoadThirdParty ('HTMLPurifier', 'HTMLPurifier.auto.php');
         $config = HTMLPurifier_Config::createDefault();
         $purifier = new HTMLPurifier($config);
         if(is_array($input)) {
@@ -415,7 +427,9 @@ class InputFilter
                     } else {
                         if(!empty($val)) {
                             $inputFiltered = $purifier->purify($val);
-                            $inputFiltered = addslashes(htmlspecialchars($inputFiltered, ENT_COMPAT, 'UTF-8'));
+                            if($type != "url") {
+                                $inputFiltered = addslashes(htmlspecialchars($inputFiltered, ENT_COMPAT, 'UTF-8'));   
+                            }
                         } else {
                             $inputFiltered = "";
                         }
@@ -429,7 +443,10 @@ class InputFilter
                 return '';
             } else {
                 $input = $purifier->purify($input);
-                return addslashes(htmlspecialchars($input, ENT_COMPAT, 'UTF-8'));
+                if($type != "url") {
+                    $input = addslashes(htmlspecialchars($input, ENT_COMPAT, 'UTF-8'));
+                }
+                return $input;
             }
         }
     }
diff --git a/rbac/engine/templates/login/showDBFiles.php b/rbac/engine/templates/login/showDBFiles.php
index 31682bdd9..89cab1860 100755
--- a/rbac/engine/templates/login/showDBFiles.php
+++ b/rbac/engine/templates/login/showDBFiles.php
@@ -30,11 +30,14 @@
     die;
   }
 
-
+  G::LoadSystem('inputfilter');
+  $filter = new InputFilter();
+  
   echo "<table class='basicTable' cellpadding='5' cellspacing='0' border='0'>";
   echo "<tr class='Record'><td colspan='2' class='formTitle'>Please select a valid workspace to continue</td></tr>";
   echo "<tr valign='top'>";
   $curPage = getenv( "REQUEST_URI" );
+  $curPage = $filter->xssFilterHard($curPage,"url");
   //running the while loop
   $first = 0;
   while ($file = readdir($dir_handle))
diff --git a/workflow/engine/templates/login/showDBFiles.php b/workflow/engine/templates/login/showDBFiles.php
index 31682bdd9..89cab1860 100755
--- a/workflow/engine/templates/login/showDBFiles.php
+++ b/workflow/engine/templates/login/showDBFiles.php
@@ -30,11 +30,14 @@
     die;
   }
 
-
+  G::LoadSystem('inputfilter');
+  $filter = new InputFilter();
+  
   echo "<table class='basicTable' cellpadding='5' cellspacing='0' border='0'>";
   echo "<tr class='Record'><td colspan='2' class='formTitle'>Please select a valid workspace to continue</td></tr>";
   echo "<tr valign='top'>";
   $curPage = getenv( "REQUEST_URI" );
+  $curPage = $filter->xssFilterHard($curPage,"url");
   //running the while loop
   $first = 0;
   while ($file = readdir($dir_handle))