Index: /changelog
===================================================================
--- /changelog	(revision 7397)
+++ /changelog	(revision 7398)
@@ -241,2 +241,3 @@
 - Bugfix: Paypal-Express gibt kein Land mehr mit
 - Feature: KundenID in Kundenverwaltung sortierbar
+- Bugfix: Implementation von Sanitisierung und Validierung sÀmtlicher Benutzereingaben im Backend
Index: /controller/wpsg_AdminController.class.php
===================================================================
--- /controller/wpsg_AdminController.class.php	(revision 7397)
+++ /controller/wpsg_AdminController.class.php	(revision 7398)
@@ -273,47 +273,47 @@
 			{
 
-				$this->shop->update_option('wpsg_shopdata_name', $_REQUEST['wpsg_shopdata_name'], false, true);
-				$this->shop->update_option('wpsg_shopdata_owner', $_REQUEST['wpsg_shopdata_owner'], false, true);
-				$this->shop->update_option('wpsg_shopdata_tel', $_REQUEST['wpsg_shopdata_tel'], false, true);
-				$this->shop->update_option('wpsg_shopdata_fax', $_REQUEST['wpsg_shopdata_fax'], false, true);
-				$this->shop->update_option('wpsg_shopdata_email', $_REQUEST['wpsg_shopdata_email'], false, true);
-				$this->shop->update_option('wpsg_shopdata_taxnr', $_REQUEST['wpsg_shopdata_taxnr'], false, true);
-				$this->shop->update_option('wpsg_shopdata_ustidnr', $_REQUEST['wpsg_shopdata_ustidnr'], false, true);
-
-				$this->shop->update_option('wpsg_shopdata_street', $_REQUEST['wpsg_shopdata_street'], false, true);
-				$this->shop->update_option('wpsg_shopdata_zip', $_REQUEST['wpsg_shopdata_zip'], false, true);
-				$this->shop->update_option('wpsg_shopdata_city', $_REQUEST['wpsg_shopdata_city'], false, true);
-
-				$this->shop->update_option('wpsg_shopdata_2', $_REQUEST['wpsg_shopdata_2'], false, true);
-				$this->shop->update_option('wpsg_shopdata_2_street', $_REQUEST['wpsg_shopdata_2_street'], false, true);
-				$this->shop->update_option('wpsg_shopdata_2_zip', $_REQUEST['wpsg_shopdata_2_zip'], false, true);
-				$this->shop->update_option('wpsg_shopdata_2_city', $_REQUEST['wpsg_shopdata_2_city'], false, true);
-				$this->shop->update_option('wpsg_shopdata_2_country', $_REQUEST['wpsg_shopdata_2_country'], false, true);
-				$this->shop->update_option('wpsg_shopdata_2_tel', $_REQUEST['wpsg_shopdata_2_tel'], false, true);
-				$this->shop->update_option('wpsg_shopdata_2_fax', $_REQUEST['wpsg_shopdata_2_fax'], false, true);
-				$this->shop->update_option('wpsg_shopdata_2_email', $_REQUEST['wpsg_shopdata_2_email'], false, true);
-				
-				$this->shop->update_option('wpsg_shopdata_eu', $_REQUEST['wpsg_shopdata_eu'], false, true);
-				$this->shop->update_option('wpsg_shopdata_eu_name', $_REQUEST['wpsg_shopdata_eu_name'], false, true);
-				$this->shop->update_option('wpsg_shopdata_eu_tel', $_REQUEST['wpsg_shopdata_eu_tel'], false, true);
-				$this->shop->update_option('wpsg_shopdata_eu_fax', $_REQUEST['wpsg_shopdata_eu_fax'], false, true);
-				$this->shop->update_option('wpsg_shopdata_eu_email', $_REQUEST['wpsg_shopdata_eu_email'], false, true);
-				$this->shop->update_option('wpsg_shopdata_eu_street', $_REQUEST['wpsg_shopdata_eu_street'], false, true);
-				$this->shop->update_option('wpsg_shopdata_eu_zip', $_REQUEST['wpsg_shopdata_eu_zip'], false, true);
-				$this->shop->update_option('wpsg_shopdata_eu_city', $_REQUEST['wpsg_shopdata_eu_city'], false, true);		
-				$this->shop->update_option('wpsg_shopdata_eu_country', $_REQUEST['wpsg_shopdata_eu_country'], false, true);
-				
-				$this->shop->update_option('dataprotectioncommissioner', $_REQUEST['dataprotectioncommissioner'], false, true);
-				$this->shop->update_option('dataprotectioncommissioner_name', $_REQUEST['dataprotectioncommissioner_name'], false, true);
-				$this->shop->update_option('dataprotectioncommissioner_tel', $_REQUEST['dataprotectioncommissioner_tel'], false, true);
-				$this->shop->update_option('dataprotectioncommissioner_email', $_REQUEST['dataprotectioncommissioner_email'], false, true);
-				$this->shop->update_option('dataprotectioncommissioner_baskettext', $_REQUEST['dataprotectioncommissioner_baskettext'], false, true);
-				$this->shop->update_option('dataprotectioncommissioner_mailtext', $_REQUEST['dataprotectioncommissioner_mailtext'], false, true);	
-				$this->shop->update_option('dataprotectioncommissioner_texts', $_REQUEST['dataprotectioncommissioner_texts'], false, true);
+				$this->shop->update_option('wpsg_shopdata_name', $_REQUEST['wpsg_shopdata_name'], false, true, "text_field");
+				$this->shop->update_option('wpsg_shopdata_owner', $_REQUEST['wpsg_shopdata_owner'], false, true, "user");
+				$this->shop->update_option('wpsg_shopdata_tel', $_REQUEST['wpsg_shopdata_tel'], false, true, "key");
+				$this->shop->update_option('wpsg_shopdata_fax', $_REQUEST['wpsg_shopdata_fax'], false, true, "key");
+				$this->shop->update_option('wpsg_shopdata_email', $_REQUEST['wpsg_shopdata_email'], false, true, "email");
+				$this->shop->update_option('wpsg_shopdata_taxnr', $_REQUEST['wpsg_shopdata_taxnr'], false, true, "key");
+				$this->shop->update_option('wpsg_shopdata_ustidnr', $_REQUEST['wpsg_shopdata_ustidnr'], false, true, "key");
+
+				$this->shop->update_option('wpsg_shopdata_street', $_REQUEST['wpsg_shopdata_street'], false, true, "text_field");
+				$this->shop->update_option('wpsg_shopdata_zip', $_REQUEST['wpsg_shopdata_zip'], false, true, "key");
+				$this->shop->update_option('wpsg_shopdata_city', $_REQUEST['wpsg_shopdata_city'], false, true, "text_field");
+
+				$this->shop->update_option('wpsg_shopdata_2', $_REQUEST['wpsg_shopdata_2'], false, true, "key");
+				$this->shop->update_option('wpsg_shopdata_2_street', $_REQUEST['wpsg_shopdata_2_street'], false, true, "text_field");
+				$this->shop->update_option('wpsg_shopdata_2_zip', $_REQUEST['wpsg_shopdata_2_zip'], false, true, "key");
+				$this->shop->update_option('wpsg_shopdata_2_city', $_REQUEST['wpsg_shopdata_2_city'], false, true, "text_field");
+				$this->shop->update_option('wpsg_shopdata_2_country', $_REQUEST['wpsg_shopdata_2_country'], false, true, "text_field");
+				$this->shop->update_option('wpsg_shopdata_2_tel', $_REQUEST['wpsg_shopdata_2_tel'], false, true, "key");
+				$this->shop->update_option('wpsg_shopdata_2_fax', $_REQUEST['wpsg_shopdata_2_fax'], false, true, "key");
+				$this->shop->update_option('wpsg_shopdata_2_email', $_REQUEST['wpsg_shopdata_2_email'], false, true, "email");
+				
+				$this->shop->update_option('wpsg_shopdata_eu', $_REQUEST['wpsg_shopdata_eu'], false, true, "key");
+				$this->shop->update_option('wpsg_shopdata_eu_name', $_REQUEST['wpsg_shopdata_eu_name'], false, true, "user");
+				$this->shop->update_option('wpsg_shopdata_eu_tel', $_REQUEST['wpsg_shopdata_eu_tel'], false, true, "key");
+				$this->shop->update_option('wpsg_shopdata_eu_fax', $_REQUEST['wpsg_shopdata_eu_fax'], false, true, "key");
+				$this->shop->update_option('wpsg_shopdata_eu_email', $_REQUEST['wpsg_shopdata_eu_email'], false, true, "email");
+				$this->shop->update_option('wpsg_shopdata_eu_street', $_REQUEST['wpsg_shopdata_eu_street'], false, true, "text_field");
+				$this->shop->update_option('wpsg_shopdata_eu_zip', $_REQUEST['wpsg_shopdata_eu_zip'], false, true, "key");
+				$this->shop->update_option('wpsg_shopdata_eu_city', $_REQUEST['wpsg_shopdata_eu_city'], false, true, "text_field");
+				$this->shop->update_option('wpsg_shopdata_eu_country', $_REQUEST['wpsg_shopdata_eu_country'], false, true, "text_field");
+				
+				$this->shop->update_option('dataprotectioncommissioner', $_REQUEST['dataprotectioncommissioner'], false, true, "key");
+				$this->shop->update_option('dataprotectioncommissioner_name', $_REQUEST['dataprotectioncommissioner_name'], false, true, "user");
+				$this->shop->update_option('dataprotectioncommissioner_tel', $_REQUEST['dataprotectioncommissioner_tel'], false, true, "key");
+				$this->shop->update_option('dataprotectioncommissioner_email', $_REQUEST['dataprotectioncommissioner_email'], false, true, "email");
+				$this->shop->update_option('dataprotectioncommissioner_baskettext', $_REQUEST['dataprotectioncommissioner_baskettext'], false, true, "text_field");
+				$this->shop->update_option('dataprotectioncommissioner_mailtext', $_REQUEST['dataprotectioncommissioner_mailtext'], false, true, "text_field");
+				$this->shop->update_option('dataprotectioncommissioner_texts', $_REQUEST['dataprotectioncommissioner_texts'], false, true, "text_field");
 								
-				$this->shop->update_option('wpsg_shopdata_bank_name', $_REQUEST['wpsg_shopdata_bank_name'], false, true);
-				$this->shop->update_option('wpsg_shopdata_bank_owner', $_REQUEST['wpsg_shopdata_bank_owner'], false, true);
-				$this->shop->update_option('wpsg_shopdata_bank_iban', $_REQUEST['wpsg_shopdata_bank_iban'], false, true);
-				$this->shop->update_option('wpsg_shopdata_bank_bic', $_REQUEST['wpsg_shopdata_bank_bic'], false, true);
+				$this->shop->update_option('wpsg_shopdata_bank_name', $_REQUEST['wpsg_shopdata_bank_name'], false, true, "user");
+				$this->shop->update_option('wpsg_shopdata_bank_owner', $_REQUEST['wpsg_shopdata_bank_owner'], false, true, "user");
+				$this->shop->update_option('wpsg_shopdata_bank_iban', $_REQUEST['wpsg_shopdata_bank_iban'], false, true, "key");
+				$this->shop->update_option('wpsg_shopdata_bank_bic', $_REQUEST['wpsg_shopdata_bank_bic'], false, true, "key");
 
 				$this->addBackendMessage(__('Shopdaten erfolgreich gespeichert.', 'wpsg'));
@@ -343,5 +343,7 @@
 		{
 
-		    $wpsg_update_data = wpsg_get_update_data($_REQUEST['wpsg_licence_file'], true);
+		    $wpsg_update_data = wpsg_get_update_data(
+		    	wpsg_sinput("text_field", $_REQUEST['wpsg_licence_file']), true
+		    );
 
             if (!wpsg_isSizedArray($wpsg_update_data))
@@ -364,5 +366,5 @@
 
 					$this->addBackendMessage(__('wpShopGermany wurde aktiviert.', 'wpsg'));
-                    $this->update_option('wpsg_key', $_REQUEST['wpsg_licence_file'], true);
+                    $this->update_option('wpsg_key', $_REQUEST['wpsg_licence_file'], true, false, "key");
 
                 }
@@ -395,5 +397,6 @@
 					else
 					{
-						 
+
+						$_REQUEST['modulcode'] = wpsg_xss($_REQUEST['modulcode']);
 						$api_return = wpsg_api_call('registerModule', array($_REQUEST['modulcode']));
 						
@@ -466,5 +469,8 @@
 			else if (wpsg_isSizedString($_REQUEST['do'], 'saveRegister'))
 			{
-				
+
+				foreach($_REQUEST['register'] as $k => $v)
+					$_REQUEST['register'][$k] = wpsg_xss($v);
+
 				$api_return = wpsg_api_call('updateRegisterData', array($_REQUEST['register']));
 					
@@ -674,7 +680,8 @@
 
 				$bOK = $this->installModul($_REQUEST['modul']);
+				$_REQUEST['source'] = wpsg_xss($_REQUEST['source']);
 						
 				if ($bOK === true) $this->addBackendMessage(__('Modul erfolgreich installiert.', 'wpsg'));
-				
+
 				if (wpsg_isSizedString($_REQUEST['source'], 'licence')) $this->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Admin&action=registrierung&subaction=modulactivation');
 				else $this->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Admin&action=module');
@@ -771,5 +778,6 @@
 					{
 
-						$this->shop->update_option($conf_key, $conf_value);
+						// TODO: Check wether $conf_value could be a numeric value
+						$this->shop->update_option($conf_key, $conf_value, false, false, "text_field");
 
 					}
@@ -960,10 +968,14 @@
 				$data = array();
 
-				$data[$_REQUEST['field']] = wpsg_q($_REQUEST['value']);
+				$_REQUEST['vz_id'] = wpsg_sinput("key", $_REQUEST['vz_id']);
 
 				if ($_REQUEST['field'] == 'name')
 				{
-					$this->shop->addTranslationString('vz_'.$_REQUEST['vz_id'], $_REQUEST['value']);
-				}
+
+					$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+					$this->shop->addTranslationString('vz_'.$_REQUEST['vz_id'], wpsg_sinput("text_field", $_REQUEST['value']));
+
+				}
+				else $data[$_REQUEST['field']] = wpsg_q(wpsg_sinput("key", $_REQUEST['value']));
 
 				$this->db->UpdateQuery(WPSG_TBL_VZ, $data, "`id` = '".wpsg_q($_REQUEST['vz_id'])."'");
@@ -976,5 +988,5 @@
 
 				$this->db->UpdateQuery(WPSG_TBL_VZ, array(
-					'param' => trim($_REQUEST['textarea'])
+					'param' => trim(wpsg_sinput("text_field", $_REQUEST['textarea']))
 				), "`id` = '".wpsg_q($_REQUEST['vz_id'])."'");
 
@@ -995,4 +1007,9 @@
 			if (isset($_REQUEST['submit']))
 			{
+
+				// Sanitization
+				foreach($_REQUEST as $k => $v)
+					if(strpos($k, "wpsg_deinstall_") !== false)
+						$_REQUEST[$k] = wpsg_sinput("key", $v);
 
 				if ($_REQUEST['wpsg_deinstall_products'] == '1')
@@ -1140,5 +1157,5 @@
 					{
 
-						$oCountry = wpsg_country::getInstance($country_id);
+						$oCountry = wpsg_country::getInstance(wpsg_sinput("key", $country_id));
 						$oCountry->delete();
 
@@ -1157,4 +1174,15 @@
 				$form_data = array(); parse_str($_REQUEST['form_data'], $form_data);
 
+				// Sanitization
+				$form_data['name'] = wpsg_sinput("text_field", $form_data['name']);
+				$form_data['kuerzel'] = wpsg_sinput("text_field", $form_data['kuerzel']);
+				$form_data['vz'] = wpsg_sinput("key", $form_data['vz']);
+				$form_data['mwst'] = wpsg_sinput("key", $form_data['mwst']);
+				$form_data['mwst_a'] = wpsg_tf(wpsg_sinput("key", $form_data['mwst_a'], "isFloat"));
+				$form_data['mwst_b'] = wpsg_tf(wpsg_sinput("key", $form_data['mwst_b'], "isFloat"));
+				$form_data['mwst_c'] = wpsg_tf(wpsg_sinput("key", $form_data['mwst_c'], "isFloat"));
+				$form_data['mwst_d'] = wpsg_tf(wpsg_sinput("key", $form_data['mwst_d'], "isFloat"));
+				$form_data['telprefix'] = wpsg_sinput("text_field", $form_data['telprefix']);
+
 				if (wpsg_isSizedInt($form_data['id']))
 				{
@@ -1176,5 +1204,5 @@
 				//icl_register_string('wpsg', '', $form_data['country']['name']);
 
-				if (wpsg_isSizedInt($form_data['standard'])) $this->update_option('wpsg_defaultland', $form_data['id']);
+				if (wpsg_isSizedInt($form_data['standard'])) $this->update_option('wpsg_defaultland', $form_data['id'], false, false, "key");
 
 				die($this->laenderList());
@@ -1497,10 +1525,10 @@
 			{
 
-				$this->shop->update_option('wpsg_customerpreset_shipping', $_REQUEST['wpsg_customerpreset_shipping']);
-				$this->shop->update_option('wpsg_customerpreset_payment', $_REQUEST['wpsg_customerpreset_payment']);
-				$this->shop->update_option('wpsg_defaultland', $_REQUEST['wpsg_defaultland']);
-				$this->shop->update_option('wpsg_customerpreset_title', $_REQUEST['wpsg_customerpreset_title']);
-
-				$this->update_option('wpsg_kundenvariablen_show', $_REQUEST['wpsg_kundenvariablen_show']);
+				$this->shop->update_option('wpsg_customerpreset_shipping', $_REQUEST['wpsg_customerpreset_shipping'], false, false, "key");
+				$this->shop->update_option('wpsg_customerpreset_payment', $_REQUEST['wpsg_customerpreset_payment'], false, false, "key");
+				$this->shop->update_option('wpsg_defaultland', $_REQUEST['wpsg_defaultland'], false, false, "key");
+				$this->shop->update_option('wpsg_customerpreset_title', $_REQUEST['wpsg_customerpreset_title'], false, false, "key");
+
+				$this->update_option('wpsg_kundenvariablen_show', $_REQUEST['wpsg_kundenvariablen_show'], false, false, "key");
 
 				foreach ($_REQUEST['pflicht'] as $k => $v)
@@ -1536,9 +1564,11 @@
 						{
 
-							$this->shop->addTranslationString('anrede_auswahl', $v);
+							$san_v = wpsg_sanitize("text_field", $v);
+
+							$this->shop->view['pflicht'][$k] = $san_v;
+							$this->shop->addTranslationString('anrede_auswahl', $san_v);
 
 						}
-
-						$this->shop->view['pflicht'][$k] = $v;
+						else $this->shop->view['pflicht'][$k] = wpsg_sinput("key", $v);
 
 					}
@@ -1583,4 +1613,5 @@
 				{
 
+					$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
 					$this->shop->view['pflicht']['custom'][$_REQUEST['field_id']]['name'] = $_REQUEST['value'];
 
@@ -1589,4 +1620,5 @@
 				{
 
+					$_REQUEST['value'] = wpsg_sinput("key", $_REQUEST['value']);
 					$this->shop->view['pflicht']['custom'][$_REQUEST['field_id']]['show'] = $_REQUEST['value'];
 
@@ -1595,4 +1627,5 @@
 				{
 
+					$_REQUEST['value'] = wpsg_sinput("key", $_REQUEST['value']);
 					$this->shop->view['pflicht']['custom'][$_REQUEST['field_id']]['typ'] = $_REQUEST['value'];
 
@@ -1668,5 +1701,5 @@
 			{
 
-				$this->update_option('wpsg_htmlmail', $_REQUEST['wpsg_htmlmail']);
+				$this->update_option('wpsg_htmlmail', $_REQUEST['wpsg_htmlmail'], false, false, "key");
 
 				wpsg_saveEMailConfig("global"); // Global
@@ -1796,7 +1829,7 @@
 
                 \check_admin_referer('wpsg-save-revocation');
-			    
-				$this->shop->update_option('wpsg_ps_mailwiderruf', $_REQUEST['wpsg_ps_mailwiderruf']);
-				$this->shop->addTranslationString('wpsg_ps_mailwiderruf', $_REQUEST['wpsg_ps_mailwiderruf']);
+
+				$this->shop->update_option('wpsg_ps_mailwiderruf', $_REQUEST['wpsg_ps_mailwiderruf'], false, false, "text_field");
+				$this->shop->addTranslationString('wpsg_ps_mailwiderruf', wpsg_sinput("text_field", $_REQUEST['wpsg_ps_mailwiderruf']));
 
 				if (file_exists($_FILES['wpsg_widerrufsformular']['tmp_name']))
@@ -1825,11 +1858,11 @@
 				    
                 }
-                
-				$this->shop->update_option('wpsg_widerrufsformular_kundenmail', $_REQUEST['wpsg_widerrufsformular_kundenmail']);
+
+				$this->shop->update_option('wpsg_widerrufsformular_kundenmail', $_REQUEST['wpsg_widerrufsformular_kundenmail'], false, false, "key");
 
 				if ($this->shop->hasMod('wpsg_mod_rechnungen'))
 				{
 
-					$this->shop->update_option('wpsg_widerrufsformular_invoice', $_REQUEST['wpsg_widerrufsformular_invoice']);
+					$this->shop->update_option('wpsg_widerrufsformular_invoice', $_REQUEST['wpsg_widerrufsformular_invoice'], false, false, "key");
 
