diff --git a/gulliver/system/class.dbMaintenance.php b/gulliver/system/class.dbMaintenance.php
index bd55d0595..50b2d5acb 100755
--- a/gulliver/system/class.dbMaintenance.php
+++ b/gulliver/system/class.dbMaintenance.php
@@ -419,6 +419,15 @@ class DataBaseMaintenance
         }
 
         /* execute multi query */
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
+                
+        $arrayQuerys = explode(';',$query);
+        foreach($arrayQuerys as $v) {
+            $newQuery[] = $filter->preventSqlInjection($v);        
+        }
+        $query = implode(';',$newQuery);
+        
         if ($mysqli->multi_query( $query )) {
             do {
                 /* store first result set */
@@ -450,7 +459,7 @@ class DataBaseMaintenance
             }
         }
             
-        $sQuery = "LOCK TABLES " . implode( " READ, ", $aTables ) . " READ; ";
+        $sQuery = 'LOCK TABLES ' . implode( ' READ, ', $aTables ) . ' READ; ';
         
         if (@mysql_query( $filter->preventSqlInjection($sQuery) )) {
             echo "    [OK]\n";
@@ -622,6 +631,15 @@ class DataBaseMaintenance
                 }
 
                     /* execute multi query */
+                G::LoadSystem('inputfilter');
+                $filter = new InputFilter();    
+                
+                $arrayQuerys = explode(';',$query);
+                foreach($arrayQuerys as $v) {
+                    $newQuery[] = $filter->preventSqlInjection($v);        
+                }
+                $query = implode(';',$newQuery);    
+                
                 if ($mysqli->multi_query( $query )) {
                     do {
                         /* store first result set */
diff --git a/gulliver/thirdparty/pear/PEAR/Command/Package.php b/gulliver/thirdparty/pear/PEAR/Command/Package.php
index 9dec74734..4158cef20 100755
--- a/gulliver/thirdparty/pear/PEAR/Command/Package.php
+++ b/gulliver/thirdparty/pear/PEAR/Command/Package.php
@@ -452,6 +452,9 @@ Wrote: /usr/src/redhat/RPMS/i386/PEAR::Net_Socket-1.0-1.i386.rpm
 
     function doRunTests($command, $options, $params)
     {
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
+        
         $cwd = getcwd();
         $php = PHP_BINDIR . '/php' . (OS_WINDOWS ? '.exe' : '');
         putenv("TEST_PHP_EXECUTABLE=$php");
@@ -465,8 +468,18 @@ Wrote: /usr/src/redhat/RPMS/i386/PEAR::Net_Socket-1.0-1.i386.rpm
             }
         }
         $plist = implode(" ", $params);
+        
+        $php  = $filter->validateInput($php);
+        $cwd  = $filter->validateInput($cwd);
+        $ps  = $filter->validateInput($ps);
+        $ip  = $filter->validateInput($ip);
+        $run_tests  = $filter->validateInput($run_tests);
+        $plist  = $filter->validateInput($plist);
+        
         $cmd = $php.' -C -d include_path='.$cwd.$ps.$ip.' -f '.$run_tests.' -- '.$plist;
         
+        $cmd  = $filter->validateInput($cmd);
+        
         if (!class_exists('G')) {
             $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
             $docuroot = explode( '/', $realdocuroot );
@@ -477,10 +490,6 @@ Wrote: /usr/src/redhat/RPMS/i386/PEAR::Net_Socket-1.0-1.i386.rpm
             require_once($pathTrunk.'gulliver/system/class.g.php');
         }
         
-        G::LoadSystem('inputfilter');
-        $filter = new InputFilter();
-        $cmd  = $filter->validateInput($cmd);
-        
         system($cmd);
         return true;
     }