diff --git a/gulliver/thirdparty/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php b/gulliver/thirdparty/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php
index e1f40e701..bd4c21d17 100644
--- a/gulliver/thirdparty/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php
+++ b/gulliver/thirdparty/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php
@@ -96,7 +96,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
         
         G::LoadSystem('inputfilter');
         $filter = new InputFilter();
-        $file = $filter->validateInput($file,"path");
+        $file = $filter->validateInput($file,'path');
         
         return unlink($file);
     }
@@ -209,7 +209,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
         
         G::LoadSystem('inputfilter');
         $filter = new InputFilter();
-        $file = $filter->validateInput($file,"path");
+        $file = $filter->validateInput($file,'path');
         
         if(is_file($file)) {
             $result = file_put_contents($file, $data);
diff --git a/workflow/engine/controllers/pmTablesProxy.php b/workflow/engine/controllers/pmTablesProxy.php
index 2f8350207..03700369e 100755
--- a/workflow/engine/controllers/pmTablesProxy.php
+++ b/workflow/engine/controllers/pmTablesProxy.php
@@ -671,11 +671,11 @@ class pmTablesProxy extends HttpProxyController
         $filter = new InputFilter();
         $countRow = 250;
         $tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE'];
-        $tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
+        //$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
         if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) {
             $filename = $_FILES['form']['name']['CSV_FILE'];
-            $filename = $filter->xssFilterHard($filename, 'path');
-            if ($oFile = fopen( $tmpfilename, 'r' )) {
+            //$filename = $filter->xssFilterHard($filename, 'path');
+            if ($oFile = fopen( $filter->xssFilterHard($tmpfilename, 'path'), 'r' )) {
                 require_once 'classes/model/AdditionalTables.php';
                 $oAdditionalTables = new AdditionalTables();
                 $aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true );
@@ -771,11 +771,11 @@ class pmTablesProxy extends HttpProxyController
         G::LoadSystem('inputfilter');
         $filter = new InputFilter();
         $tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE'];
-        $tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
+        //$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
         if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) {
             $filename = $_FILES['form']['name']['CSV_FILE'];
             $filename = $filter->xssFilterHard($filename, 'path');
-            if ($oFile = fopen( $tmpfilename, 'r' )) {
+            if ($oFile = fopen( $filter->xssFilterHard($tmpfilename, 'path'), 'r' )) {
                 require_once 'classes/model/AdditionalTables.php';
                 $oAdditionalTables = new AdditionalTables();
                 $aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true );
diff --git a/workflow/engine/methods/users/usersAjax.php b/workflow/engine/methods/users/usersAjax.php
index 051d9bb8a..50f780946 100755
--- a/workflow/engine/methods/users/usersAjax.php
+++ b/workflow/engine/methods/users/usersAjax.php
@@ -200,7 +200,7 @@ switch ($_POST['action']) {
                 }
                 $aData['USR_STATUS'] = $statusWF;
                 $aData['USR_UID'] = $sUserUID;
-                $aData['USR_PASSWORD'] = md5($sUserUID); //fake :p
+                $aData['USR_PASSWORD'] = G::encryptOld($sUserUID); //fake :p
                 $aData['USR_COUNTRY'] = $form['USR_COUNTRY'];
                 $aData['USR_CITY'] = $form['USR_CITY'];
                 $aData['USR_LOCATION'] = $form['USR_LOCATION'];
diff --git a/workflow/public_html/bootstrap.php b/workflow/public_html/bootstrap.php
index b9f385999..3de609018 100755
--- a/workflow/public_html/bootstrap.php
+++ b/workflow/public_html/bootstrap.php
@@ -77,13 +77,13 @@
   $config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
   $config['time_zone'] = $filter->validateInput($config['time_zone']);
   // Do not change any of these settings directly, use env.ini instead
-  ini_set( 'display_errors', $config['display_errors']);
-  ini_set( 'error_reporting', $config['error_reporting']);  
+  ini_set( 'display_errors', $filter->validateInput($config['display_errors']));
+  ini_set( 'error_reporting', $filter->validateInput($config['error_reporting']));  
   ini_set('short_open_tag', 'On');
   ini_set('default_charset', "UTF-8");
-  ini_set('memory_limit', $config['memory_limit']);
+  ini_set('memory_limit', $filter->validateInput($config['memory_limit']);
   ini_set('soap.wsdl_cache_enabled', $config['wsdl_cache']);
-  ini_set('date.timezone', $config['time_zone']);
+  ini_set('date.timezone', $filter->validateInput($config['time_zone']);
 
   define ('DEBUG_SQL_LOG', $config['debug_sql']);
   define ('DEBUG_TIME_LOG', $config['debug_time']);
@@ -713,7 +713,7 @@
     } elseif ($isRestRequest) {
       G::dispatchRestService(SYS_TARGET, $restConfig, $restApiClassPath);
     } else {
-      require_once $phpFile;
+      require_once $filter->validateInput($phpFile,'path');
     }
 
     if (defined('SKIP_HEADERS')){