 				}
@@ -1838,5 +1871,5 @@
 				{
 
-					$this->shop->update_option('wpsg_widerrufsformular_orderconfirm', $_REQUEST['wpsg_widerrufsformular_orderconfirm']);
+					$this->shop->update_option('wpsg_widerrufsformular_orderconfirm', $_REQUEST['wpsg_widerrufsformular_orderconfirm'], false, false, "key");
 
 				}
@@ -2007,23 +2040,23 @@
 			{
 
-                \check_admin_referer('wpsg-save-config'); 
+                \check_admin_referer('wpsg-save-config');
 			    
-				$this->update_option('wpsg_currency', $_REQUEST['wpsg_currency']);
-				$this->update_option('wpsg_showincompleteorder', $_REQUEST['wpsg_showincompleteorder']);
-				$this->update_option('wpsg_produkte_perpage', $_REQUEST['wpsg_produkte_perpage']);
-				$this->update_option('wpsg_emptyorder_clear', $_REQUEST['wpsg_emptyorder_clear']);
-				$this->update_option('wpsg_order_perpage', $_REQUEST['wpsg_order_perpage']);
-				$this->update_option('wpsg_skip_checkout2', $_REQUEST['wpsg_skip_checkout2']);
-				$this->update_option('wpsg_afterinsert', $_REQUEST['wpsg_afterinsert']);
-				$this->update_option('wpsg_afterorder', $_REQUEST['wpsg_afterorder']);
-				$this->update_option('wpsg_format_knr', $_REQUEST['wpsg_format_knr']);
-				$this->update_option('wpsg_order_knr', $_REQUEST['wpsg_order_knr']);
-				$this->update_option('wpsg_customer_start', $_REQUEST['wpsg_customer_start']);
-				$this->update_option('wpsg_format_onr', $_REQUEST['wpsg_format_onr']);
-				$this->update_option('wpsg_order_start', $_REQUEST['wpsg_order_start']);
+				$this->update_option('wpsg_currency', $_REQUEST['wpsg_currency'], false, false, "text_field");
+				$this->update_option('wpsg_showincompleteorder', $_REQUEST['wpsg_showincompleteorder'], false, false, "key");
+				$this->update_option('wpsg_produkte_perpage', $_REQUEST['wpsg_produkte_perpage'], false, false, "key");
+				$this->update_option('wpsg_emptyorder_clear', $_REQUEST['wpsg_emptyorder_clear'], false, false, "key");
+				$this->update_option('wpsg_order_perpage', $_REQUEST['wpsg_order_perpage'], false, false, "key");
+				$this->update_option('wpsg_skip_checkout2', $_REQUEST['wpsg_skip_checkout2'], false, false, "key");
+				$this->update_option('wpsg_afterinsert', $_REQUEST['wpsg_afterinsert'], false, false, "key");
+				$this->update_option('wpsg_afterorder', $_REQUEST['wpsg_afterorder'], false, false, "key");
+				$this->update_option('wpsg_format_knr', $_REQUEST['wpsg_format_knr'], false, false, "text_field");
+				$this->update_option('wpsg_order_knr', $_REQUEST['wpsg_order_knr'], false, false, "key");
+				$this->update_option('wpsg_customer_start', $_REQUEST['wpsg_customer_start'], false, false, "key");
+				$this->update_option('wpsg_format_onr', $_REQUEST['wpsg_format_onr'], false, false, "text_field");
+				$this->update_option('wpsg_order_start', $_REQUEST['wpsg_order_start'], false, false, "key");
 
 				if (wpsg_isSizedString($_REQUEST['wpsg_backend_language']))
 				{
-					$this->update_option('wpsg_backend_language', $_REQUEST['wpsg_backend_language']);
+					$this->update_option('wpsg_backend_language', wpsg_xss($_REQUEST['wpsg_backend_language']));
 				}
 
@@ -2035,17 +2068,19 @@
 			else if (@$_REQUEST['subaction'] == "dataprotection")
 			{
-				
-				$this->update_option('dataprotectioncommissioner', $_REQUEST['dataprotectioncommissioner']);
-				$this->update_option('dataprotectioncommissioner_name', $_REQUEST['dataprotectioncommissioner_name']);
-				$this->update_option('dataprotectioncommissioner_tel', $_REQUEST['dataprotectioncommissioner_tel']);
-				$this->update_option('dataprotectioncommissioner_email', $_REQUEST['dataprotectioncommissioner_email']);
-				$this->update_option('dataprotectioncommissioner_mailtext', $_REQUEST['dataprotectioncommissioner_mailtext']);
-				$this->update_option('dataprotectioncommissioner_baskettext', $_REQUEST['dataprotectioncommissioner_baskettext']);
-				$this->update_option('dataprotectioncommissioner_cookie', $_REQUEST['dataprotectioncommissioner_cookie']);
-				$this->update_option('dataprotectioncommissioner_cookietext', $_REQUEST['dataprotectioncommissioner_cookietext']);
-				
-				$this->update_option('wpsg_customerdatadelete', $_REQUEST['wpsg_customerdatadelete']);
-				$this->update_option('wpsg_customerdatedelete_who', $_REQUEST['wpsg_customerdatedelete_who']);
-				$this->update_option('wpsg_customerdatadelete_unit', $_REQUEST['wpsg_customerdatadelete_unit']);
+
+				$this->update_option('dataprotectioncommissioner', $_REQUEST['dataprotectioncommissioner'], false, false, "key");
+				$this->update_option('dataprotectioncommissioner_name', $_REQUEST['dataprotectioncommissioner_name'], false, false, "user");
+				$this->update_option('dataprotectioncommissioner_tel', $_REQUEST['dataprotectioncommissioner_tel'], false, false, "key");
+				$this->update_option('dataprotectioncommissioner_email', $_REQUEST['dataprotectioncommissioner_email'], false, false, "email");
+				$this->update_option('dataprotectioncommissioner_mailtext', $_REQUEST['dataprotectioncommissioner_mailtext'], false, false, "text_field");
+				# TODO: @ThoGoe
+				// $this->update_option('dataprotectioncommissioner_baskettext', $_REQUEST['dataprotectioncommissioner_baskettext'], false, false, "text_field");
+				// $this->update_option('dataprotectioncommissioner_mailtext', $_REQUEST['dataprotectioncommissioner_mailtext'], false, false, "text_field");
+				$this->update_option('dataprotectioncommissioner_cookie', $_REQUEST['dataprotectioncommissioner_cookie'], false, false, "key");
+				$this->update_option('dataprotectioncommissioner_cookietext', $_REQUEST['dataprotectioncommissioner_cookietext'], false, false, "text_field");
+
+				$this->update_option('wpsg_customerdatadelete', $_REQUEST['wpsg_customerdatadelete'], false, false, "text_field");
+				$this->update_option('wpsg_customerdatedelete_who', $_REQUEST['wpsg_customerdatedelete_who'], false, false, "key");
+				$this->update_option('wpsg_customerdatadelete_unit', $_REQUEST['wpsg_customerdatadelete_unit'], false, false, "key");
 				
 				$this->addBackendMessage(__('Einstellungen gespeichert.', 'wpsg'));
@@ -2058,24 +2093,24 @@
 			{
 
-				$this->update_option('wpsg_salt', $_REQUEST['wpsg_salt']);
-				$this->update_option('wpsg_options_nl2br', $_REQUEST['wpsg_options_nl2br']);
-				$this->update_option('wpsg_debugModus', $_REQUEST['wpsg_debugModus']);
-                $this->update_option('wpsg_displayTemplates', $_REQUEST['wpsg_displayTemplates']);
-                $this->update_option('wpsg_displayTemplatesLog', $_REQUEST['wpsg_displayTemplatesLog']);
-
-				$this->update_option('wpsg_referer_requesturi', $_REQUEST['wpsg_referer_requesturi']);
-				$this->update_option('wpsg_ignoreuserview', $_REQUEST['wpsg_ignoreuserview']);
-				$this->update_option('wpsg_classicupload', $_REQUEST['wpsg_classicupload']);
-				$this->update_option('wpsg_content_filter_direct', $_REQUEST['wpsg_content_filter_direct']);
-				$this->update_option('wpsg_options_no_rte_apply_filter', $_REQUEST['wpsg_options_no_rte_apply_filter']);
-				$this->update_option('wpsg_options_nl2br_out', $_REQUEST['wpsg_options_nl2br_out']);
-				$this->update_option('wpsg_impexp_clearlinebreak', $_REQUEST['wpsg_impexp_clearlinebreak']);
-				$this->update_option('wpsg_removeWpAutoOp', $_REQUEST['wpsg_removeWpAutoOp']);
-				$this->update_option('wpsg_removeWpTrimExcerpt', $_REQUEST['wpsg_removeWpTrimExcerpt']);
-				$this->update_option('wpsg_lockOrderTables', $_REQUEST['wpsg_lockOrderTables']);
-				$this->update_option('wpsg_autoraw', $_REQUEST['wpsg_autoraw']);
-				$this->update_option('wpsg_nocache', $_REQUEST['wpsg_nocache']);
-				$this->update_option('wpsg_autolineending', $_REQUEST['wpsg_autolineending']);
-				$this->update_option('wpsg_geo_determination', $_REQUEST['wpsg_geo_determination']);
+				$this->update_option('wpsg_salt', $_REQUEST['wpsg_salt'], false, false, "text_field");
+				$this->update_option('wpsg_options_nl2br', $_REQUEST['wpsg_options_nl2br'], false, false, "key");
+				$this->update_option('wpsg_debugModus', $_REQUEST['wpsg_debugModus'], false, false, "key");
+                $this->update_option('wpsg_displayTemplates', $_REQUEST['wpsg_displayTemplates'], false, false, "key");
+                $this->update_option('wpsg_displayTemplatesLog', $_REQUEST['wpsg_displayTemplatesLog'], false, false, "key");
+
+				$this->update_option('wpsg_referer_requesturi', $_REQUEST['wpsg_referer_requesturi'], false, false, "key");
+				$this->update_option('wpsg_ignoreuserview', $_REQUEST['wpsg_ignoreuserview'], false, false, "key");
+				$this->update_option('wpsg_classicupload', $_REQUEST['wpsg_classicupload'], false, false, "key");
+				$this->update_option('wpsg_content_filter_direct', $_REQUEST['wpsg_content_filter_direct'], false, false, "key");
+				$this->update_option('wpsg_options_no_rte_apply_filter', $_REQUEST['wpsg_options_no_rte_apply_filter'], false, false, "key");
+				$this->update_option('wpsg_options_nl2br_out', $_REQUEST['wpsg_options_nl2br_out'], false, false, "key");
+				$this->update_option('wpsg_impexp_clearlinebreak', $_REQUEST['wpsg_impexp_clearlinebreak'], false, false, "key");
+				$this->update_option('wpsg_removeWpAutoOp', $_REQUEST['wpsg_removeWpAutoOp'], false, false, "key");
+				$this->update_option('wpsg_removeWpTrimExcerpt', $_REQUEST['wpsg_removeWpTrimExcerpt'], false, false, "key");
+				$this->update_option('wpsg_lockOrderTables', $_REQUEST['wpsg_lockOrderTables'], false, false, "key");
+				$this->update_option('wpsg_autoraw', $_REQUEST['wpsg_autoraw'], false, false, "key");
+				$this->update_option('wpsg_nocache', $_REQUEST['wpsg_nocache'], false, false, "key");
+				$this->update_option('wpsg_autolineending', $_REQUEST['wpsg_autolineending'], false, false, "key");
+				$this->update_option('wpsg_geo_determination', $_REQUEST['wpsg_geo_determination'], false, false, "key");
 
 				$this->addBackendMessage(__('Einstellungen gespeichert.', 'wpsg'));
@@ -2087,12 +2122,12 @@
 			{
 
-				$this->update_option('wpsg_imagehandler_basketimage', $_REQUEST['wpsg_imagehandler_basketimage']);
-				$this->update_option('wpsg_imagehandler_overviewimage', $_REQUEST['wpsg_imagehandler_overviewimage']);
-				$this->update_option('wpsg_showMwstAlways', $_REQUEST['wpsg_showMwstAlways']);
-				$this->update_option('wpsg_form_validation', $_REQUEST['wpsg_form_validation']);
-				$this->update_option('wpsg_showArticelnumber', $_REQUEST['wpsg_showArticelnumber']);
-				$this->update_option('wpsg_ProductPositionNumber', $_REQUEST['wpsg_ProductPositionNumber']);
-				$this->update_option('wpsg_ProductPositionNumber', $_REQUEST['wpsg_ProductPositionNumber']);
-				$this->update_option('wpsg_hideBasketCountrySelect', $_REQUEST['wpsg_hideBasketCountrySelect']);
+				$this->update_option('wpsg_imagehandler_basketimage', $_REQUEST['wpsg_imagehandler_basketimage'], false, false, "key");
+				$this->update_option('wpsg_imagehandler_overviewimage', $_REQUEST['wpsg_imagehandler_overviewimage'], false, false, "key");
+				$this->update_option('wpsg_showMwstAlways', $_REQUEST['wpsg_showMwstAlways'], false, false, "key");
+				$this->update_option('wpsg_form_validation', $_REQUEST['wpsg_form_validation'], false, false, "key");
+				$this->update_option('wpsg_showArticelnumber', $_REQUEST['wpsg_showArticelnumber'], false, false, "key");
+				$this->update_option('wpsg_ProductPositionNumber', $_REQUEST['wpsg_ProductPositionNumber'], false, false, "key");
+				$this->update_option('wpsg_ProductPositionNumber', $_REQUEST['wpsg_ProductPositionNumber'], false, false, "key");
+				$this->update_option('wpsg_hideBasketCountrySelect', $_REQUEST['wpsg_hideBasketCountrySelect'], false, false, "key");
 
 				$this->shop->callMods('admin_presentation_submit');
@@ -2250,11 +2285,11 @@
 			{
 
-				$this->update_option('wpsg_load_css', $_REQUEST['wpsg_load_css']);
-				$this->update_option('wpsg_load_jquery', $_REQUEST['wpsg_load_jquery']);
-				$this->update_option('wpsg_load_thickbox_js', $_REQUEST['wpsg_load_thickbox_js']);
-				$this->update_option('wpsg_load_thickbox_css', $_REQUEST['wpsg_load_thickbox_css']);
-				$this->update_option('wpsg_load_validierung_js', $_REQUEST['wpsg_load_validierung_js']);
-				$this->update_option('wpsg_load_validierung_css', $_REQUEST['wpsg_load_validierung_css']);
-				$this->update_option('wpsg_load_bootstrap_glyphfont_css', $_REQUEST['wpsg_load_bootstrap_glyphfont_css']);
+				$this->update_option('wpsg_load_css', $_REQUEST['wpsg_load_css'], false, false, "key");
+				$this->update_option('wpsg_load_jquery', $_REQUEST['wpsg_load_jquery'], false, false, "key");
+				$this->update_option('wpsg_load_thickbox_js', $_REQUEST['wpsg_load_thickbox_js'], false, false, "key");
+				$this->update_option('wpsg_load_thickbox_css', $_REQUEST['wpsg_load_thickbox_css'], false, false, "key");
+				$this->update_option('wpsg_load_validierung_js', $_REQUEST['wpsg_load_validierung_js'], false, false, "key");
+				$this->update_option('wpsg_load_validierung_css', $_REQUEST['wpsg_load_validierung_css'], false, false, "key");
+				$this->update_option('wpsg_load_bootstrap_glyphfont_css', $_REQUEST['wpsg_load_bootstrap_glyphfont_css'], false, false, "key");
 
 				$this->shop->callMods('admin_includes_save');
@@ -2279,10 +2314,10 @@
 			{
 
-				$this->update_option('wpsg_kleinunternehmer', $_REQUEST['wpsg_kleinunternehmer']);
-				$this->update_option('wpsg_kleinunternehmer_text', $_REQUEST['wpsg_kleinunternehmer_text']);
-				$this->update_option('wpsg_preisangaben', $_REQUEST['wpsg_preisangaben']);
-				$this->update_option('wpsg_preisangaben_frontend', $_REQUEST['wpsg_preisangaben_frontend']);
-				$this->update_option('wpsg_hideemptyshipping', $_REQUEST['wpsg_hideemptyshipping']);
-				$this->update_option('wpsg_hideemptypayment', $_REQUEST['wpsg_hideemptypayment']);
+				$this->update_option('wpsg_kleinunternehmer', $_REQUEST['wpsg_kleinunternehmer'], false, false, "key");
+				$this->update_option('wpsg_kleinunternehmer_text', $_REQUEST['wpsg_kleinunternehmer_text'], false, false, "text_field");
+				$this->update_option('wpsg_preisangaben', $_REQUEST['wpsg_preisangaben'], false, false, "key");
+				$this->update_option('wpsg_preisangaben_frontend', $_REQUEST['wpsg_preisangaben_frontend'], false, false, "key");
+				$this->update_option('wpsg_hideemptyshipping', $_REQUEST['wpsg_hideemptyshipping'], false, false, "key");
+				$this->update_option('wpsg_hideemptypayment', $_REQUEST['wpsg_hideemptypayment'], false, false, "key");
 
 				$this->addBackendMessage(__('Einstellung gespeichert.', 'wpsg'));
@@ -2299,4 +2334,10 @@
 				{
 
+					// Sanitization
+					foreach($_REQUEST['wpsg_cap'] as $k => $v)
+						foreach($v as $_k => $_v)
+							$_REQUEST['wpsg_cap'][$k][$_k] = wpsg_sinput("key", $_v);
+
+					// Applying Settings
 					foreach ($_REQUEST['wpsg_cap'] as $role_name => $cap)
 					{
@@ -2333,14 +2374,14 @@
 
 				// Seiten speichern
-				$this->createPage(__('Anfrageliste', 'wpsg'), 'wpsg_page_request', $_REQUEST['wpsg_page_request']);
-				$this->createPage(__('Warenkorb', 'wpsg'), 'wpsg_page_basket', $_REQUEST['wpsg_page_basket']);
-				$this->createPage(__('Weiter shoppen', 'wpsg'), 'wpsg_page_basket_more', $_REQUEST['wpsg_page_basket_more']);
-				$this->createPage(__('Versandkosten', 'wpsg'), 'wpsg_page_versand', $_REQUEST['wpsg_page_versand']);
-				$this->createPage(__('Produktdetail', 'wpsg'), 'wpsg_page_product', $_REQUEST['wpsg_page_product']);
-				$this->createPage(__('AGB', 'wpsg'), 'wpsg_page_agb', $_REQUEST['wpsg_page_agb']);
-				$this->createPage(__('Datenschutz', 'wpsg'), 'wpsg_page_datenschutz', $_REQUEST['wpsg_page_datenschutz']);
-				$this->createPage(__('Widerrufsbelehrung', 'wpsg'), 'wpsg_page_widerrufsbelehrung', $_REQUEST['wpsg_page_widerrufsbelehrung']);
-				$this->update_option('wpsg_page_onlinedisputeresolution', $_REQUEST['wpsg_page_onlinedisputeresolution']);
-				$this->createPage(__('Impressum', 'wpsg'), 'wpsg_page_impressum', $_REQUEST['wpsg_page_impressum']);
+				$this->createPage(__('Anfrageliste', 'wpsg'), 'wpsg_page_request', wpsg_sinput("key", $_REQUEST['wpsg_page_request']));
+				$this->createPage(__('Warenkorb', 'wpsg'), 'wpsg_page_basket', wpsg_sinput("key", $_REQUEST['wpsg_page_basket']));
+				$this->createPage(__('Weiter shoppen', 'wpsg'), 'wpsg_page_basket_more', wpsg_sinput("key", $_REQUEST['wpsg_page_basket_more']));
+				$this->createPage(__('Versandkosten', 'wpsg'), 'wpsg_page_versand', wpsg_sinput("key", $_REQUEST['wpsg_page_versand']));
+				$this->createPage(__('Produktdetail', 'wpsg'), 'wpsg_page_product', wpsg_sinput("key", $_REQUEST['wpsg_page_product']));
+				$this->createPage(__('AGB', 'wpsg'), 'wpsg_page_agb', wpsg_sinput("key", $_REQUEST['wpsg_page_agb']));
+				$this->createPage(__('Datenschutz', 'wpsg'), 'wpsg_page_datenschutz', wpsg_sinput("key", $_REQUEST['wpsg_page_datenschutz']));
+				$this->createPage(__('Widerrufsbelehrung', 'wpsg'), 'wpsg_page_widerrufsbelehrung', wpsg_sinput("key", $_REQUEST['wpsg_page_widerrufsbelehrung']));
+				$this->update_option('wpsg_page_onlinedisputeresolution', $_REQUEST['wpsg_page_onlinedisputeresolution'], false, false, "key");
+				$this->createPage(__('Impressum', 'wpsg'), 'wpsg_page_impressum', wpsg_sinput("key", $_REQUEST['wpsg_page_impressum']));
 
