diff --git a/library/includes/functions.php b/library/includes/functions.php
index 235e37c9..b9187cb7 100644
--- a/library/includes/functions.php
+++ b/library/includes/functions.php
@@ -2811,7 +2811,7 @@ function hash_search ($hash)
 
 	$hash = htmlCHR(trim($hash));
 
-	if (!isset($hash) || mb_strlen($hash, 'UTF-8') != 40)
+	if (!isset($hash) || mb_strlen($hash, 'UTF-8') != 40 || !ctype_xdigit($hash))
 	{
 		bb_die(sprintf($lang['HASH_INVALID'], $hash));
 	}
diff --git a/privmsg.php b/privmsg.php
index 57c4f619..029d5f08 100644
--- a/privmsg.php
+++ b/privmsg.php
@@ -33,7 +33,7 @@ $confirmed = ( isset($_POST['confirm']) ) ? TRUE : 0;
 $delete = ( isset($_POST['delete']) ) ? TRUE : 0;
 $delete_all = ( isset($_POST['deleteall']) ) ? TRUE : 0;
 $save = ( isset($_POST['save']) ) ? TRUE : 0;
-$mode = isset($_REQUEST['mode']) ? (string) $_REQUEST['mode'] : '';
+$mode = isset($_REQUEST['mode']) ? htmlCHR($_REQUEST['mode']) : '';
 
 $refresh = $preview || $submit_search;