 				$this->addBackendMessage(__('Seiteneinstellungen bearbeitet.', 'wpsg'));
@@ -2354,4 +2395,6 @@
 				$global = false;
 				if ($this->shop->isMultiBlog() && $this->shop->get_option('wpsg_multiblog_standalone', true) != '1') $global = true;
+
+				$_REQUEST['aktiv'] = wpsg_sinput("key", $_REQUEST['aktiv']);
 
 				if ($this->get_option($_REQUEST['modul'], $global) > 0 && $_REQUEST['aktiv'] == '1' && array_key_exists($_REQUEST['modul'], $this->shop->arModule))
Index: /controller/wpsg_OrderController.class.php
===================================================================
--- /controller/wpsg_OrderController.class.php	(revision 7397)
+++ /controller/wpsg_OrderController.class.php	(revision 7398)
@@ -12,5 +12,5 @@
 		public function dispatch()
 		{
-			//die('test');
+
 			parent::dispatch();
 
@@ -88,5 +88,10 @@
 
         public function updateOrderAction() {
- 
+
+			$_REQUEST['shipping_price'] = wpsg_sinput("text_field", $_REQUEST['shipping_price']);
+	        $_REQUEST['payment_price'] = wpsg_sinput("text_field", $_REQUEST['payment_price']);
+
+	        $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+
 		    $oCalculation = new \wpsg\wpsg_calculation();
 		    $oCalculation->fromDB($_REQUEST['edit_id']);
@@ -114,5 +119,5 @@
             ]);
             
-        }
+        } // public function updateOrderAction()
         
         public function autocompleteAction() {
@@ -145,5 +150,7 @@
             if (!wpsg_isSizedString($_REQUEST['search_customer'])) $this->addBackendError(__('Bitte einen Kunden definieren.', 'wpsg'));
             else {
-                
+
+	            $_REQUEST['search_customer'] = wpsg_sinput("text_field", $_REQUEST['search_customer']);
+
                 // ID:3 / Max Mustermann (buyer@maennchen1.de)
                 preg_match_all('/^ID:(\d+?)/i', $_REQUEST['search_customer'], $m);
@@ -196,12 +203,12 @@
                 								
                 $order_id = $this->db->ImportQuery(WPSG_TBL_ORDER, Array(
-                    'payment_key' => wpsg_q($_REQUEST['add_payment']),                    
+                    'payment_key' => wpsg_q(wpsg_sinput("key", $_REQUEST['add_payment'])),
                     'payment_bruttonetto' => wpsg_q($this->shop->getBackendTaxview()),
-					'payment_tax_key' => wpsg_q($this->shop->arPayment[$_REQUEST['add_payment']]['mwst_key']),
-					'payment_set' => wpsg_q($this->shop->arPayment[$_REQUEST['add_payment']]['price']),
-					'shipping_key' => wpsg_q($_REQUEST['add_shipping']),
+					'payment_tax_key' => wpsg_q($this->shop->arPayment[wpsg_sinput("key", $_REQUEST['add_payment'])]['mwst_key']),
+					'payment_set' => wpsg_q($this->shop->arPayment[wpsg_sinput("key", $_REQUEST['add_payment'])]['price']),
+					'shipping_key' => wpsg_q(wpsg_sinput("key", $_REQUEST['add_shipping'])),
 					'shipping_bruttonetto' => wpsg_q($this->shop->getBackendTaxview()),
-					'shipping_tax_key' => wpsg_q($this->shop->arShipping[$_REQUEST['add_shipping']]['mwst_key']),
-					'shipping_set' => wpsg_q($this->shop->arShipping[$_REQUEST['add_shipping']]['price']),
+					'shipping_tax_key' => wpsg_q($this->shop->arShipping[wpsg_sinput("key", $_REQUEST['add_shipping'])]['mwst_key']),
+					'shipping_set' => wpsg_q($this->shop->arShipping[wpsg_sinput("key", $_REQUEST['add_shipping'])]['price']),
                     'price_frontend' => $this->shop->getFrontendTaxview(),
                     'cdate' => 'NOW()',
@@ -861,4 +868,6 @@
 		{
 
+			$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+
 			$this->db->UpdateQuery(WPSG_TBL_ORDER, array(
 				'admincomment' => wpsg_q($_REQUEST['value'])
@@ -1083,5 +1092,9 @@
 			{
 
-				$bOK = $this->shop->setOrderStatus($_REQUEST['edit_id'], $_REQUEST['status'], (($_REQUEST['sendMail'] == '1')?true:false));
+				$bOK = $this->shop->setOrderStatus(
+					wpsg_sinput("key", $_REQUEST['edit_id']),
+					wpsg_sinput("key", $_REQUEST['status']),
+					(($_REQUEST['sendMail'] == '1')?true:false)
+				);
 
 				if ($bOK)
@@ -1114,7 +1127,10 @@
 		public function viewAction()
 		{
-			 
+
 			if (wpsg_isSizedString($_REQUEST['subaction'], 'updateCalculation')) {
-				
+
+				$_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+				$_REQUEST['tax_mode'] = wpsg_sinput("key", $_REQUEST['tax_mode']);
+
 				$oCalculation = new \wpsg\wpsg_calculation();
 				
@@ -1481,5 +1497,5 @@
 			else
 			{
-				
+
 				$this->shop->render(WPSG_PATH_VIEW.'/order/view.phtml');
 
@@ -1512,5 +1528,5 @@
 		public function indexAction()
 		{
- 
+
 			if (wpsg_isSizedString($_REQUEST['do'], 'writeMultiRechnung') || wpsg_isSizedString($_REQUEST['wpsg_action'], 'showRechnung'))
 			{
@@ -1733,4 +1749,11 @@
 			{
 
+				$_REQUEST['filter']['s'] = wpsg_sinput("text_field", $_REQUEST['filter']['s']);
+				$_REQUEST['filter']['k_id'] = wpsg_xss($_REQUEST['filter']['k_id']);
+				$_REQUEST['filter']['cdate_m'] = wpsg_sinput("key", $_REQUEST['filter']['cdate_m']);
+				$_REQUEST['filter']['cdate_y'] = wpsg_sinput("key", $_REQUEST['filter']['cdate_y']);
+				$_REQUEST['filter']['invoicedate_m'] = wpsg_sinput("key", $_REQUEST['filter']['invoicedate_m']);
+				$_REQUEST['filter']['invoicedate_y'] = wpsg_sinput("key", $_REQUEST['filter']['invoicedate_y']);
+
 				$this->shop->view['arFilter'] = $_REQUEST['filter'];
 
Index: /controller/wpsg_ProduktController.class.php
===================================================================
--- /controller/wpsg_ProduktController.class.php	(revision 7397)
+++ /controller/wpsg_ProduktController.class.php	(revision 7398)
@@ -130,5 +130,5 @@
 				delete_post_meta($_REQUEST['pid'], 'wpsg_produkt_id', $_REQUEST['edit_id']);
 
-				$this->shop->view['data']['id'] = $_REQUEST['edit_id'];
+				$this->shop->view['data']['id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
 
 				if ($this->shop->hasMod('wpsg_mod_produktartikel')) $this->shop->callMod('wpsg_mod_produktartikel', 'updatePostThumbnail', array($_REQUEST['edit_id']));
@@ -170,4 +170,8 @@
 			if (wpsg_isSizedArray($_REQUEST['filter']))
 			{
+
+				$_REQUEST['filter']['s'] = wpsg_xss($_REQUEST['filter']['s']);
+				$_REQUEST['filter']['productgroup_ids'] = sanitize_key($_REQUEST['filter']['productgroup_ids']);
+				$_REQUEST['filter']['productcategory_ids'] = sanitize_key($_REQUEST['filter']['productcategory_ids']);
 
 				$this->shop->view['arFilter'] = $_REQUEST['filter'];
@@ -836,10 +840,10 @@
 
 				$data = array(
-					'name' => wpsg_q($_REQUEST['name']),
+					'name' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['name'])),
 					'disabled' => wpsg_q($_REQUEST['disabled']),
-					'detailname' => wpsg_q($_REQUEST['detailname']),
-					'shortdesc' => wpsg_q($_REQUEST['shortdesc']),
-					'beschreibung' => wpsg_q($_REQUEST['beschreibung']),
-					'partikel' => wpsg_q(wpsg_getStr($_REQUEST['partikel']))
+					'detailname' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['detailname'])),
+					'shortdesc' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['shortdesc'])),
+					'beschreibung' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['beschreibung'])),
+					'partikel' => wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['partikel'])))
 				);
 
@@ -860,22 +864,22 @@
 
 				$data = array(
-					'name' => wpsg_q(wpsg_getStr($_REQUEST['name'])),
-					'disabled' => wpsg_q($_REQUEST['disabled']),
-					'detailname' => wpsg_q(wpsg_getStr($_REQUEST['detailname'])),
-					'shortdesc' => wpsg_q(wpsg_getStr($_REQUEST['shortdesc'])),
-					'beschreibung' => wpsg_q(wpsg_getStr($_REQUEST['beschreibung'])),
+					'name' => wpsg_q(wpsg_sinput("text_field", wpsg_getStr($_REQUEST['name']))),
+					'disabled' => wpsg_q(wpsg_sinput("key", $_REQUEST['disabled'])),
+					'detailname' => wpsg_q(wpsg_sinput("text_field", wpsg_getStr($_REQUEST['detailname']))),
+					'shortdesc' => wpsg_q(wpsg_sinput("text_field", wpsg_getStr($_REQUEST['shortdesc']))),
+					'beschreibung' => wpsg_q(wpsg_sinput("text_field", wpsg_getStr($_REQUEST['beschreibung']))),
 					'longdescription' => wpsg_q(wpsg_getStr($_REQUEST['longdescription'])),
 					'moreinfos' => wpsg_q(wpsg_getStr($_REQUEST['moreinfos'])),
-				    'moreinfos2' => wpsg_q(wpsg_getStr($_REQUEST['moreinfos2'])),
-					'anr' => wpsg_q(wpsg_getStr($_REQUEST['anr'])),
-					'mwst_key' => wpsg_q(wpsg_getStr($_REQUEST['mwst_key'])),
-					'ptemplate_file' => wpsg_q(wpsg_getStr($_REQUEST['ptemplate_file'])),
-					'posturl' => wpsg_q(wpsg_getStr($_REQUEST['posturl'])),
-					'posturl_verkauf' => wpsg_q(wpsg_getStr($_REQUEST['posturl_verkauf'])),
-					'posturl_bezahlung' => wpsg_q(wpsg_getStr($_REQUEST['posturl_bezahlung'])),
-					'partikel' => wpsg_q(wpsg_getStr($_REQUEST['partikel'])),
-					'euleistungsortregel' => wpsg_q(wpsg_getStr($_REQUEST['euleistungsortregel'])),
-					'basket_multiple' => wpsg_q(wpsg_getStr($_REQUEST['basket_multiple'])),
-					'rating' => wpsg_q(wpsg_getStr($_REQUEST['rating']))
+					'moreinfos2' => wpsg_q(wpsg_getStr($_REQUEST['moreinfos2'])),
+					'anr' => wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['anr']))),
+					'mwst_key' => wpsg_q(wpsg_sinput("text_field", wpsg_getStr($_REQUEST['mwst_key']))),
+					'ptemplate_file' => wpsg_q(wpsg_sinput("text_field", wpsg_getStr($_REQUEST['ptemplate_file']))),
+					'posturl' => wpsg_q(wpsg_sinput("text_field", wpsg_sinput("text_field", wpsg_getStr($_REQUEST['posturl'])))),
+					'posturl_verkauf' => wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['posturl_verkauf']))),
+					'posturl_bezahlung' => wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['posturl_bezahlung']))),
+					'partikel' => wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['partikel']))),
+					'euleistungsortregel' => wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['euleistungsortregel']))),
+					'basket_multiple' => wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['basket_multiple']))),
+					'rating' => wpsg_q(wpsg_xss(wpsg_getStr($_REQUEST['rating'])))
 				);
 
Index: /controller/wpsg_SystemController.class.php
===================================================================
--- /controller/wpsg_SystemController.class.php	(revision 7397)
+++ /controller/wpsg_SystemController.class.php	(revision 7398)
@@ -72,16 +72,43 @@
 			else
 				$return = get_option($key);
-			
+
 			return $return;
 			
 		} // public function get_option($key)
-		
+
 		/**
 		 * Setzt eine Einstellung
 		 * Est mal nur Tunnel fÃŒr die Wordpress Funktion
-		 */
-		public function update_option($key, $value, $force_global = false, $addTrans = false)
-		{
-			
+		 *
+		 * @param       $key
+		 * @param       $value
+		 * @param bool  $force_global
+		 * @param bool  $addTrans
+		 * @param null  $sanitize_type
+		 * @param array $sanitize_params
+		 */
+		public function update_option($key, $value, $force_global = false, $addTrans = false, $sanitize_type = NULL, $sanitize_params = array())
+		{
+
+			if(wpsg_isSizedString($sanitize_type))
+			{
+
+				array_unshift($sanitize_params, $value);
+				array_unshift($sanitize_params, $sanitize_type);
+
+				$value = call_user_func_array("wpsg_sanitize", $sanitize_params);
+
+				if($value === false)
+				{
+
+					$value = $this->get_option($key);
+
+					// Die 0 ist wichtig!
+					$_SESSION['sanitization_err_fields'][$key] = 0;
+
+				}
+
+			}
+
 			if ($force_global)
 				update_site_option($key, $value);
@@ -211,8 +238,12 @@
 
 		} // public function addBackendMessage($message)
-		
+
 		/**
 		 * FÃŒgt eine neue Fehlermeldung eines Backend Moduls hinzu
-		 * @param \String $hideLink Soll die Meldung ausblendbar sein, so muss ein Key mitgegeben werden der die Meldung identifiziert
+		 *
+		 * @param \String $hideLink Soll die Meldung ausblendbar sein, so muss ein Key mitgegeben werden der die
+		 *                          Meldung identifiziert
+		 *
+		 * @return bool|void
 		 */
 		public function addBackendError($message, $hideLinkKey = false, $addBlendOut = true)
@@ -540,5 +571,5 @@
 		public function getRessourcePath($path) {
 
-            $plugin_dir = ABSPATH.'wp-content/plugins/';
+            $plugin_dir = ABSPATH.WPSG_CONTENTDIR_WP.'/plugins/';
                         
             if (strpos(realpath($path), realpath ($plugin_dir)) === 0) {
Index: /cron.php
===================================================================
--- /cron.php	(revision 7397)
+++ /cron.php	(revision 7398)
@@ -10,9 +10,10 @@
 	define('WPSG_CRON', true);
 
-	require_once(dirname(__FILE__).'/../../../wp-load.php'); 
- 
+	#require_once(dirname(__FILE__).'/../../../wp-load.php');
+	require_once(ABSPATH.'/wp-load.php');
+
 	date_default_timezone_set("Europe/Berlin");
  	
-	require_once(dirname(__FILE__).'/wpshopgermany.php');  
+	require_once(plugin_dir_path(__FILE__).'/wpshopgermany.php');
 	
 	$GLOBALS['wpsg_sc']->callMods('cron');
Index: /lib/filter_functions.inc.php
===================================================================
--- /lib/filter_functions.inc.php	(revision 7397)
+++ /lib/filter_functions.inc.php	(revision 7398)
@@ -455,6 +455,6 @@
     
         $min = 15;
-        //$min = 0.2;
-    
+        //a$min = 0.2;
+
         if ($wpsg_lastupdate == false || $wpsg_lastupdate < time() - 60 * $min || !wpsg_isSizedArray($wpsg_update_data))
         {
@@ -488,5 +488,5 @@
     
         }
-    
+
         return $wpsg_update_data;
     
@@ -507,8 +507,25 @@
     function wpsg_admin_footer()
     {
-    
+
         if (is_admin() && preg_match('/wpsg/', wpsg_getStr($_REQUEST['page'])))
         {
-    
+
+            $sanitization_err_code = "";
+
+        	if(wpsg_isSizedArray($_SESSION['sanitization_err_fields']))
+	        {
+	        	foreach($_SESSION['sanitization_err_fields'] as $field_name => $nCalls)
+		        {
+
+		        	$_SESSION['sanitization_err_fields'][$field_name]++;
+
+		        	if($_SESSION['sanitization_err_fields'][$field_name] >= 1)
+		        		unset($_SESSION['sanitization_err_fields'][$field_name]);
+
+		        	$sanitization_err_code .= "document.getElementsByName('$field_name').forEach(el => { el.style.borderColor = '#D9534F'; });\n";
+
+		        }
+	        }
+
             $content = '
                     <script type="text/javascript">
@@ -516,4 +533,6 @@
                         jQuery(document).ready(function() {
                         
+                        	'.$sanitization_err_code.'
+                        	
                             jQuery.datepicker.setDefaults(jQuery.datepicker.regional["de"]);
                             jQuery(".wpsg-datepicker").datepicker({
Index: /lib/functions.inc.php
===================================================================
--- /lib/functions.inc.php	(revision 7397)
+++ /lib/functions.inc.php	(revision 7398)
@@ -474,5 +474,7 @@
 	function wpsg_xss($value)
 	{
-		
+
+		if(is_object($value)) return $value;
+
 		if (is_array($value))
 		{
@@ -496,9 +498,252 @@
 		
 	} // function wpsg_xss($value)
-	
+
+	/**
+	 * Entry function for universal sanitization and validation
+	 * Suited for assigning another value if function returns false due to an error
+	 *
+	 * @param String    $type
+	 * @param array     $params
+	 *
+	 * @return array|String
+	 * @throws \wpsg\Exception  Do *not* catch
+	 *
+	 * @see "Securing Input" ( https://developer.wordpress.org/plugins/security/securing-input/ )
+	 */
+	function wpsg_sanitize($type, ...$params)
+	{
+
+		$err = false;
+
+		// Main parameter used for comparison
+		$primary = isset($params["primary"]) ? $params['primary'] : $params[0];
+
+		// If $primary is not even set
+		if($primary === NULL) return false;
+
+		// If prefix "sanitize_" not assigned
+		if(strpos($primary, "sanitize_") === false) $type = "sanitize_$type";
+
+		$validTypes = array(
+			"sanitize_email" => "str",
+			"sanitize_file_name" => "str",
+			"sanitize_hex_color" => "str",
+			"sanitize_hex_color_no_hash" => "str",
+			"sanitize_html_class" => "str",
+			"sanitize_key" => "int",
+			"sanitize_meta" => "int", // gettype($meta_key) === "int"
+			"sanitize_mime_type" => "str",
+			"sanitize_option" => "mixed",
+			"sanitize_sql_orderby" => "str",
+			"sanitize_text_field" => "str",
+			"sanitize_title" => "str",
+			"sanitize_title_for_query" => "str",
+			"sanitize_title_with_dashes" => "str",
+			"sanitize_user" => "str",
+			"wpsg_txt_tbl" => "txt_tbl"
+		);
+
+		if(!array_key_exists($type, $validTypes)) return wpsg_xss($primary);
+		if(!function_exists($type) && strpos($type, "wpsg_") === false)
+			throw new \wpsg\Exception("Function $type does not exists in the WordPress function pool.");
+
+		# Validation (and Sanitization for type txt_tbl)
+		switch($validTypes[$type])
+		{
+
+			// Asked for a string
+			case "str":
+				if(gettype($primary) !== "string" || is_numeric($primary))
+					$err = __("Bitte ÃŒberprÃŒfen sie folgende Eingabe: ");
+				break;
+
+			// Asked for an integer
+			case "int":
+				if($primary[0] === "-")
+				{
+
+					$isNegative = true;
+					$primary = substr($primary, 1, strlen($primary) - 1);
+
+				}
+
+				$prefix = wpsg_isTrue($isNegative) ? "-" : "";
+
+				if(in_array("isFloat", $params))
+				{
+
+					$fPrimary = wpsg_tf($primary);
+
+
+					if(
+						(bool)((double)$fPrimary <= (double)wpsg_tf(0)) &&
+						wpsg_isSizedString($primary) &&
+						!in_array($primary, array("0", "0.0", "0.00", "0,0", "0,00")))
+					{
+
+						$fPrimary = $primary;
+						$prefix = "";
+
+						$err = __("Bitte ÃŒberprÃŒfen sie folgende Eingabe: ");
+
+					}
+
+				}
+				else
+				{
+
+					$nPrimary = (int)$primary;
+					if(
+						gettype($nPrimary) !== "integer" ||
+						!empty($nPrimary) && !wpsg_isSizedInt($nPrimary) && $primary !== "0" ||
+						wpsg_isSizedString($primary) && !wpsg_isSizedInt($nPrimary) && $primary !== "0"
+					) $err = __("Bitte ÃŒberprÃŒfen sie folgende Eingabe: ");
+
+				}
+				break;
+
+			case "txt_tbl":
+				$returnArr = array();
+
+				foreach($primary as $k => $arr)
+					foreach($arr as $_k => $_v)
+						switch($_k)
+						{
+
+							case "text":
+								$returnArr[$k][$_k] = wpsg_sanitize("text_field", $_v);
+								break;
+
+							case "x":
+							case "y":
+							case "fontsize":
+							case "alpha":
+							case "angle":
+							case "align":
+							case "aktiv":
+							case "bg":
+								$returnArr[$k][$_k] = wpsg_sanitize("key", $_v);
+								break;
+
+							case "color":
+								$returnArr[$k][$_k] = wpsg_sanitize("hex_color", $_v);
+								break;
+
+						}
+
+				return $returnArr;
+				break;
+
+			// Mixed value
+			default:
+				break;
+
+		}
+
+		# Sanitization
+		try{
+
+			// If a float/double value is wanted
+			if($validTypes[$type] !== "int" && !in_array("isFloat", $params) || $err !== false)
+				$sanitized_val = call_user_func_array($type, $params);
+			else if(in_array("isFloat", $params))
+				$sanitized_val = sanitize_text_field($prefix.wpsg_ff($fPrimary));
+			else
+				$sanitized_val = sanitize_text_field($prefix.$nPrimary);
+
+		} catch(Exception $e) {
+			throw new \wpsg\Exception($e->getMessage(), $e->getCode());
+		}
+
+		# If error was thrown --> output $primary after sanitization
+		if($err !== false)
+		{
+
+			$GLOBALS['wpsg_sc']->addBackendError(
+				$err . (wpsg_isSizedString($sanitized_val) ? substr($sanitized_val, 0, 10) : $sanitized_val)
+			);
+
+			return false;
+
+		}
+
+		return $sanitized_val ?: wpsg_xss($primary);
+
+	} // function wpsg_sanitize(String $type, array|string ...$params)
+
+
+	/**
+	 * Secure Input Alias
+	 * Suited for returning either the wp sanitized or the wpsg_xss sanitized value
+	 *
+	 * @param       $type
+	 * @param mixed ...$params
+	 *
+	 * @return array|string
+	 * @throws \wpsg\Exception  Do *not* catch
+	 */
+	function wpsg_sinput($type, ...$params)
+	{
+
+		$primary = isset($params["primary"]) ? $params['primary'] : $params[0];
+		$sanitizedVal = wpsg_sanitize($type, ...$params);
+
+		return !$sanitizedVal ? wpsg_xss($primary) : $sanitizedVal;
+
+	} // function wpsg_sinput(String $type, array|string ...$params)
+
+	/**
+	 * Entry function for global escaping
+	 *
+	 * @param String $type
+	 * @param array  $params
+	 *
+	 * @return string
+	 * @throws \wpsg\Exception Do *not* catch
+	 * @see "Securing Output" ( https://developer.wordpress.org/plugins/security/securing-output/ )
+	 */
+	function wpsg_escape($type, ...$params)
+	{
+
+		// Main parameter used for comparison
+		$primary = isset($params["primary"]) ? $params['primary'] : $params[0];
+
+		// If $primary is not even set
+		if($primary === NULL) return false;
+
+		// If prefix "esc_" is not assigned
+		if(strpos($type, "esc_") === false) $type = "esc_" . $type;
+
+		$validTypes = array(
+			"esc_html",
+			"esc_url",
+			"esc_js",
+			"esc_attr"
+		);
+
+		if(!in_array($type, $validTypes)) return wpsg_q($primary);
+		if(!function_exists($type)) throw new \wpsg\Exception("Function $type does not exists in the WordPress function pool.");
+
+		# Escape function execution
+		try{
+			if(wpsg_isSizedArray($params)) $returnVal = call_user_func_array(
+				$type, array_unshift($params, $primary)
+			);
+			else $returnVal = $type($primary);
+		} catch(Exception $e) {
+			throw new \wpsg\Exception($e->getMessage(), $e->getCode());
+		}
+
+		return $returnVal ?: wpsg_q($primary);
+
+	} // function wpsg_escape(String $type, array|String $params)
+
 	/**
 	 * Sortiert den Array $ar um, nach den Indexen in $newIndexOrder
+	 *
 	 * @param unknown $ar
 	 * @param unknown $newIndexOrder
+	 *
+	 * @throws \wpsg\Exception
 	 */
 	function wpsg_array_reorder(&$ar, $newIndexOrder)
Index: /lib/helper_functions.inc.php
===================================================================
--- /lib/helper_functions.inc.php	(revision 7397)
+++ /lib/helper_functions.inc.php	(revision 7398)
@@ -57,6 +57,7 @@
 			if (!$ok)
 			{
-	
-				$file = preg_replace('/(.*)wp-content/', '/wp-content', $file);
+
+				$file = preg_replace('/(.*)'.WPSG_CONTENTDIR_WP.'/', '/'.WPSG_CONTENTDIR_WP, $file);
+
 				return $wp_filesystem->delete($file, true);
 	
@@ -87,5 +88,5 @@
 			{
 	
-				$file = preg_replace('/(.*)wp-content/', '/wp-content', $file);
+				$file = preg_replace('/(.*)'.WPSG_CONTENTDIR_WP.'/', '/'.WPSG_CONTENTDIR_WP, $file);
 				return $wp_filesystem->delete($file, true);
 	
@@ -129,5 +130,5 @@
 		// Jetzt wirds knifflig, mit dem wp_filesystem versuchen
 		// An das wp_filesystem wird alles ab /wp-content ÃŒbergeben
-		$path_wp = preg_replace('/(.*)wp-content/', '/wp-content', $path);
+		$path_wp = preg_replace('/(.*)'.WPSG_CONTENTDIR_WP.'/', '/'.WPSG_CONTENTDIR_WP, $path);
 	
 		// Pfad auftrennen, da wp_filesystem leider nicht rekursiv arbeitet
@@ -186,6 +187,6 @@
 				$target = trailingslashit($wp_filesystem->find_folder($target));
 				
-				$source = preg_replace('/(.*)wp-content/', '/wp-content', $source);
-				$target = preg_replace('/(.*)wp-content/', '/wp-content', $target);
+				$source = preg_replace('/(.*)'.WPSG_CONTENTDIR_WP.'/', '/'.WPSG_CONTENTDIR_WP, $source);
+				$target = preg_replace('/(.*)'.WPSG_CONTENTDIR_WP.'/', '/'.WPSG_CONTENTDIR_WP, $target);
 	
 				return $wp_filesystem->copy($source, $target, true, 0777);
@@ -262,6 +263,6 @@
 		{
 		
-			$GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_betreff', $_REQUEST['wpsg_'.$key.'_betreff']);
-			$GLOBALS['wpsg_sc']->addTranslationString('wpsg_'.$key.'_betreff', $_REQUEST['wpsg_'.$key.'_betreff']);
+			$GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_betreff', $_REQUEST['wpsg_'.$key.'_betreff'], false, false, "text_field");
+			$GLOBALS['wpsg_sc']->addTranslationString('wpsg_'.$key.'_betreff', wpsg_sinput("text_field", $_REQUEST['wpsg_'.$key.'_betreff']));
 			
 		}
@@ -270,16 +271,16 @@
 		{
 			
-			$GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_absender', $_REQUEST['wpsg_'.$key.'_absender']);
-			$GLOBALS['wpsg_sc']->addTranslationString('wpsg_'.$key.'_absender', $_REQUEST['wpsg_'.$key.'_absender']);
-		}
-		
-		if (isset($_REQUEST['wpsg_'.$key.'_empfaenger'])) $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_empfaenger', $_REQUEST['wpsg_'.$key.'_empfaenger']);
-		if (isset($_REQUEST['wpsg_'.$key.'_cc'])) $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_cc', $_REQUEST['wpsg_'.$key.'_cc']);
-		if (isset($_REQUEST['wpsg_'.$key.'_bcc'])) $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_bcc', $_REQUEST['wpsg_'.$key.'_bcc']);
+			$GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_absender', $_REQUEST['wpsg_'.$key.'_absender'], false, false, "text_field");
+			$GLOBALS['wpsg_sc']->addTranslationString('wpsg_'.$key.'_absender', wpsg_sinput("text_field", $_REQUEST['wpsg_'.$key.'_absender']));
+		}
+
+		if (isset($_REQUEST['wpsg_'.$key.'_empfaenger'])) $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_empfaenger', $_REQUEST['wpsg_'.$key.'_empfaenger'], false, false, "text_field");
+		if (isset($_REQUEST['wpsg_'.$key.'_cc'])) $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_cc', $_REQUEST['wpsg_'.$key.'_cc'], false, false, "text_field");
+		if (isset($_REQUEST['wpsg_'.$key.'_bcc'])) $GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_bcc', $_REQUEST['wpsg_'.$key.'_bcc'], false, false, "text_field");
 		if (isset($_REQUEST['wpsg_'.$key.'_text']))
 		{
 			
-			$GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_text', $_REQUEST['wpsg_'.$key.'_text']);
-			$GLOBALS['wpsg_sc']->addTranslationString('wpsg_'.$key.'_text', $_REQUEST['wpsg_'.$key.'_text']);
+			$GLOBALS['wpsg_sc']->update_option('wpsg_'.$key.'_text', $_REQUEST['wpsg_'.$key.'_text'], false, false, "text_field");
+			$GLOBALS['wpsg_sc']->addTranslationString('wpsg_'.$key.'_text', wpsg_sinput("text_field", $_REQUEST['wpsg_'.$key.'_text']));
 			
 		}
Index: /mods/mod_abo/demo_notification.php
===================================================================
--- /mods/mod_abo/demo_notification.php	(revision 7397)
+++ /mods/mod_abo/demo_notification.php	(revision 7398)
@@ -23,5 +23,5 @@
 	  
 	  // PFad zum Wordpress Root Verzeichnis 
-	  $path_wp_root = dirname(__FILE__).'/../';
+	  //$path_wp_root = dirname(__FILE__).'/../';
 	  	  
 	  $product_id = $_REQUEST['product_id'];
@@ -31,8 +31,8 @@
 	  
 	  /* Wordpress initiieren */
-	  require_once($path_wp_root.'wp-load.php'); 
+	  require_once(ABSPATH.'wp-load.php');
 	  
 	  /* Shop Plugin initiieren */
-	  require_once($path_wp_root.'wp-content/plugins/'.WPSG_FOLDERNAME.'/wpshopgermany.php');
+	  require_once(ABSPATH.WPSG_CONTENTDIR_WP.'/plugins/'.WPSG_FOLDERNAME.'/wpshopgermany.php');
 	  
 	  if ($_REQUEST['typ'] == 'abo_firstbuy')
Index: /mods/wpsg_mod_abo.class.php
===================================================================
--- /mods/wpsg_mod_abo.class.php	(revision 7397)
+++ /mods/wpsg_mod_abo.class.php	(revision 7398)
@@ -151,5 +151,5 @@
 			if (wpsg_isSizedArray($_REQUEST['filter']))
 			{
-		
+
 				$this->shop->view['arFilter'] = $_REQUEST['filter'];
 				$this->shop->view['hasFilter'] = true;
@@ -206,5 +206,13 @@
 			if (wpsg_isSizedArray($_REQUEST['filter']))
 			{
-				
+
+				$_REQUEST['filter']['s'] = wpsg_sinput("text_field", $_REQUEST['filter']['s']);
+				$_REQUEST['filter']['k_id'] = wpsg_sinput("text_field", $_REQUEST['filter']['k_id']);
+				$_REQUEST['filter']['status'] = wpsg_sinput("key", $_REQUEST['filter']['status']);
+				$_REQUEST['filter']['cdate_m'] = wpsg_sinput("key", $_REQUEST['filter']['cdate_m']);
+				$_REQUEST['filter']['cdate_y'] = wpsg_sinput("key", $_REQUEST['filter']['cdate_y']);
+				$_REQUEST['filter']['enddate_m'] = wpsg_sinput("key", $_REQUEST['filter']['enddate_m']);
+				$_REQUEST['filter']['enddate_y'] = wpsg_sinput("key", $_REQUEST['filter']['enddate_y']);
+
 				$this->shop->view['arFilter'] = $_REQUEST['filter'];
 				
@@ -299,26 +307,26 @@
 		{
 
-			$this->shop->update_option('wpsg_mod_abo_url', $_REQUEST['wpsg_mod_abo_url']);
-			$this->shop->update_option('wpsg_mod_abo_perpage', $_REQUEST['wpsg_mod_abo_perpage']);
-
-			$this->shop->update_option('wpsg_mod_abo_wpsgmodabofirstbuy', $_REQUEST['wpsg_mod_abo_wpsgmodabofirstbuy']);
-			$this->shop->update_option('wpsg_mod_abo_wpsgmodaboexpiration', $_REQUEST['wpsg_mod_abo_wpsgmodaboexpiration']);
-			$this->shop->update_option('wpsg_mod_abo_wpsgmodabrebuy', $_REQUEST['wpsg_mod_abo_wpsgmodabrebuy']);
-			$this->shop->update_option('wpsg_mod_abo_expiremode', $_REQUEST['wpsg_mod_abo_expiremode']);            
-            
-			$this->shop->update_option('wpsg_mod_abo_autoexpire_payment', $_REQUEST['wpsg_mod_abo_autoexpire_payment']);
-			$this->shop->update_option('wpsg_mod_abo_autoexpire_customermail', $_REQUEST['wpsg_mod_abo_autoexpire_customermail']);
-			$this->shop->update_option('wpsg_mod_abo_autoexpire_adminmail', $_REQUEST['wpsg_mod_abo_autoexpire_adminmail']);
-			$this->shop->update_option('wpsg_mod_abo_autoexpire_customer', $_REQUEST['wpsg_mod_abo_autoexpire_customer']);
-			$this->shop->update_option('wpsg_mod_abo_autoexpire_information', $_REQUEST['wpsg_mod_abo_autoexpire_information']);
-			$this->shop->update_option('wpsg_mod_abo_autoexpire_informationtime', $_REQUEST['wpsg_mod_abo_autoexpire_informationtime']);
-            
-			$this->shop->update_option('wpsg_mod_abo_moreorder', $_REQUEST['wpsg_mod_abo_moreorder']);
-			$this->shop->update_option('wpsg_mod_abo_moreorder_text', $_REQUEST['wpsg_mod_abo_moreorder_text']);
-			$this->shop->update_option('wpsg_mod_abo_nomoreorder_text', $_REQUEST['wpsg_mod_abo_nomoreorder_text']);
+			$this->shop->update_option('wpsg_mod_abo_url', $_REQUEST['wpsg_mod_abo_url'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_abo_perpage', $_REQUEST['wpsg_mod_abo_perpage'], false, false, "key");
+
+			$this->shop->update_option('wpsg_mod_abo_wpsgmodabofirstbuy', $_REQUEST['wpsg_mod_abo_wpsgmodabofirstbuy'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_abo_wpsgmodaboexpiration', $_REQUEST['wpsg_mod_abo_wpsgmodaboexpiration'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_abo_wpsgmodabrebuy', $_REQUEST['wpsg_mod_abo_wpsgmodabrebuy'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_abo_expiremode', $_REQUEST['wpsg_mod_abo_expiremode'], false, false, "key");
+            
+			$this->shop->update_option('wpsg_mod_abo_autoexpire_payment', $_REQUEST['wpsg_mod_abo_autoexpire_payment'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_abo_autoexpire_customermail', $_REQUEST['wpsg_mod_abo_autoexpire_customermail'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_abo_autoexpire_adminmail', $_REQUEST['wpsg_mod_abo_autoexpire_adminmail'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_abo_autoexpire_customer', $_REQUEST['wpsg_mod_abo_autoexpire_customer'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_abo_autoexpire_information', $_REQUEST['wpsg_mod_abo_autoexpire_information'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_abo_autoexpire_informationtime', wpsg_xss($_REQUEST['wpsg_mod_abo_autoexpire_informationtime']));
+            
+			$this->shop->update_option('wpsg_mod_abo_moreorder', $_REQUEST['wpsg_mod_abo_moreorder'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_abo_moreorder_text', $_REQUEST['wpsg_mod_abo_moreorder_text'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_abo_nomoreorder_text', $_REQUEST['wpsg_mod_abo_nomoreorder_text'], false, false, "text_field");
            
-			$this->shop->update_option('wpsg_mod_abo_moreorder_product', $_REQUEST['wpsg_mod_abo_moreorder_product']);
-			$this->shop->update_option('wpsg_mod_abo_moreorder_producttext', $_REQUEST['wpsg_mod_abo_moreorder_producttext']);    
-			$this->shop->update_option('wpsg_mod_abo_nomoreorder_product_text', $_REQUEST['wpsg_mod_abo_nomoreorder_product_text']);
+			$this->shop->update_option('wpsg_mod_abo_moreorder_product', $_REQUEST['wpsg_mod_abo_moreorder_product'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_abo_moreorder_producttext', $_REQUEST['wpsg_mod_abo_moreorder_producttext'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_abo_nomoreorder_product_text', $_REQUEST['wpsg_mod_abo_nomoreorder_product_text'], false, false, "text_field");
             
             
@@ -363,7 +371,7 @@
 
 				$product_data['wpsg_mod_abo_activ'] = '1';
-				$product_data['wpsg_mod_abo_price'] = wpsg_tf($_REQUEST['wpsg_mod_abo_price']);
-				$product_data['wpsg_mod_abo_durration'] = $_REQUEST['wpsg_mod_abo_durration'];
-				$product_data['wpsg_mod_abo_url'] = $_REQUEST['wpsg_mod_abo_url'];
+				$product_data['wpsg_mod_abo_price'] = wpsg_sinput("key", $_REQUEST['wpsg_mod_abo_price'], "isFloat");
+				$product_data['wpsg_mod_abo_durration'] = wpsg_sinput("key", $_REQUEST['wpsg_mod_abo_durration']);
+				$product_data['wpsg_mod_abo_url'] = wpsg_sinput("text_field", $_REQUEST['wpsg_mod_abo_url']);
 
 				if ($_REQUEST['wpsg_mod_abo_resell'] == '1')
@@ -380,5 +388,5 @@
 					{
 
-						$product_data['wpsg_mod_abo_resell'] = wpsg_q($_REQUEST['wpsg_mod_abo_resell_count']);
+						$product_data['wpsg_mod_abo_resell'] = wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_abo_resell_count']));
 
 					}
@@ -930,4 +938,7 @@
         {
 
+	        $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+	        $_REQUEST['product_key'] = wpsg_sinput("key", $_REQUEST['product_key']);
+
             if (wpsg_isSizedString($_REQUEST['do'], 'run'))
             {
@@ -1142,5 +1153,6 @@
         public function stoprenewalRedirect()
         {
-            
+
+	        $_REQUEST['order_id'] = wpsg_sinput("key", $_REQUEST['order_id']);
             $oOrder = wpsg_order::getInstance($_REQUEST['order_id']);
             
Index: /mods/wpsg_mod_addressvalidation.class.php
===================================================================
--- /mods/wpsg_mod_addressvalidation.class.php	(revision 7397)
+++ /mods/wpsg_mod_addressvalidation.class.php	(revision 7398)
@@ -48,5 +48,5 @@
 		{
 				
-			$this->shop->update_option('wpsg_mod_addressvalidation_apikey', $_REQUEST['wpsg_mod_addressvalidation_apikey']);
+			$this->shop->update_option('wpsg_mod_addressvalidation_apikey', $_REQUEST['wpsg_mod_addressvalidation_apikey'], false, false, "text_field");
 		
 		} // public function settings_save()
Index: /mods/wpsg_mod_amazon.class.php
===================================================================
--- /mods/wpsg_mod_amazon.class.php	(revision 7397)
+++ /mods/wpsg_mod_amazon.class.php	(revision 7398)
@@ -58,20 +58,20 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_amazon_seller_id', $_REQUEST['wpsg_mod_amazon_seller_id']);
-			$this->shop->update_option('wpsg_mod_amazon_mws_access_key_id', $_REQUEST['wpsg_mod_amazon_mws_access_key_id']);
-			$this->shop->update_option('wpsg_mod_amazon_mws_access_key', $_REQUEST['wpsg_mod_amazon_mws_access_key']);
-			$this->shop->update_option('wpsg_mod_amazon_lwa_client_id', $_REQUEST['wpsg_mod_amazon_lwa_client_id']);
-			$this->shop->update_option('wpsg_mod_amazon_lwa_client_secret', $_REQUEST['wpsg_mod_amazon_lwa_client_secret']);
-			$this->shop->update_option('wpsg_mod_amazon_sandbox', $_REQUEST['wpsg_mod_amazon_sandbox']);
-			
-			$this->shop->update_option('wpsg_mod_amazon_aktiv', $_REQUEST['wpsg_mod_amazon_aktiv']);
-			$this->shop->update_option('wpsg_mod_amazon_name', $_REQUEST['wpsg_mod_amazon_name'], false, true);
-			$this->shop->update_option('wpsg_mod_amazon_subject', $_REQUEST['wpsg_mod_amazon_subject'], false, true);
-			$this->shop->update_option('wpsg_mod_amazon_hint', $_REQUEST['wpsg_mod_amazon_hint'], false, true);
-			$this->shop->update_option('wpsg_mod_amazon_basket', $_REQUEST['wpsg_mod_amazon_basket']);
-						
-			$this->shop->update_option('wpsg_mod_amazon_gebuehr', $_REQUEST['wpsg_mod_amazon_gebuehr']);
-			$this->shop->update_option('wpsg_mod_amazon_mwst', $_REQUEST['wpsg_mod_amazon_mwst']);
-			$this->shop->update_option('wpsg_mod_amazon_mwstland', $_REQUEST['wpsg_mod_amazon_mwstland']);
+			$this->shop->update_option('wpsg_mod_amazon_seller_id', $_REQUEST['wpsg_mod_amazon_seller_id'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_amazon_mws_access_key_id', $_REQUEST['wpsg_mod_amazon_mws_access_key_id'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_amazon_mws_access_key', $_REQUEST['wpsg_mod_amazon_mws_access_key'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_amazon_lwa_client_id', $_REQUEST['wpsg_mod_amazon_lwa_client_id'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_amazon_lwa_client_secret', $_REQUEST['wpsg_mod_amazon_lwa_client_secret'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_amazon_sandbox', $_REQUEST['wpsg_mod_amazon_sandbox'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_amazon_aktiv', $_REQUEST['wpsg_mod_amazon_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_amazon_name', $_REQUEST['wpsg_mod_amazon_name'], false, true, "text_field");
+			$this->shop->update_option('wpsg_mod_amazon_subject', $_REQUEST['wpsg_mod_amazon_subject'], false, true, "text_field");
+			$this->shop->update_option('wpsg_mod_amazon_hint', $_REQUEST['wpsg_mod_amazon_hint'], false, true, "text_field");
+			$this->shop->update_option('wpsg_mod_amazon_basket', $_REQUEST['wpsg_mod_amazon_basket'], false, false, "key");
+						
+			$this->shop->update_option('wpsg_mod_amazon_gebuehr', $_REQUEST['wpsg_mod_amazon_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_amazon_mwst', $_REQUEST['wpsg_mod_amazon_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_amazon_mwstland', $_REQUEST['wpsg_mod_amazon_mwstland'], false, false, "key");
 						
 		} // public function settings_save()
@@ -467,4 +467,6 @@
 			if (wpsg_isSizedInt($_REQUEST['order_id']) && wpsg_isSizedString($_REQUEST['wpsg_done']))
 			{
+
+				$_REQUEST['order_id'] = wpsg_sinput("key", $_REQUEST['order_id']);
 			
 				if (wpsg_isSizedString($_REQUEST['amazon']['OrderReference']))
Index: /mods/wpsg_mod_auftragsbestaetigung.class.php
===================================================================
--- /mods/wpsg_mod_auftragsbestaetigung.class.php	(revision 7397)
+++ /mods/wpsg_mod_auftragsbestaetigung.class.php	(revision 7398)
@@ -46,8 +46,8 @@
 		public function order_ajax()
 		{ 
-			
+
 			$this->shop->checkEscape();
 			
-			$this->shop->view['auftrag_note'] = $_REQUEST['auftrag_note'];
+			$this->shop->view['auftrag_note'] = wpsg_sinput("text_field", $_REQUEST['auftrag_note']);
 
 			$this->send(wpsg_q($_REQUEST['edit_id']));
Index: /mods/wpsg_mod_autodebit.class.php
===================================================================
--- /mods/wpsg_mod_autodebit.class.php	(revision 7397)
+++ /mods/wpsg_mod_autodebit.class.php	(revision 7398)
@@ -107,13 +107,13 @@
 		public function settings_save()
 		{
-			
-			$this->shop->update_option('wpsg_mod_autodebit_bezeichnung', $_REQUEST['wpsg_mod_autodebit_bezeichnung']);
-			$this->shop->update_option('wpsg_mod_autodebit_aktiv', $_REQUEST['wpsg_mod_autodebit_aktiv']);
-			$this->shop->update_option('wpsg_mod_autodebit_hint', $_REQUEST['wpsg_mod_autodebit_hint']);
-			$this->shop->update_option('wpsg_mod_autodebit_gebuehr', $_REQUEST['wpsg_mod_autodebit_gebuehr']);
-			$this->shop->update_option('wpsg_mod_autodebit_mwst', $_REQUEST['wpsg_mod_autodebit_mwst']);
-			$this->shop->update_option('wpsg_mod_autodebit_mwstland', $_REQUEST['wpsg_mod_autodebit_mwstland']);
-			$this->shop->update_option('wpsg_mod_autodebit_iban', $_REQUEST['wpsg_mod_autodebit_iban']);
-			$this->shop->update_option('wpsg_mod_autodebit_bic', $_REQUEST['wpsg_mod_autodebit_bic']);
+
+			$this->shop->update_option('wpsg_mod_autodebit_bezeichnung', $_REQUEST['wpsg_mod_autodebit_bezeichnung'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_autodebit_aktiv', $_REQUEST['wpsg_mod_autodebit_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_autodebit_hint', $_REQUEST['wpsg_mod_autodebit_hint'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_autodebit_gebuehr', $_REQUEST['wpsg_mod_autodebit_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_autodebit_mwst', $_REQUEST['wpsg_mod_autodebit_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_autodebit_mwstland', $_REQUEST['wpsg_mod_autodebit_mwstland'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_autodebit_iban', $_REQUEST['wpsg_mod_autodebit_iban'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_autodebit_bic', $_REQUEST['wpsg_mod_autodebit_bic'], false, false, "key");
 				
 		} // public function settings_save()
@@ -214,17 +214,17 @@
 			{
 		 
-				$_SESSION['wpsg']['checkout']['mod_autodebit_name'] = wpsg_xss($_REQUEST['wpsg_mod_autodebit']['name']);
+				$_SESSION['wpsg']['checkout']['mod_autodebit_name'] = wpsg_sinput("text_field", "text_field", $_REQUEST['wpsg_mod_autodebit']['name']);
 				//$_SESSION['wpsg']['checkout']['mod_autodebit_blz'] = wpsg_xss($_REQUEST['wpsg_mod_autodebit']['blz']);
-				$_SESSION['wpsg']['checkout']['mod_autodebit_bic'] = wpsg_xss($_REQUEST['wpsg_mod_autodebit']['bic']);
-				$_SESSION['wpsg']['checkout']['mod_autodebit_inhaber'] = wpsg_xss($_REQUEST['wpsg_mod_autodebit']['inhaber']);
+				$_SESSION['wpsg']['checkout']['mod_autodebit_bic'] = wpsg_sinput("key", $_REQUEST['wpsg_mod_autodebit']['bic']);
+				$_SESSION['wpsg']['checkout']['mod_autodebit_inhaber'] = wpsg_sinput("user", $_REQUEST['wpsg_mod_autodebit']['inhaber']);
 				//$_SESSION['wpsg']['checkout']['mod_autodebit_knr'] = wpsg_xss($_REQUEST['wpsg_mod_autodebit']['knr']);
-				$_SESSION['wpsg']['checkout']['mod_autodebit_iban'] = wpsg_xss($_REQUEST['wpsg_mod_autodebit']['iban']);
-				
-				$arCheckout['mod_autodebit_name'] = $_SESSION['wpsg']['checkout']['mod_autodebit_name'];
-				$arCheckout['mod_autodebit_blz'] = $_SESSION['wpsg']['checkout']['mod_autodebit_blz'];
-				$arCheckout['mod_autodebit_bic'] = $_SESSION['wpsg']['checkout']['mod_autodebit_bic'];
-				$arCheckout['mod_autodebit_inhaber'] = $_SESSION['wpsg']['checkout']['mod_autodebit_inhaber'];
-				$arCheckout['mod_autodebit_knr'] = $_SESSION['wpsg']['checkout']['mod_autodebit_knr'];
-				$arCheckout['mod_autodebit_iban'] = $_SESSION['wpsg']['checkout']['mod_autodebit_iban'];
+				$_SESSION['wpsg']['checkout']['mod_autodebit_iban'] = wpsg_sinput("key", $_REQUEST['wpsg_mod_autodebit']['iban']);
+				
+				$arCheckout['mod_autodebit_name'] = wpsg_sinput("text_field", $_SESSION['wpsg']['checkout']['mod_autodebit_name']);
+				$arCheckout['mod_autodebit_blz'] = wpsg_sinput("key", $_SESSION['wpsg']['checkout']['mod_autodebit_blz']);
+				$arCheckout['mod_autodebit_bic'] = wpsg_sinput("key", $_SESSION['wpsg']['checkout']['mod_autodebit_bic']);
+				$arCheckout['mod_autodebit_inhaber'] = wpsg_sinput("user", $_SESSION['wpsg']['checkout']['mod_autodebit_inhaber']);
+				$arCheckout['mod_autodebit_knr'] = wpsg_sinput("key", $_SESSION['wpsg']['checkout']['mod_autodebit_knr']);
+				$arCheckout['mod_autodebit_iban'] = wpsg_sinput("key", $_SESSION['wpsg']['checkout']['mod_autodebit_iban']);
 
 			}
Index: /mods/wpsg_mod_basketteaser.class.php
===================================================================
--- /mods/wpsg_mod_basketteaser.class.php	(revision 7397)
+++ /mods/wpsg_mod_basketteaser.class.php	(revision 7398)
@@ -50,6 +50,6 @@
 		public function settings_save() { 
 			
-			$this->shop->update_option('wpsg_mod_basketteaser_template', $_REQUEST['wpsg_mod_basketteaser_template']);
-			$this->shop->update_option('wpsg_mod_basketteaser_show', $_REQUEST['wpsg_mod_basketteaser_show']);
+			$this->shop->update_option('wpsg_mod_basketteaser_template', $_REQUEST['wpsg_mod_basketteaser_template'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_basketteaser_show', $_REQUEST['wpsg_mod_basketteaser_show'], false, false, "key");
 			
 		} // public function settings_save()
@@ -114,6 +114,6 @@
 		public function produkt_save_before(&$produkt_data) { 
 			
-			$produkt_data['mod_basketteaser_from'] = wpsg_toDate($_REQUEST['mod_basketteaser_from']);
-			$produkt_data['mod_basketteaser_to'] = wpsg_toDate($_REQUEST['mod_basketteaser_to']);
+			$produkt_data['mod_basketteaser_from'] = wpsg_toDate(wpsg_sinput("key", $_REQUEST['mod_basketteaser_from']));
+			$produkt_data['mod_basketteaser_to'] = wpsg_toDate(wpsg_sinput("key", $_REQUEST['mod_basketteaser_to']));
 						 
 		} // public function produkt_save_before(&$produkt_data)
Index: /mods/wpsg_mod_billsafe.class.php
===================================================================
--- /mods/wpsg_mod_billsafe.class.php	(revision 7397)
+++ /mods/wpsg_mod_billsafe.class.php	(revision 7398)
@@ -90,33 +90,33 @@
 		public function settings_save()
 		{
-			
-			$this->shop->update_option('wpsg_mod_billsafe_bezeichnung', $_REQUEST['wpsg_mod_billsafe_bezeichnung']);
-			$this->shop->update_option('wpsg_mod_billsafe_aktiv', $_REQUEST['wpsg_mod_billsafe_aktiv']);
-			$this->shop->update_option('wpsg_mod_billsafe_aktiv_from', $_REQUEST['wpsg_mod_billsafe_aktiv_from']);
-			$this->shop->update_option('wpsg_mod_billsafe_aktiv_to', $_REQUEST['wpsg_mod_billsafe_aktiv_to']);
-			$this->shop->update_option('wpsg_mod_billsafe_hint', $_REQUEST['wpsg_mod_billsafe_hint']);
-			$this->shop->update_option('wpsg_mod_billsafe_logo', $_REQUEST['wpsg_mod_billsafe_logo']);
-			
-			$this->shop->update_option('wpsg_mod_billsafe_vendorID', $_REQUEST['wpsg_mod_billsafe_vendorID']);
-			$this->shop->update_option('wpsg_mod_billsafe_licence', $_REQUEST['wpsg_mod_billsafe_licence']);
-						
-			$this->shop->update_option('wpsg_mod_billsafe_sandbox', $_REQUEST['wpsg_mod_billsafe_sandbox']);
-			$this->shop->update_option('wpsg_mod_billsafe_licencesandbox', $_REQUEST['wpsg_mod_billsafe_licencesandbox']);
-			
-			$this->shop->update_option('wpsg_mod_billsafe_gebuehr', $_REQUEST['wpsg_mod_billsafe_gebuehr']);
-			$this->shop->update_option('wpsg_mod_billsafe_mwst', $_REQUEST['wpsg_mod_billsafe_mwst']);
-			$this->shop->update_option('wpsg_mod_billsafe_mwstland', $_REQUEST['wpsg_mod_billsafe_mwstland']);
-			
-			$this->shop->update_option('wpsg_mod_billsafe_currency', $_REQUEST['wpsg_mod_billsafe_currency']);
-			$this->shop->update_option('wpsg_mod_billsafe_autorun', $_REQUEST['wpsg_mod_billsafe_autorun']);
-			$this->shop->update_option('wpsg_mod_billsafe_precheck', $_REQUEST['wpsg_mod_billsafe_precheck']);
-			$this->shop->update_option('wpsg_mod_billsafe_success', $_REQUEST['wpsg_mod_billsafe_success']);
-			$this->shop->update_option('wpsg_mod_billsafe_error', $_REQUEST['wpsg_mod_billsafe_error']);
-			
-			$this->shop->createPage(__('Ergebnis Ihrer Billsafe Zahlung', 'wpsg'), 'wpsg_mod_billsafe_success', $_REQUEST['wpsg_mod_billsafe_success']);
-			$this->shop->createPage(__('Fehlgeschlagene Billsafe Zahlung', 'wpsg'), 'wpsg_mod_billsafe_error', $_REQUEST['wpsg_mod_billsafe_error']);
-			
-			$this->shop->addTranslationString('wpsg_mod_billsafe_bezeichnung', $_REQUEST['wpsg_mod_billsafe_bezeichnung']);
-			$this->shop->addTranslationString('wpsg_mod_billsafe_aktiv', $_REQUEST['wpsg_mod_billsafe_aktiv']);
+
+			$this->shop->update_option('wpsg_mod_billsafe_bezeichnung', $_REQUEST['wpsg_mod_billsafe_bezeichnung'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_billsafe_aktiv', $_REQUEST['wpsg_mod_billsafe_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_billsafe_aktiv_from', $_REQUEST['wpsg_mod_billsafe_aktiv_from'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_billsafe_aktiv_to', $_REQUEST['wpsg_mod_billsafe_aktiv_to'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_billsafe_hint', $_REQUEST['wpsg_mod_billsafe_hint'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_billsafe_logo', $_REQUEST['wpsg_mod_billsafe_logo'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_billsafe_vendorID', $_REQUEST['wpsg_mod_billsafe_vendorID'], false, false, "user");
+			$this->shop->update_option('wpsg_mod_billsafe_licence', wpsg_xss($_REQUEST['wpsg_mod_billsafe_licence']));
+						
+			$this->shop->update_option('wpsg_mod_billsafe_sandbox', $_REQUEST['wpsg_mod_billsafe_sandbox'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_billsafe_licencesandbox', wpsg_xss($_REQUEST['wpsg_mod_billsafe_licencesandbox']));
+			
+			$this->shop->update_option('wpsg_mod_billsafe_gebuehr', $_REQUEST['wpsg_mod_billsafe_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_billsafe_mwst', $_REQUEST['wpsg_mod_billsafe_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_billsafe_mwstland', $_REQUEST['wpsg_mod_billsafe_mwstland'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_billsafe_currency', wpsg_xss($_REQUEST['wpsg_mod_billsafe_currency']));
+			$this->shop->update_option('wpsg_mod_billsafe_autorun', $_REQUEST['wpsg_mod_billsafe_autorun'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_billsafe_precheck', $_REQUEST['wpsg_mod_billsafe_precheck'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_billsafe_success', $_REQUEST['wpsg_mod_billsafe_success'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_billsafe_error', $_REQUEST['wpsg_mod_billsafe_error'], false, false, "key");
+			
+			$this->shop->createPage(__('Ergebnis Ihrer Billsafe Zahlung', 'wpsg'), 'wpsg_mod_billsafe_success', wpsg_sinput("key", $_REQUEST['wpsg_mod_billsafe_success']));
+			$this->shop->createPage(__('Fehlgeschlagene Billsafe Zahlung', 'wpsg'), 'wpsg_mod_billsafe_error', wpsg_sinput("key", $_REQUEST['wpsg_mod_billsafe_error']));
+			
+			$this->shop->addTranslationString('wpsg_mod_billsafe_bezeichnung', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_billsafe_bezeichnung']));
+			$this->shop->addTranslationString('wpsg_mod_billsafe_aktiv', wpsg_sinput("key", $_REQUEST['wpsg_mod_billsafe_aktiv']));
 			
 		} // public function settings_save()
@@ -178,5 +178,5 @@
 				$strFileName = $this->getFilePath($_REQUEST['edit_id']).'/billsafe_rechnung.pdf';
 				
-				header('Content-Disposition: attachment; filename="billsafe_rechnung_'.$_REQUEST['edit_id'].'.pdf"');				
+				header('Content-Disposition: attachment; filename="billsafe_rechnung_'.wpsg_sinput("key", $_REQUEST['edit_id']).'.pdf"');
 				header("Cache-Control: no-cache, must-revalidate");
 				header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); 
@@ -270,5 +270,6 @@
 			
 			if (wpsg_get_the_id() <= 0) return;
-			
+			$_REQUEST['token'] = wpsg_sinput("text_field", $_REQUEST['token']);
+
 			if ($this->shop->get_option('wpsg_mod_billsafe_success') == wpsg_get_the_id() && isset($_REQUEST['token']))
 			{
@@ -450,5 +451,5 @@
 			
 			ob_start();
-			var_dump($response);
+			//var_dump($response);
 			$strMailtext = ob_get_contents();
 			ob_end_clean(); 
Index: /mods/wpsg_mod_coverletter.class.php
===================================================================
--- /mods/wpsg_mod_coverletter.class.php	(revision 7397)
+++ /mods/wpsg_mod_coverletter.class.php	(revision 7398)
@@ -127,4 +127,7 @@
 		public function settings_save() {
 
+			// Sanitization
+			$_REQUEST['text'] = wpsg_sanitize("wpsg_txt_tbl", $_REQUEST['text']);
+
 			$this->shop->update_option("wpsg_mod_coverletter_texts", $_REQUEST['text']); 
 
@@ -186,17 +189,19 @@
 
 			}
-			
-			$this->shop->update_option('wpsg_mod_coverletter_subject', wpsg_getStr($_REQUEST['wpsg_mod_coverletter_subject'],'Anschreiben'));
-			$this->shop->update_option('wpsg_mod_coverletter_text',wpsg_getStr($_REQUEST['wpsg_mod_coverletter_text']));
-			$this->shop->update_option("wpsg_mod_coverletter_logo_position", $wpsg_mod_coverletter_logo_position?$wpsg_mod_coverletter_logo_position:null);
-			$this->shop->update_option("wpsg_mod_coverletter_logo_transparency", $_REQUEST['wpsg_mod_coverletter_logo_transparency']);
-			
-			$this->shop->update_option('wpsg_mod_coverletter_logo_x', $_REQUEST['wpsg_mod_coverletter_logo_x']);
-			$this->shop->update_option('wpsg_mod_coverletter_logo_y', $_REQUEST['wpsg_mod_coverletter_logo_y']);
+
+			$this->shop->update_option('wpsg_mod_coverletter_subject', wpsg_getStr($_REQUEST['wpsg_mod_coverletter_subject'],'Anschreiben'), false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_coverletter_text', wpsg_getStr($_REQUEST['wpsg_mod_coverletter_text']), false, false, "text_field");
+			$this->shop->update_option("wpsg_mod_coverletter_logo_position", $wpsg_mod_coverletter_logo_position ? $wpsg_mod_coverletter_logo_position : null);
+			$this->shop->update_option("wpsg_mod_coverletter_logo_transparency", $_REQUEST['wpsg_mod_coverletter_logo_transparency'], false, false, "key", ["isFloat"]);
+			
+			$this->shop->update_option('wpsg_mod_coverletter_logo_x', $_REQUEST['wpsg_mod_coverletter_logo_x'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_coverletter_logo_y', $_REQUEST['wpsg_mod_coverletter_logo_y'], false, false, "key");
 			
 		} // public function settings_save()
 				
 		public function order_ajax() {
- 
+
+			$_REQUEST['order_id'] = wpsg_sinput("key", $_REQUEST['order_id']);
+
 			if (isset($_REQUEST['wpsg_mod_coverletter_preview'])) {
 				
@@ -231,6 +236,6 @@
 			} else if (isset($_REQUEST['wpsg_mod_coverletter_get'])) {
 				
-				$order_id = intval($_REQUEST['order_id']);
-				$cl_id = intval($_REQUEST['cl_id']);
+				$order_id = intval(wpsg_sinput("key", $_REQUEST['order_id']));
+				$cl_id = intval(wpsg_sinput("key", $_REQUEST['cl_id']));
 				
 				$file = $this->getFilePath($order_id).'coverletter_'.intval($cl_id).'.pdf';
Index: /mods/wpsg_mod_creditcard.class.php
===================================================================
--- /mods/wpsg_mod_creditcard.class.php	(revision 7397)
+++ /mods/wpsg_mod_creditcard.class.php	(revision 7398)
@@ -65,11 +65,11 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_creditcard_bezeichnung', $_REQUEST['wpsg_mod_creditcard_bezeichnung']);
-			$this->shop->update_option('wpsg_mod_creditcard_aktiv', $_REQUEST['wpsg_mod_creditcard_aktiv']);
-			$this->shop->update_option('wpsg_mod_creditcard_hint', $_REQUEST['wpsg_mod_creditcard_hint']);
-			$this->shop->update_option('wpsg_mod_creditcard_gebuehr', $_REQUEST['wpsg_mod_creditcard_gebuehr']);
-			$this->shop->update_option('wpsg_mod_creditcard_mwst', $_REQUEST['wpsg_mod_creditcard_mwst']);
-			$this->shop->update_option('wpsg_mod_creditcard_mwstland', $_REQUEST['wpsg_mod_creditcard_mwstland']);
-			$this->shop->update_option('wpsg_mod_creditcard_schluessel', $_REQUEST['wpsg_mod_creditcard_schluessel']);
+			$this->shop->update_option('wpsg_mod_creditcard_bezeichnung', $_REQUEST['wpsg_mod_creditcard_bezeichnung'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_creditcard_aktiv', $_REQUEST['wpsg_mod_creditcard_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_creditcard_hint', $_REQUEST['wpsg_mod_creditcard_hint'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_creditcard_gebuehr', $_REQUEST['wpsg_mod_creditcard_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_creditcard_mwst', $_REQUEST['wpsg_mod_creditcard_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_creditcard_mwstland', $_REQUEST['wpsg_mod_creditcard_mwstland'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_creditcard_schluessel', $_REQUEST['wpsg_mod_creditcard_schluessel'], false, false, "text_field");
 				
 		} // public function settings_save()
@@ -96,5 +96,5 @@
 		public function checkCheckout(&$state, &$error, &$arCheckout) 
 		{ 
-	 
+
 			if(wpsg_isSizedString($arCheckout['payment']))
 			{
Index: /mods/wpsg_mod_crefopay.class.php
===================================================================
--- /mods/wpsg_mod_crefopay.class.php	(revision 7397)
+++ /mods/wpsg_mod_crefopay.class.php	(revision 7398)
@@ -116,19 +116,19 @@
 		public function settings_save()
 		{
-			
-			$this->shop->update_option('wpsg_mod_crefopay_merchantID', $_REQUEST['wpsg_mod_crefopay_merchantID']);
-			$this->shop->update_option('wpsg_mod_crefopay_shopID', $_REQUEST['wpsg_mod_crefopay_shopID']);
-			$this->shop->update_option('wpsg_mod_crefopay_sandbox', $_REQUEST['wpsg_mod_crefopay_sandbox']);
-			$this->shop->update_option('wpsg_mod_crefopay_privateKey', $_REQUEST['wpsg_mod_crefopay_privateKey']);
-			$this->shop->update_option('wpsg_mod_crefopay_autocapture', $_REQUEST['wpsg_mod_crefopay_autocapture']);
-			$this->shop->update_option('wpsg_mod_crefopay_capturestatus', $_REQUEST['wpsg_mod_crefopay_capturestatus']);
-			$this->shop->update_option('wpsg_mod_crefopay_riskclass', $_REQUEST['wpsg_mod_crefopay_riskclass']);
-			$this->shop->update_option('wpsg_mod_crefopay_currency', $_REQUEST['wpsg_mod_crefopay_currency']);						
-			$this->shop->update_option('wpsg_mod_crefopay_frameheight', $_REQUEST['wpsg_mod_crefopay_frameheight']);
+
+			$this->shop->update_option('wpsg_mod_crefopay_merchantID', $_REQUEST['wpsg_mod_crefopay_merchantID'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_crefopay_shopID', $_REQUEST['wpsg_mod_crefopay_shopID'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_crefopay_sandbox', $_REQUEST['wpsg_mod_crefopay_sandbox'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_crefopay_privateKey', $_REQUEST['wpsg_mod_crefopay_privateKey'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_crefopay_autocapture', $_REQUEST['wpsg_mod_crefopay_autocapture'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_crefopay_capturestatus', $_REQUEST['wpsg_mod_crefopay_capturestatus'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_crefopay_riskclass', $_REQUEST['wpsg_mod_crefopay_riskclass'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_crefopay_currency', $_REQUEST['wpsg_mod_crefopay_currency'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_crefopay_frameheight', $_REQUEST['wpsg_mod_crefopay_frameheight'], false, false, "key", ["isFloat"]);
 						
 			// Mapping speichern
-			foreach ($this->transactionMapping as $crefopay_state => $wpsg_state) $this->shop->update_option('wpsg_mod_crefopay_statemapping_'.$crefopay_state, $_REQUEST['wpsg_mod_crefopay_statemapping_'.$crefopay_state]);
-
-			$this->shop->update_option('wpsg_mod_crefopay_mns_notice', $_REQUEST['wpsg_mod_crefopay_mns_notice']);
+			foreach ($this->transactionMapping as $crefopay_state => $wpsg_state) $this->shop->update_option('wpsg_mod_crefopay_statemapping_'.$crefopay_state, $_REQUEST['wpsg_mod_crefopay_statemapping_'.$crefopay_state], false, false, "key");
+
+			$this->shop->update_option('wpsg_mod_crefopay_mns_notice', $_REQUEST['wpsg_mod_crefopay_mns_notice'], false, false, "key");
 									
 		} // public function settings_save()
@@ -204,5 +204,7 @@
 		public function order_ajax()
 		{
-			
+
+			$_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+
 			if (wpsg_isSizedString($_REQUEST['do'], 'status'))
 			{
Index: /mods/wpsg_mod_customerbudget.class.php
===================================================================
--- /mods/wpsg_mod_customerbudget.class.php	(revision 7397)
+++ /mods/wpsg_mod_customerbudget.class.php	(revision 7398)
@@ -66,9 +66,9 @@
 		public function settings_save() {
 		
-			$this->shop->update_option('wpsg_mod_customerbudget_name', $_REQUEST['wpsg_mod_customerbudget_name']);
-			$this->shop->addTranslationString('wpsg_mod_customerbudget_name', $_REQUEST['wpsg_mod_customerbudget_name']);
+			$this->shop->update_option('wpsg_mod_customerbudget_name', $_REQUEST['wpsg_mod_customerbudget_name'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_customerbudget_name', wpsg_sanitize("text_field", $_REQUEST['wpsg_mod_customerbudget_name']) ?: $this->shop->get_option('wpsg_mod_customerbudget_name'));
 			
-			$this->shop->update_option('wpsg_mod_customerbudget_hint', $_REQUEST['wpsg_mod_customerbudget_hint']);
-			$this->shop->addTranslationString('wpsg_mod_customerbudget_hint', $_REQUEST['wpsg_mod_customerbudget_hint']);
+			$this->shop->update_option('wpsg_mod_customerbudget_hint', $_REQUEST['wpsg_mod_customerbudget_hint'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_customerbudget_hint', wpsg_sanitize("text_field", $_REQUEST['wpsg_mod_customerbudget_hint']) ?: $this->shop->get_option('wpsg_mod_customerbudget_hint'));
 			
 		} // public function settings_save()
@@ -85,5 +85,5 @@
 		public function wpsg_mod_customer_save(&$customer_data) { 
 			
-			$customer_data['budget'] = wpsg_tf($_REQUEST['wpsg_mod_customerbudget_budget']);
+			$customer_data['budget'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['wpsg_mod_customerbudget_budget'], "isFloat"));
 			
 		} // public function wpsg_mod_customer_save(&$customer_data)
Index: /mods/wpsg_mod_customergroup.class.php
===================================================================
--- /mods/wpsg_mod_customergroup.class.php	(revision 7397)
+++ /mods/wpsg_mod_customergroup.class.php	(revision 7398)
@@ -93,8 +93,8 @@
 		public function settings_save()
 		{
-			
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_group_perpage', $_REQUEST['wpsg_mod_kundenverwaltung_group_perpage']);
-			$this->shop->update_option('wpsg_page_mod_kundenverwaltung_group_checkout', $_REQUEST['wpsg_page_mod_kundenverwaltung_group_checkout']);
-			$this->shop->update_option('wpsg_page_mod_kundenverwaltung_group_register', $_REQUEST['wpsg_page_mod_kundenverwaltung_group_register']);
+
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_group_perpage', $_REQUEST['wpsg_mod_kundenverwaltung_group_perpage'], false, false, "key");
+			$this->shop->update_option('wpsg_page_mod_kundenverwaltung_group_checkout', $_REQUEST['wpsg_page_mod_kundenverwaltung_group_checkout'], false, false, "key");
+			$this->shop->update_option('wpsg_page_mod_kundenverwaltung_group_register', $_REQUEST['wpsg_page_mod_kundenverwaltung_group_register'], false, false, "key");
 							
 		} // public function settings_save()
@@ -203,5 +203,7 @@
 		public function saveAction()
 		{
-				
+
+			if(isset($_REQUEST['edit_id'])) $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+
 			if (wpsg_isSizedInt($_REQUEST['edit_id']))
 			{
@@ -209,7 +211,7 @@
 				// Update
 				$this->db->UpdateQuery(WPSG_TBL_KG, array(
-						'name' => wpsg_q($_REQUEST['wpsg_mod_kundenverwaltung']['name']),
+						'name' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['wpsg_mod_kundenverwaltung']['name'])),
 						'calculation' => wpsg_q($_REQUEST['wpsg_mod_kundenverwaltung']['calculation'])
-				), " `id` = '".wpsg_q($_REQUEST['edit_id'])."' ");
+				), " `id` = '".wpsg_q(wpsg_sinput("key", $_REQUEST['edit_id']))."' ");
 					
 				$this->shop->addBackendMessage(__('Kundengruppe erfolgreich gespeichert', 'wpsg'));
@@ -221,6 +223,6 @@
 				// Insert
 				$_REQUEST['edit_id'] = $this->db->ImportQuery(WPSG_TBL_KG, array(
-						'name' => wpsg_q($_REQUEST['wpsg_mod_kundenverwaltung']['name']),
-						'calculation' => wpsg_q($_REQUEST['wpsg_mod_kundenverwaltung']['calculation'])
+						'name' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['wpsg_mod_kundenverwaltung']['name'])),
+						'calculation' => wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_kundenverwaltung']['calculation']))
 				));
 					
@@ -269,4 +271,6 @@
 			{
 
+				$_REQUEST['filter'] = wpsg_sinput("text_field", $_REQUEST['filter']);
+
 				$this->shop->view['arFilter'] = $_REQUEST['filter'];
 				$this->shop->view['hasFilter'] = true;
Index: /mods/wpsg_mod_debitpayment.class.php
===================================================================
--- /mods/wpsg_mod_debitpayment.class.php	(revision 7397)
+++ /mods/wpsg_mod_debitpayment.class.php	(revision 7398)
@@ -47,14 +47,14 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_debitpayment_name', $_REQUEST['wpsg_mod_debitpayment_name']);
-			$this->shop->update_option('wpsg_mod_debitpayment_aktiv', $_REQUEST['wpsg_mod_debitpayment_aktiv']);
-			$this->shop->addTranslationString('wpsg_mod_debitpayment_name', $_REQUEST['wpsg_mod_debitpayment_name']);
+			$this->shop->update_option('wpsg_mod_debitpayment_name', $_REQUEST['wpsg_mod_debitpayment_name'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_debitpayment_aktiv', $_REQUEST['wpsg_mod_debitpayment_aktiv'], false, false, "key");
+			$this->shop->addTranslationString('wpsg_mod_debitpayment_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_debitpayment_name']));
 			
-			$this->shop->update_option('wpsg_mod_debitpayment_hint', $_REQUEST['wpsg_mod_debitpayment_hint']);
-			$this->shop->addTranslationString('wpsg_mod_debitpayment_hint', $_REQUEST['wpsg_mod_debitpayment_hint']);
+			$this->shop->update_option('wpsg_mod_debitpayment_hint', $_REQUEST['wpsg_mod_debitpayment_hint'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_debitpayment_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_debitpayment_hint']));
 			
-			$this->shop->update_option('wpsg_mod_debitpayment_rabgeb', wpsg_tf($_REQUEST['wpsg_mod_debitpayment_rabgeb'], true));
-			$this->shop->update_option('wpsg_mod_debitpayment_mwstland', $_REQUEST['wpsg_mod_debitpayment_mwstland']);
-			$this->shop->update_option('wpsg_mod_debitpayment_mwst', $_REQUEST['wpsg_mod_debitpayment_mwst']);
+			$this->shop->update_option('wpsg_mod_debitpayment_rabgeb', $_REQUEST['wpsg_mod_debitpayment_rabgeb'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_debitpayment_mwstland', $_REQUEST['wpsg_mod_debitpayment_mwstland'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_debitpayment_mwst', $_REQUEST['wpsg_mod_debitpayment_mwst'], false, false, "key");
 						
 		} // public function settings_save()
Index: /mods/wpsg_mod_deliverynote.class.php
===================================================================
--- /mods/wpsg_mod_deliverynote.class.php	(revision 7397)
+++ /mods/wpsg_mod_deliverynote.class.php	(revision 7398)
@@ -126,14 +126,14 @@
 		{
 
-			$this->shop->update_option('wpsg_mod_deliverynote_nrformat', $_REQUEST['wpsg_mod_deliverynote_nrformat']);
-			$this->shop->update_option('wpsg_mod_deliverynote_nr', $_REQUEST['wpsg_mod_deliverynote_nr']);
-			$this->shop->update_option('wpsg_mod_deliverynote_foottext_standard', $_REQUEST['wpsg_mod_deliverynote_foottext_standard']);
-			$this->shop->update_option("wpsg_mod_deliverynote_texte", $_REQUEST['text']);
-			$this->shop->update_option('wpsg_mod_deliverynote_url', $_REQUEST['wpsg_mod_deliverynote_url']);
-			$this->shop->update_option('wpsg_mod_deliverynote_url_standard', $_REQUEST['wpsg_mod_deliverynote_url_standard']);
-			$this->shop->update_option('wpsg_mod_deliverynote_adressrow', $_REQUEST['wpsg_mod_deliverynote_adressrow']);
-			$this->shop->update_option('wpsg_mod_deliverynote_produktattribute', $_REQUEST['wpsg_mod_deliverynote_produktattribute']);
-			$this->shop->update_option('wpsg_mod_deliverynote_hideCountry', $_REQUEST['wpsg_mod_deliverynote_hideCountry']);
-			$this->shop->update_option('wpsg_mod_deliverynote_anr', $_REQUEST['wpsg_mod_deliverynote_anr']);
+			$this->shop->update_option('wpsg_mod_deliverynote_nrformat', $_REQUEST['wpsg_mod_deliverynote_nrformat'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_deliverynote_nr', $_REQUEST['wpsg_mod_deliverynote_nr'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_deliverynote_foottext_standard', $_REQUEST['wpsg_mod_deliverynote_foottext_standard'], false, false, "key");
+			$this->shop->update_option("wpsg_mod_deliverynote_texte", $_REQUEST['text'], false, false, "wpsg_txt_tbl");
+			$this->shop->update_option('wpsg_mod_deliverynote_url', $_REQUEST['wpsg_mod_deliverynote_url'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_deliverynote_url_standard', $_REQUEST['wpsg_mod_deliverynote_url_standard'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_deliverynote_adressrow', $_REQUEST['wpsg_mod_deliverynote_adressrow'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_deliverynote_produktattribute', $_REQUEST['wpsg_mod_deliverynote_produktattribute'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_deliverynote_hideCountry', $_REQUEST['wpsg_mod_deliverynote_hideCountry'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_deliverynote_anr', $_REQUEST['wpsg_mod_deliverynote_anr'], false, false, "key");
 
 			if (file_exists($_FILES['wpsg_mod_deliverynote_bp']['tmp_name']))
@@ -192,5 +192,5 @@
 
 			}
-			else if ((array_key_exists('wpsg_mod_deliverynote_logo_del', $_REQUEST)) && ($_REQUEST['wpsg_mod_deliverynote_logo_del'] == "1"))
+			else if ((array_key_exists('wpsg_mod_deliverynote_logo_del', $_REQUEST)) && (wpsg_sinput("key", $_REQUEST['wpsg_mod_deliverynote_logo_del']) == "1"))
 			{
 
@@ -202,5 +202,5 @@
 
 			$this->shop->update_option("wpsg_mod_deliverynote_logo_position", $wpsg_mod_deliverynote_logo_position ? $wpsg_mod_deliverynote_logo_position : null);
-			$this->shop->update_option("wpsg_mod_deliverynote_logo_transparency", $_REQUEST['wpsg_mod_deliverynote_logo_transparency']);
+			$this->shop->update_option("wpsg_mod_deliverynote_logo_transparency", $_REQUEST['wpsg_mod_deliverynote_logo_transparency'], false, false, "key");
 
 		} // public function settings_save()
@@ -217,6 +217,6 @@
 		{ 
 			
-			$this->shop->update_option('wpsg_mod_deliverynote_pdf_beschreibung', $_REQUEST['wpsg_mod_deliverynote_pdf_beschreibung']);
-			if ($this->shop->hasMod('wpsg_mod_productvariants')) $this->shop->update_option('wpsg_mod_deliverynote_pdf_varianten', $_REQUEST['wpsg_mod_deliverynote_pdf_varianten']);
+			$this->shop->update_option('wpsg_mod_deliverynote_pdf_beschreibung', $_REQUEST['wpsg_mod_deliverynote_pdf_beschreibung'], false, false, "key");
+			if ($this->shop->hasMod('wpsg_mod_productvariants')) $this->shop->update_option('wpsg_mod_deliverynote_pdf_varianten', $_REQUEST['wpsg_mod_deliverynote_pdf_varianten'], false, false, "key");
 			
 		} // public function admin_presentation_submit()
@@ -224,5 +224,7 @@
 		public function order_ajax()
 		{
-			
+
+			if(isset($_REQUEST['edit_id'])) $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+
 			if (isset($_REQUEST['wpsg_mod_deliverynote_preview']))
 			{
@@ -232,6 +234,6 @@
 					$_REQUEST['edit_id'],
 					explode(',', $_REQUEST['wpsg_mod_deliverynote_productindexes']),
-					$_REQUEST['wpsg_mod_deliverynote_fusstext'],
-					strtotime($_REQUEST['wpsg_mod_deliverynote_date']),
+					wpsg_sinput("text_field", $_REQUEST['wpsg_mod_deliverynote_fusstext']),
+					strtotime(wpsg_sinput("key", $_REQUEST['wpsg_mod_deliverynote_date'])),
 					true
 				);
@@ -261,5 +263,5 @@
 				$lnr = $this->buildLnr($_REQUEST['edit_id']);
 				
-				$arProductIndexes = explode(',', $_REQUEST['wpsg_mod_deliverynote_productindexes']);
+				$arProductIndexes = explode(',', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_deliverynote_productindexes']));
 				
 				foreach ($arProductIndexes as $product_key)
@@ -274,7 +276,7 @@
 					'order_id' => wpsg_q($_REQUEST['edit_id']),
 					'cdate' => "NOW()",
-					'delivery_date' => date('Y-m-d', strtotime($_REQUEST['wpsg_mod_deliverynote_date'])),
+					'delivery_date' => date('Y-m-d', strtotime(wpsg_sinput("key", $_REQUEST['wpsg_mod_deliverynote_date']))),
 					'lnr' => wpsg_q($lnr),
-					'note' => wpsg_q($_REQUEST['wpsg_mod_deliverynote_fusstext']),
+					'note' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['wpsg_mod_deliverynote_fusstext'])),
 					'cancel' => '0',
 					'product_indexes' => wpsg_q($_REQUEST['wpsg_mod_deliverynote_productindexes'])
@@ -287,6 +289,6 @@
 					$_REQUEST['edit_id'], 
 					explode(',', $_REQUEST['wpsg_mod_deliverynote_productindexes']), 
-					$_REQUEST['wpsg_mod_deliverynote_fusstext'], 
-					strtotime($_REQUEST['wpsg_mod_deliverynote_date']),
+					wpsg_sinput("text_field", $_REQUEST['wpsg_mod_deliverynote_fusstext']),
+					strtotime(wpsg_sinput("key", $_REQUEST['wpsg_mod_deliverynote_date'])),
 					false,
 					$lnr,
@@ -314,5 +316,5 @@
 					{
 						
-						$this->sendDeliveryMail($_REQUEST['edit_id'], $dn_id, $_REQUEST['wpsg_mod_deliverynote_email']);
+						$this->sendDeliveryMail($_REQUEST['edit_id'], $dn_id, wpsg_sinput("email", $_REQUEST['wpsg_mod_deliverynote_email']));
 						
 					}
@@ -337,5 +339,5 @@
 					{
 					
-						$this->shop->setOrderStatus($_REQUEST['edit_id'], $_REQUEST['wpsg_mod_deliverynote_status'], 0);
+						$this->shop->setOrderStatus($_REQUEST['edit_id'], wpsg_sinput("key", $_REQUEST['wpsg_mod_deliverynote_status']), 0);
 						
 					}
@@ -359,5 +361,5 @@
 		{ 
 
-			if (wpsg_deliverynote::checkProductKey($p['product_index'], $_REQUEST['edit_id']))
+			if (wpsg_deliverynote::checkProductKey($p['product_index'], wpsg_sinput("key", $_REQUEST['edit_id'])))
 			{
 			
@@ -449,5 +451,6 @@
 				if (!is_array($foot_text)) $foot_text = @unserialize($foot_text);
 				if (!is_array($foot_text)) $foot_text = array();
-				
+
+				$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
 				$foot_text[$_REQUEST['field_id']][$_REQUEST['field']] = $_REQUEST['value'];
 				
Index: /mods/wpsg_mod_deliverytime.class.php
===================================================================
--- /mods/wpsg_mod_deliverytime.class.php	(revision 7397)
+++ /mods/wpsg_mod_deliverytime.class.php	(revision 7398)
@@ -139,31 +139,31 @@
 		{
 
-			$this->shop->update_option('wpsg_mod_deliverytime_mode', $_REQUEST['wpsg_mod_deliverytime_mode']);
-			$this->shop->update_option('wpsg_mod_deliverytime_mode_select_values', $_REQUEST['wpsg_mod_deliverytime_mode_select_values']);
-			$this->shop->update_option('wpsg_mod_deliverytime_mode_select_default', $_REQUEST['wpsg_mod_deliverytime_mode_select_default']);
-			$this->shop->update_option('wpsg_mod_deliverytime_mode_days_default', $_REQUEST['wpsg_mod_deliverytime_mode_days_default']);
-
-			$this->shop->update_option('wpsg_mod_deliverytime_store', $_REQUEST['wpsg_mod_deliverytime_store']);
-			$this->shop->update_option('wpsg_mod_deliverytime_storetext', $_REQUEST['wpsg_mod_deliverytime_storetext']);
-			$this->shop->update_option('wpsg_page_mod_deliverytime_storelink', $_REQUEST['wpsg_page_mod_deliverytime_storelink']);
-
-			$this->shop->update_option('wpsg_mod_deliverytime_show_product', $_REQUEST['wpsg_mod_deliverytime_show_product']);
-			$this->shop->update_option('wpsg_mod_deliverytime_show_basket', $_REQUEST['wpsg_mod_deliverytime_show_basket']);
-			$this->shop->update_option('wpsg_mod_deliverytime_show_overview', $_REQUEST['wpsg_mod_deliverytime_show_overview']);
-			$this->shop->update_option('wpsg_mod_deliverytime_show_mail', $_REQUEST['wpsg_mod_deliverytime_show_mail']);
-			$this->shop->update_option('wpsg_mod_deliverytime_source', $_REQUEST['wpsg_mod_deliverytime_source']);
-			
-			$this->shop->update_option('wpsg_mod_deliverytime_delay', $_REQUEST['wpsg_mod_deliverytime_delay']);
-			$this->shop->update_option('wpsg_mod_deliverytime_delayText', $_REQUEST['wpsg_mod_deliverytime_delayText']);
-			$this->shop->update_option('wpsg_mod_deliverytime_delayTime', $_REQUEST['wpsg_mod_deliverytime_delayTime']);
-			
-			$this->shop->update_option('wpsg_mod_deliverytime_holiday', $_REQUEST['wpsg_mod_deliverytime_holiday']);
-			$this->shop->update_option('wpsg_mod_deliverytime_holidayStart', $_REQUEST['wpsg_mod_deliverytime_holidayStart']);
-			$this->shop->update_option('wpsg_mod_deliverytime_holidayEnd', $_REQUEST['wpsg_mod_deliverytime_holidayEnd']);
-			$this->shop->update_option('wpsg_mod_deliverytime_holidaytext', $_REQUEST['wpsg_mod_deliverytime_holidaytext']);
-			$this->shop->update_option('wpsg_mod_deliverytime_productindex', $_REQUEST['wpsg_mod_deliverytime_productindex']); 
-			
-			$this->shop->addTranslationString('wpsg_mod_deliverytime_mode_select_values', $_REQUEST['wpsg_mod_deliverytime_mode_select_values']);
-			$this->shop->addTranslationString('wpsg_mod_deliverytime_mode_select_default', $_REQUEST['wpsg_mod_deliverytime_mode_select_default']);
+			$this->shop->update_option('wpsg_mod_deliverytime_mode', $_REQUEST['wpsg_mod_deliverytime_mode'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_deliverytime_mode_select_values', $_REQUEST['wpsg_mod_deliverytime_mode_select_values'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_deliverytime_mode_select_default', $_REQUEST['wpsg_mod_deliverytime_mode_select_default'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_deliverytime_mode_days_default', $_REQUEST['wpsg_mod_deliverytime_mode_days_default'], false, false, "key");
+
+			$this->shop->update_option('wpsg_mod_deliverytime_store', $_REQUEST['wpsg_mod_deliverytime_store'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_deliverytime_storetext', $_REQUEST['wpsg_mod_deliverytime_storetext'], false, false, "text_field");
+			$this->shop->update_option('wpsg_page_mod_deliverytime_storelink', $_REQUEST['wpsg_page_mod_deliverytime_storelink'], false, false, "key");
+
+			$this->shop->update_option('wpsg_mod_deliverytime_show_product', $_REQUEST['wpsg_mod_deliverytime_show_product'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_deliverytime_show_basket', $_REQUEST['wpsg_mod_deliverytime_show_basket'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_deliverytime_show_overview', $_REQUEST['wpsg_mod_deliverytime_show_overview'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_deliverytime_show_mail', $_REQUEST['wpsg_mod_deliverytime_show_mail'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_deliverytime_source', wpsg_xss($_REQUEST['wpsg_mod_deliverytime_source']));
+			
+			$this->shop->update_option('wpsg_mod_deliverytime_delay', $_REQUEST['wpsg_mod_deliverytime_delay'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_deliverytime_delayText', $_REQUEST['wpsg_mod_deliverytime_delayText'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_deliverytime_delayTime', $_REQUEST['wpsg_mod_deliverytime_delayTime'], false, false, "key", ["isFloat"]);
+			
+			$this->shop->update_option('wpsg_mod_deliverytime_holiday', $_REQUEST['wpsg_mod_deliverytime_holiday'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_deliverytime_holidayStart', wpsg_xss($_REQUEST['wpsg_mod_deliverytime_holidayStart']));
+			$this->shop->update_option('wpsg_mod_deliverytime_holidayEnd', wpsg_xss($_REQUEST['wpsg_mod_deliverytime_holidayEnd']));
+			$this->shop->update_option('wpsg_mod_deliverytime_holidaytext', $_REQUEST['wpsg_mod_deliverytime_holidaytext'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_deliverytime_productindex', $_REQUEST['wpsg_mod_deliverytime_productindex'], false, false, "key");
+			
+			$this->shop->addTranslationString('wpsg_mod_deliverytime_mode_select_values', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_deliverytime_mode_select_values']));
+			$this->shop->addTranslationString('wpsg_mod_deliverytime_mode_select_default', wpsg_sinput("key", $_REQUEST['wpsg_mod_deliverytime_mode_select_default']));
 						
 
@@ -173,18 +173,18 @@
 		{
 
-			$produkt_data['wpsg_mod_deliverytime_deliverytime'] = wpsg_q($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_deliverytime']);
-			$produkt_data['wpsg_mod_deliverytime_storeproduct'] = wpsg_q(wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_storeproduct']));
+			$produkt_data['wpsg_mod_deliverytime_deliverytime'] = wpsg_q(wpsg_sinput("text_field", $_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_deliverytime']));
+			$produkt_data['wpsg_mod_deliverytime_storeproduct'] = wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_storeproduct'])));
 
 			// Neue Felder im Produkt
-			$produkt_data['wpsg_mod_deliverytime_storetext'] = wpsg_q(wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_storetext']));
-			$produkt_data['wpsg_mod_deliverytime_storelink'] = wpsg_q(wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_storelink']));
-			$produkt_data['wpsg_mod_deliverytime_source'] = wpsg_q(wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_source']));
-			$produkt_data['wpsg_mod_deliverytime_delay'] = wpsg_q(wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_delay']));
-			$produkt_data['wpsg_mod_deliverytime_delaytext'] = wpsg_q(wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_delaytext']));
-			$produkt_data['wpsg_mod_deliverytime_delaytime'] = wpsg_q(wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_delaytime']));
-			$produkt_data['wpsg_mod_deliverytime_holiday'] = wpsg_q(wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_holiday']));
-			$produkt_data['wpsg_mod_deliverytime_holidaytext'] = wpsg_q(wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_holidaytext']));
-			$produkt_data['wpsg_mod_deliverytime_holidayStart'] = wpsg_q(wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_holidayStart']));
-			$produkt_data['wpsg_mod_deliverytime_holidayEnd'] = wpsg_q(wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_holidayEnd']));
+			$produkt_data['wpsg_mod_deliverytime_storetext'] = wpsg_q(wpsg_sinput("text_field", wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_storetext'])));
+			$produkt_data['wpsg_mod_deliverytime_storelink'] = wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_storelink'])));
+			$produkt_data['wpsg_mod_deliverytime_source'] = wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_source'])));
+			$produkt_data['wpsg_mod_deliverytime_delay'] = wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_delay'])));
+			$produkt_data['wpsg_mod_deliverytime_delaytext'] = wpsg_q(wpsg_sinput("text_field", wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_delaytext'])));
+			$produkt_data['wpsg_mod_deliverytime_delaytime'] = wpsg_tf(wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_delaytime']), "isFloat")));
+			$produkt_data['wpsg_mod_deliverytime_holiday'] = wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_holiday'])));
+			$produkt_data['wpsg_mod_deliverytime_holidaytext'] = wpsg_q(wpsg_sinput("text_field", wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_holidaytext'])));
+			$produkt_data['wpsg_mod_deliverytime_holidayStart'] = wpsg_q(wpsg_xss(wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_holidayStart'])));
+			$produkt_data['wpsg_mod_deliverytime_holidayEnd'] = wpsg_q(wpsg_xss(wpsg_getStr($_REQUEST['wpsg_mod_deliverytime']['wpsg_mod_deliverytime_holidayEnd'])));
 			
 		} // public function produkt_save_before(&$produkt_data)
Index: /mods/wpsg_mod_discount.class.php
===================================================================
--- /mods/wpsg_mod_discount.class.php	(revision 7397)
+++ /mods/wpsg_mod_discount.class.php	(revision 7398)
@@ -63,12 +63,12 @@
 		{
 
-			$this->shop->update_option('wpsg_mod_discount_productdiscount', $_REQUEST['wpsg_mod_discount_productdiscount']);
-			$this->shop->update_option('wpsg_mod_discount_universal', $_REQUEST['wpsg_mod_discount_universal']);
-			$this->shop->update_option("wpsg_mod_discount_universal_from", $_REQUEST['wpsg_mod_discount_universal_from']);
-			$this->shop->update_option("wpsg_mod_discount_universal_to", $_REQUEST['wpsg_mod_discount_universal_to']);
-			$this->shop->update_option("wpsg_mod_discount_universal_value", wpsg_ff(wpsg_tf($_REQUEST['wpsg_mod_discount_universal_value'], true)));
-			if ($this->shop->hasMod('wpsg_mod_productgroups')) $this->shop->update_option('wpsg_mod_discount_productgroupdiscount', $_REQUEST['wpsg_mod_discount_productgroupdiscount']);
-			if ($this->shop->hasMod('wpsg_mod_customergroup')) $this->shop->update_option('wpsg_mod_discount_customergroup', $_REQUEST['wpsg_mod_discount_customergroup']);
-			$this->shop->update_option('wpsg_mod_discount_show', $_REQUEST['wpsg_mod_discount_show']);
+			$this->shop->update_option('wpsg_mod_discount_productdiscount', $_REQUEST['wpsg_mod_discount_productdiscount'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_discount_universal', $_REQUEST['wpsg_mod_discount_universal'], false, false, "key");
+			$this->shop->update_option("wpsg_mod_discount_universal_from", wpsg_xss($_REQUEST['wpsg_mod_discount_universal_from']));
+			$this->shop->update_option("wpsg_mod_discount_universal_to", wpsg_xss($_REQUEST['wpsg_mod_discount_universal_to']));
+			$this->shop->update_option("wpsg_mod_discount_universal_value", wpsg_ff($_REQUEST['wpsg_mod_discount_universal_value']), false, false, "key", ["isFloat"]);
+			if ($this->shop->hasMod('wpsg_mod_productgroups')) $this->shop->update_option('wpsg_mod_discount_productgroupdiscount', $_REQUEST['wpsg_mod_discount_productgroupdiscount'], false, false, "key");
+			if ($this->shop->hasMod('wpsg_mod_customergroup')) $this->shop->update_option('wpsg_mod_discount_customergroup', $_REQUEST['wpsg_mod_discount_customergroup'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_discount_show', $_REQUEST['wpsg_mod_discount_show'], false, false, "key");
 			$this->shop->update_option('wpsg_mod_discount_hierarchie', implode(',', $_REQUEST['wpsg_mod_discount_hierarchie']));
 
@@ -143,9 +143,9 @@
 			$this->shop->update_option("wpsg_mod_discount_data", serialize($data_rabatt));
 
-			$this->shop->update_option('wpsg_mod_discount_stopRabatt', $_REQUEST['wpsg_mod_discount_stopRabatt']);
-
-			$this->shop->update_option('wpsg_mod_discount_showBasket', $_REQUEST['wpsg_mod_discount_showBasket']);
-
-			$this->shop->update_option('wpsg_mod_discount_voucher', $_REQUEST['wpsg_mod_discount_voucher']);
+			$this->shop->update_option('wpsg_mod_discount_stopRabatt', $_REQUEST['wpsg_mod_discount_stopRabatt'], false, false, "key");
+
+			$this->shop->update_option('wpsg_mod_discount_showBasket', $_REQUEST['wpsg_mod_discount_showBasket'], false, false, "key");
+
+			$this->shop->update_option('wpsg_mod_discount_voucher', $_REQUEST['wpsg_mod_discount_voucher'], false, false, "key");
 			
 		} // public function settings_save()
@@ -375,5 +375,10 @@
 			 * Ich speichere die Rabatteinstellungen in einem Feld innerhalb der Produktgruppe das Trennzeichen ist "_"
 			 */
-			$rabatt_str = $_REQUEST['wpsg_mod_discount']['discount_aktiv'].'_'.$_REQUEST['wpsg_mod_discount']['discount_from'].'_'.$_REQUEST['wpsg_mod_discount']['discount_to'].'_'.wpsg_tf($_REQUEST['wpsg_mod_discount']['discount_value'], true);
+			$dis_aktiv = wpsg_sinput("key", $_REQUEST['wpsg_mod_discount']['discount_aktiv']);
+			$dis_from = wpsg_sinput("text_field", $_REQUEST['wpsg_mod_discount']['discount_from']);
+			$dis_to = wpsg_sinput("text_field", $_REQUEST['wpsg_mod_discount']['discount_to']);
+			$dis_val = wpsg_tf(wpsg_sinput("key", $_REQUEST['wpsg_mod_discount']['discount_value'], "isFloat"));
+
+			$rabatt_str = $dis_aktiv.'_'.$dis_from.'_'.$dis_to.'_'.wpsg_tf($dis_val, true);
 
 			$this->db->UpdateQuery(WPSG_TBL_PRODUCTS_GROUP, array(
@@ -392,5 +397,14 @@
 			 */
 			if (isset($_REQUEST['wpsg_mod_discount']))
-				$rabatt_str = $_REQUEST['wpsg_mod_discount']['discount_aktiv']."_".$_REQUEST['wpsg_mod_discount']['discount_from']."_".$_REQUEST['wpsg_mod_discount']['discount_to']."_".wpsg_tf($_REQUEST['wpsg_mod_discount']['discount_value'], true);
+			{
+
+				$dis_active = wpsg_sinput("key", $_REQUEST['wpsg_mod_discount']['discount_aktiv']);
+				$dis_from = wpsg_sinput("text_field", $_REQUEST['wpsg_mod_discount']['discount_from']);
+				$dis_to = wpsg_sinput("text_field", $_REQUEST['wpsg_mod_discount']['discount_to']);
+				$dis_value = wpsg_tf(wpsg_sinput("key", $_REQUEST['wpsg_mod_discount']['discount_value'], "isFloat"));
+
+				$rabatt_str = $dis_active."_".$dis_from."_".$dis_to."_".wpsg_tf($dis_value, true);
+
+			}
 
 			$this->db->UpdateQuery(WPSG_TBL_PRODUCTS, array(
@@ -413,5 +427,5 @@
 
 			$this->db->UpdateQuery(WPSG_TBL_KG, array(
-				'discount' => wpsg_q($_REQUEST['wpsg_mod_discount']['discount'])
+				'discount' => wpsg_q(wpsg_tf(wpsg_sinput("key", $_REQUEST['wpsg_mod_discount']['discount'], "isFloat")))
 			), " `id` = '".wpsg_q($customergroup_id)."' ");
 
Index: /mods/wpsg_mod_downloadplus.class.php
===================================================================
--- /mods/wpsg_mod_downloadplus.class.php	(revision 7397)
+++ /mods/wpsg_mod_downloadplus.class.php	(revision 7398)
@@ -139,32 +139,32 @@
     {
 
-        $this->shop->update_option('wpsg_mod_downloadplus_text', $_REQUEST['text']);
-        $this->shop->update_option('wpsg_mod_downloadplus_filename', $_REQUEST['wpsg_mod_downloadplus_filename']);
-        $this->shop->update_option('wpsg_mod_downloadplus_indiv_mode', $_REQUEST['wpsg_mod_downloadplus_indiv_mode']);
-        $this->shop->update_option('wpsg_mod_downloadplus_autosend', $_REQUEST['wpsg_mod_downloadplus_autosend']);
-        $this->shop->update_option('wpsg_mod_downloadplus_shipping', $_REQUEST['wpsg_mod_downloadplus_shipping']);
-        $this->shop->update_option('wpsg_mod_downloadplus_einsplusx', $_REQUEST['wpsg_mod_downloadplus_einsplusx']);
-        $this->shop->update_option('wpsg_mod_downloadplus_accepted', $_REQUEST['wpsg_mod_downloadplus_accepted']);
-        $this->shop->update_option('wpsg_mod_downloadplus_days', $_REQUEST['wpsg_mod_downloadplus_days']);
-        $this->shop->update_option('wpsg_mod_downloadplus_downloads', $_REQUEST['wpsg_mod_downloadplus_downloads']);
-        $this->shop->update_option('wpsg_mod_downloadplus_cleanraiddownloads', $_REQUEST['wpsg_mod_downloadplus_cleanraiddownloads']);
-        $this->shop->update_option('wpsg_mod_downloadplus_cleanolddownloads', $_REQUEST['wpsg_mod_downloadplus_cleanolddownloads']);
-        $this->shop->update_option('wpsg_mod_downloadplus_pdfpath', $_REQUEST['wpsg_mod_downloadplus_pdfpath']);
-        $this->shop->update_option('wpsg_mod_downloadplus_pdfindivpath', $_REQUEST['wpsg_mod_downloadplus_pdfindivpath']);
-        $this->shop->update_option('wpsg_mod_downloadplus_range', $_REQUEST['wpsg_mod_downloadplus_range']);
-        $this->shop->update_option('wpsg_mod_downloadplus_range_von', $_REQUEST['wpsg_mod_downloadplus_range_von']);
-        $this->shop->update_option('wpsg_mod_downloadplus_range_bis', $_REQUEST['wpsg_mod_downloadplus_range_bis']);
-        $this->shop->update_option('wpsg_mod_downloadplus_masterpass', $_REQUEST['wpsg_mod_downloadplus_masterpass']);
-        $this->shop->update_option('wpsg_mod_downloadplus_openpass', $_REQUEST['wpsg_mod_downloadplus_openpass']);
-        $this->shop->update_option('wpsg_mod_downloadplus_securitysave', $_REQUEST['wpsg_mod_downloadplus_securitysave']);
-        $this->shop->update_option('wpsg_mod_downloadplus_securityprint', $_REQUEST['wpsg_mod_downloadplus_securityprint']);
-        $this->shop->update_option('wpsg_mod_downloadplus_securitymod', $_REQUEST['wpsg_mod_downloadplus_securitymod']);
-        $this->shop->update_option('wpsg_mod_downloadplus_securitynote', $_REQUEST['wpsg_mod_downloadplus_securitynote']);
-        $this->shop->update_option('wpsg_mod_downloadplus_format', $_REQUEST['wpsg_mod_downloadplus_format']);
-        $this->shop->update_option('wpsg_mod_downloadplus_memorylimit', $_REQUEST['wpsg_mod_downloadplus_memorylimit']);
-        $this->shop->update_option('wpsg_mod_downloadplus_timelimit', $_REQUEST['wpsg_mod_downloadplus_timelimit']);
-        $this->shop->update_option('wpsg_mod_downloadplus_numberformat', $_REQUEST['wpsg_mod_downloadplus_numberformat']);
-        $this->shop->update_option('wpsg_mod_downloadplus_startnumber', $_REQUEST['wpsg_mod_downloadplus_startnumber']);
-        $this->shop->update_option('wpsg_mod_downloadplus_attachement', $_REQUEST['wpsg_mod_downloadplus_attachement']);
+        $this->shop->update_option('wpsg_mod_downloadplus_text', $_REQUEST['text'], false, false, "wpsg_txt_tbl");
+        $this->shop->update_option('wpsg_mod_downloadplus_filename', $_REQUEST['wpsg_mod_downloadplus_filename'], false, false, "text_field");
+        $this->shop->update_option('wpsg_mod_downloadplus_indiv_mode', $_REQUEST['wpsg_mod_downloadplus_indiv_mode'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_autosend', $_REQUEST['wpsg_mod_downloadplus_autosend'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_shipping', $_REQUEST['wpsg_mod_downloadplus_shipping'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_einsplusx', $_REQUEST['wpsg_mod_downloadplus_einsplusx'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_accepted', $_REQUEST['wpsg_mod_downloadplus_accepted'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_days', $_REQUEST['wpsg_mod_downloadplus_days'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_downloads', $_REQUEST['wpsg_mod_downloadplus_downloads'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_cleanraiddownloads', $_REQUEST['wpsg_mod_downloadplus_cleanraiddownloads'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_cleanolddownloads', $_REQUEST['wpsg_mod_downloadplus_cleanolddownloads'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_pdfpath', $_REQUEST['wpsg_mod_downloadplus_pdfpath'], false, false, "text_field");
+        $this->shop->update_option('wpsg_mod_downloadplus_pdfindivpath', $_REQUEST['wpsg_mod_downloadplus_pdfindivpath'], false, false, "text_field");
+        $this->shop->update_option('wpsg_mod_downloadplus_range', $_REQUEST['wpsg_mod_downloadplus_range'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_range_von', $_REQUEST['wpsg_mod_downloadplus_range_von'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_range_bis', $_REQUEST['wpsg_mod_downloadplus_range_bis'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_masterpass', $_REQUEST['wpsg_mod_downloadplus_masterpass'], false, false, "text_field");
+        $this->shop->update_option('wpsg_mod_downloadplus_openpass', $_REQUEST['wpsg_mod_downloadplus_openpass'], false, false, "text_field");
+        $this->shop->update_option('wpsg_mod_downloadplus_securitysave', $_REQUEST['wpsg_mod_downloadplus_securitysave'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_securityprint', $_REQUEST['wpsg_mod_downloadplus_securityprint'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_securitymod', $_REQUEST['wpsg_mod_downloadplus_securitymod'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_securitynote', $_REQUEST['wpsg_mod_downloadplus_securitynote'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_format', $_REQUEST['wpsg_mod_downloadplus_format'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_memorylimit', $_REQUEST['wpsg_mod_downloadplus_memorylimit'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_timelimit', $_REQUEST['wpsg_mod_downloadplus_timelimit'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_numberformat', $_REQUEST['wpsg_mod_downloadplus_numberformat'], false, false, "text_field");
+        $this->shop->update_option('wpsg_mod_downloadplus_startnumber', $_REQUEST['wpsg_mod_downloadplus_startnumber'], false, false, "key");
+        $this->shop->update_option('wpsg_mod_downloadplus_attachement', $_REQUEST['wpsg_mod_downloadplus_attachement'], false, false, "key");
 
     } // public function settings_save()
@@ -207,4 +207,9 @@
     public function produkt_ajax()
     {
+
+    	if(isset($_REQUEST['file']))
+		    $_REQUEST['file'] = wpsg_sinput("text_field", $_REQUEST['file']);
+
+	    $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
 
         if ($_REQUEST['cmd'] == 'upload_file')
@@ -355,4 +360,8 @@
 
     public function order_ajax() {
+
+	    $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+	    $_REQUEST['product_key'] = wpsg_sinput("key", $_REQUEST['product_key']);
+	    $_REQUEST['product_index'] = wpsg_sinput("key", $_REQUEST['product_index']);
 
         if ($_REQUEST['cmd'] == 'schedule_file')
Index: /mods/wpsg_mod_downloadprodukte.class.php
===================================================================
--- /mods/wpsg_mod_downloadprodukte.class.php	(revision 7397)
+++ /mods/wpsg_mod_downloadprodukte.class.php	(revision 7398)
@@ -65,11 +65,11 @@
 		{
 
-			$this->shop->update_option('wpsg_mod_downloadprodukte_zt', wpsg_q($_REQUEST['wpsg_mod_downloadprodukte_zt']));
-			$this->shop->update_option('wpsg_mod_downloadprodukte_days', wpsg_q($_REQUEST['wpsg_mod_downloadprodukte_days']));
-			$this->shop->update_option('wpsg_mod_downloadprodukte_raid', wpsg_q($_REQUEST['wpsg_mod_downloadprodukte_raid']));
-			$this->shop->update_option('wpsg_mod_downloadprodukte_zip', wpsg_q($_REQUEST['wpsg_mod_downloadprodukte_zip']));
-			$this->shop->update_option('wpsg_mod_downloadprodukte_shipping', wpsg_q($_REQUEST['wpsg_mod_downloadprodukte_shipping']));
-			$this->shop->update_option('wpsg_mod_downloadprodukte_einsplusx', wpsg_q($_REQUEST['wpsg_mod_downloadprodukte_einsplusx']));
-			$this->shop->update_option('wpsg_mod_downloadprodukte_ziptemp', $_REQUEST['wpsg_mod_downloadprodukte_ziptemp']);
+			$this->shop->update_option('wpsg_mod_downloadprodukte_zt', wpsg_q($_REQUEST['wpsg_mod_downloadprodukte_zt']), false, false, "key");
+			$this->shop->update_option('wpsg_mod_downloadprodukte_days', wpsg_q($_REQUEST['wpsg_mod_downloadprodukte_days']), false, false, "key");
+			$this->shop->update_option('wpsg_mod_downloadprodukte_raid', wpsg_q($_REQUEST['wpsg_mod_downloadprodukte_raid']), false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_downloadprodukte_zip', wpsg_q($_REQUEST['wpsg_mod_downloadprodukte_zip']), false, false, "key");
+			$this->shop->update_option('wpsg_mod_downloadprodukte_shipping', wpsg_q($_REQUEST['wpsg_mod_downloadprodukte_shipping']), false, false, "key");
+			$this->shop->update_option('wpsg_mod_downloadprodukte_einsplusx', wpsg_q($_REQUEST['wpsg_mod_downloadprodukte_einsplusx']), false, false, "key");
+			$this->shop->update_option('wpsg_mod_downloadprodukte_ziptemp', $_REQUEST['wpsg_mod_downloadprodukte_ziptemp'], false, false, "text_field");
 			
 		} // public function settings_save()
@@ -117,5 +117,7 @@
 		public function produkt_ajax() 
 		{
-			
+
+			$_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+
 			if ($_REQUEST['cmd'] == 'upload_file')
 			{
Index: /mods/wpsg_mod_export.class.php
===================================================================
--- /mods/wpsg_mod_export.class.php	(revision 7397)
+++ /mods/wpsg_mod_export.class.php	(revision 7398)
@@ -172,5 +172,5 @@
 		{
 						 
-			$arProfile = array_values($_REQUEST['wpsg_mod_export_profile']);
+			$arProfile = wpsg_xss(array_values($_REQUEST['wpsg_mod_export_profile']));
 			
 			set_time_limit(300);
@@ -438,8 +438,8 @@
 			else if ($_REQUEST['do'] == 'inlinedit')
 			{
-			    
+
 				if (preg_match('/field_/', $_REQUEST['name']) && !in_array($_REQUEST['name'], ['field_delimiter', 'field_enclosure', 'field_escape']))
 				{
-					
+
 					// Feldwert wurde bearbeitet
 					$field_id = preg_replace('/(.*)\_/', '', $_REQUEST['name']);
@@ -449,5 +449,5 @@
 					{
 						
-						case 'field_name': $col = 'name'; break;
+						case 'field_name': $col = 'name'; $_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']); break;
 						case 'field_format': $col = 'format'; break;
 						case 'field_userformat': $col = 'userformat'; break;
@@ -460,5 +460,5 @@
 					
 					$this->db->UpdateQuery(WPSG_TBL_EXPORTPROFILE_FIELDS, array(
-						wpsg_q($col) => wpsg_q($_REQUEST['value']) 
+						wpsg_q($col) => wpsg_q(wpsg_xss($_REQUEST['value']))
 					), " `id` = '".wpsg_q($field_id)."' ");
 					
@@ -469,5 +469,5 @@
 				else if (preg_match('/orderfilter_/', $_REQUEST['name']))
 				{
-					
+
 					// Wert aus dem Bestellfilter wurde bearbeitet					
 					$col = substr($_REQUEST['name'], 12);
@@ -476,5 +476,5 @@
 					{
 						
-						case 's': $col = 's'; break;
+						case 's': $col = 's'; $_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']); break;
 						case 'k_id': $col = 'k_id'; break;
 						case 'status': $col = 'status'; break;
@@ -507,19 +507,19 @@
 				{
 					
-					case 'name': $col = 'name'; break;
-					case 'filename': $col = 'filename'; break;
+					case 'name': $col = 'name'; $_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']); break;
+					case 'filename': $col = 'filename'; $_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']); break;
 					case 'file_encoding': $col = 'file_encoding'; break;
 					case 'format': $col = 'format'; break;
-					case 'field_delimiter': $col = 'field_delimiter'; break;
-		   	  		case 'field_enclosure': $col = 'field_enclosure'; break;
-					case 'field_escape': $col = 'field_escape'; break;
+					case 'field_delimiter': $col = 'field_delimiter'; $_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']); break;
+		   	  		case 'field_enclosure': $col = 'field_enclosure'; $_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']); break;
+					case 'field_escape': $col = 'field_escape'; $_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']); break;
 					case 'order_online': $col = 'order_online'; break;
-					case 'field_delimiter': $col = 'field_delimiter'; break;
-					case 'field_enclosure': $col = 'field_enclosure'; break;
-					case 'field_escape': $col = 'field_escape'; break;
+					case 'field_delimiter': $col = 'field_delimiter'; $_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']); break;
+					case 'field_enclosure': $col = 'field_enclosure'; $_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']); break;
+					case 'field_escape': $col = 'field_escape'; $_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']); break;
 					case 'order_onetime': $col = 'order_onetime'; break;
 					case 'csv_fieldnames': $col = 'csv_fieldnames'; break; 
 					case 'cron_interval': $col = 'cron_interval'; break;
-					case 'cron_path': $col = 'cron_path'; break;
+					case 'cron_path': $col = 'cron_path'; $_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']); break;
 					case 'xml_roottag': $col = 'xml_roottag'; break;
 					case 'xml_ordertag': $col = 'xml_ordertag'; break;
@@ -531,5 +531,5 @@
 					
 				}
-				
+
 				$this->db->UpdateQuery(WPSG_TBL_EXPORTPROFILE, array(
 					wpsg_q($col) => wpsg_q($_REQUEST['value']) 
Index: /mods/wpsg_mod_flexipay.class.php
===================================================================
--- /mods/wpsg_mod_flexipay.class.php	(revision 7397)
+++ /mods/wpsg_mod_flexipay.class.php	(revision 7398)
@@ -92,22 +92,22 @@
 		{
 		
-			$this->shop->update_option('wpsg_mod_flexipay_integratormode', $_REQUEST['wpsg_mod_flexipay_integratormode']);
-			$this->shop->update_option('wpsg_mod_flexipay_sender', $_REQUEST['wpsg_mod_flexipay_sender']);
-			$this->shop->update_option('wpsg_mod_flexipay_channelid', $_REQUEST['wpsg_mod_flexipay_channelid']);
-			$this->shop->update_option('wpsg_mod_flexipay_userid', $_REQUEST['wpsg_mod_flexipay_userid']);
-			$this->shop->update_option('wpsg_mod_flexipay_password', $_REQUEST['wpsg_mod_flexipay_password']);
-		
-			$this->shop->update_option('wpsg_mod_flexipay_activ', $_REQUEST['wpsg_mod_flexipay_activ']);
-			$this->shop->update_option('wpsg_mod_flexipay_paymenttypes', implode(' ', $_REQUEST['wpsg_mod_flexipay_paymenttypes']));
-			$this->shop->update_option('wpsg_mod_flexipay_name', $_REQUEST['wpsg_mod_flexipay_name']); $this->shop->addTranslationString('wpsg_mod_flexipay_name', $_REQUEST['wpsg_mod_flexipay_name']);
-			$this->shop->update_option('wpsg_mod_flexipay_hint', $_REQUEST['wpsg_mod_flexipay_hint']); $this->shop->addTranslationString('wpsg_mod_flexipay_hint', $_REQUEST['wpsg_mod_flexipay_hint']);
-			$this->shop->update_option('wpsg_mod_flexipay_logo', $_REQUEST['wpsg_mod_flexipay_logo']);
-			$this->shop->update_option('wpsg_mod_flexipay_language', $_REQUEST['wpsg_mod_flexipay_language']);
-			$this->shop->update_option('wpsg_mod_flexipay_gebuehr', $_REQUEST['wpsg_mod_flexipay_gebuehr']);
-			$this->shop->update_option('wpsg_mod_flexipay_mwst', $_REQUEST['wpsg_mod_flexipay_mwst']);
-			$this->shop->update_option('wpsg_mod_flexipay_mwstland', $_REQUEST['wpsg_mod_flexipay_mwstland']);
-		
-			$this->shop->createPage(__('Erfolgreiche Zahlung', 'wpsg'), 'wpsg_mod_flexipay_successPage', $_REQUEST['wpsg_mod_flexipay_successPage']);
-			$this->shop->createPage(__('Fehlerhafte Zahlung', 'wpsg'), 'wpsg_mod_flexipay_errorPage', $_REQUEST['wpsg_mod_flexipay_errorPage']);
+			$this->shop->update_option('wpsg_mod_flexipay_integratormode', $_REQUEST['wpsg_mod_flexipay_integratormode'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_flexipay_sender', $_REQUEST['wpsg_mod_flexipay_sender'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_flexipay_channelid', $_REQUEST['wpsg_mod_flexipay_channelid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_flexipay_userid', $_REQUEST['wpsg_mod_flexipay_userid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_flexipay_password', $_REQUEST['wpsg_mod_flexipay_password'], false, false, "text_field");
+		
+			$this->shop->update_option('wpsg_mod_flexipay_activ', $_REQUEST['wpsg_mod_flexipay_activ'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_flexipay_paymenttypes', implode(' ', $_REQUEST['wpsg_mod_flexipay_paymenttypes']), false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_flexipay_name', $_REQUEST['wpsg_mod_flexipay_name'], false, false, "text_field"); $this->shop->addTranslationString('wpsg_mod_flexipay_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_flexipay_name']));
+			$this->shop->update_option('wpsg_mod_flexipay_hint', $_REQUEST['wpsg_mod_flexipay_hint'], false, false, "text_field"); $this->shop->addTranslationString('wpsg_mod_flexipay_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_flexipay_hint']));
+			$this->shop->update_option('wpsg_mod_flexipay_logo', $_REQUEST['wpsg_mod_flexipay_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_flexipay_language', $_REQUEST['wpsg_mod_flexipay_language'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_flexipay_gebuehr', $_REQUEST['wpsg_mod_flexipay_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_flexipay_mwst', $_REQUEST['wpsg_mod_flexipay_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_flexipay_mwstland', $_REQUEST['wpsg_mod_flexipay_mwstland'], false, false, "key");
+		
+			$this->shop->createPage(__('Erfolgreiche Zahlung', 'wpsg'), 'wpsg_mod_flexipay_successPage', wpsg_sinput("key", $_REQUEST['wpsg_mod_flexipay_successPage']));
+			$this->shop->createPage(__('Fehlerhafte Zahlung', 'wpsg'), 'wpsg_mod_flexipay_errorPage', wpsg_sinput("key", $_REQUEST['wpsg_mod_flexipay_errorPage']));
 		
 		} // public function settings_save()
Index: /mods/wpsg_mod_freeshipping.class.php
===================================================================
--- /mods/wpsg_mod_freeshipping.class.php	(revision 7397)
+++ /mods/wpsg_mod_freeshipping.class.php	(revision 7398)
@@ -47,9 +47,9 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_freeshipping_bezeichnung', $_REQUEST['wpsg_mod_freeshipping_bezeichnung']);
-			$this->shop->update_option('wpsg_mod_freeshipping_aktiv', $_REQUEST['wpsg_mod_freeshipping_aktiv']);		
-			$this->shop->update_option('wpsg_mod_freeshipping_minvalue', $_REQUEST['wpsg_mod_freeshipping_minvalue']);
+			$this->shop->update_option('wpsg_mod_freeshipping_bezeichnung', $_REQUEST['wpsg_mod_freeshipping_bezeichnung'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_freeshipping_aktiv', $_REQUEST['wpsg_mod_freeshipping_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_freeshipping_minvalue', $_REQUEST['wpsg_mod_freeshipping_minvalue'], false, false, "key", ["isFloat"]);
 			
-			$this->shop->addTranslationString('wpsg_mod_freeshipping_bezeichnung', $_REQUEST['wpsg_mod_freeshipping_bezeichnung']);
+			$this->shop->addTranslationString('wpsg_mod_freeshipping_bezeichnung', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_freeshipping_bezeichnung']));
 			
 		} // public function settings_save()
Index: /mods/wpsg_mod_fuellmenge.class.php
===================================================================
--- /mods/wpsg_mod_fuellmenge.class.php	(revision 7397)
+++ /mods/wpsg_mod_fuellmenge.class.php	(revision 7398)
@@ -64,19 +64,18 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_fuellmenge_einheit', $_REQUEST['wpsg_mod_fuellmenge_einheit']);
-			$this->shop->update_option('wpsg_mod_fuellmenge_bezug', $_REQUEST['wpsg_mod_fuellmenge_bezug']);
-			$this->shop->update_option('wpsg_mod_fuellmenge_showAjaxDialog', $_REQUEST['wpsg_mod_fuellmenge_showAjaxDialog']);
+			$this->shop->update_option('wpsg_mod_fuellmenge_einheit', $_REQUEST['wpsg_mod_fuellmenge_einheit'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_fuellmenge_bezug', $_REQUEST['wpsg_mod_fuellmenge_bezug'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_fuellmenge_showAjaxDialog', $_REQUEST['wpsg_mod_fuellmenge_showAjaxDialog'], false, false, "key");
 			if ($this->shop->hasMod('wpsg_mod_fuellmenge') == '1')
 			{
 				
-				$this->shop->update_option('wpsg_mod_fuellmenge_showProductindex_fmenge', $_REQUEST['wpsg_mod_fuellmenge_showProductindex_fmenge']);
-				$this->shop->update_option('wpsg_mod_fuellmenge_showProductindex_grundpreis', $_REQUEST['wpsg_mod_fuellmenge_showProductindex_grundpreis']);
-				
-				
-			}
-			$this->shop->update_option('wpsg_mod_fuellmenge_showBasketProduct', $_REQUEST['wpsg_mod_fuellmenge_showBasketProduct']);
-			$this->shop->update_option('wpsg_mod_fuellmenge_showProductindexBackend_fmenge', $_REQUEST['wpsg_mod_fuellmenge_showProductindexBackend_fmenge']);
-			$this->shop->update_option('wpsg_mod_fuellmenge_showOverviewProduct', $_REQUEST['wpsg_mod_fuellmenge_showOverviewProduct']);
-			$this->shop->update_option('wpsg_mod:fuellmenge_showRequestPageProduct', $_REQUEST['wpsg_mod_fuellmenge_showRequestPageProduct']);
+				$this->shop->update_option('wpsg_mod_fuellmenge_showProductindex_fmenge', $_REQUEST['wpsg_mod_fuellmenge_showProductindex_fmenge'], false, false, "key");
+				$this->shop->update_option('wpsg_mod_fuellmenge_showProductindex_grundpreis', $_REQUEST['wpsg_mod_fuellmenge_showProductindex_grundpreis'], false, false, "key", ["isFloat"]);
+				
+			}
+			$this->shop->update_option('wpsg_mod_fuellmenge_showBasketProduct', $_REQUEST['wpsg_mod_fuellmenge_showBasketProduct'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_fuellmenge_showProductindexBackend_fmenge', $_REQUEST['wpsg_mod_fuellmenge_showProductindexBackend_fmenge'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_fuellmenge_showOverviewProduct', $_REQUEST['wpsg_mod_fuellmenge_showOverviewProduct'], false, false, "key");
+			$this->shop->update_option('wpsg_mod:fuellmenge_showRequestPageProduct', $_REQUEST['wpsg_mod_fuellmenge_showRequestPageProduct'], false, false, "key");
 			
 		} // public function settings_save()
@@ -207,8 +206,8 @@
 			
 			$this->db->UpdateQuery(WPSG_TBL_PRODUCTS, array(
-				"feinheit" => wpsg_q($_REQUEST['feinheit']),
-				"fmenge" => wpsg_q(wpsg_tf($_REQUEST['fmenge']))
-			), "`id` = '".wpsg_q($produkt_id)."'");
-						
+				"feinheit" => wpsg_q(wpsg_sinput("key", $_REQUEST['feinheit'])),
+				"fmenge" => wpsg_q(wpsg_tf(wpsg_sinput("key", $_REQUEST['fmenge'], "isFloat")))
+			), "`id` = '".wpsg_q(wpsg_sinput("key", $produkt_id))."'");
+
 		} // public function produkt_save(&$produkt_id)
 		
Index: /mods/wpsg_mod_giropay.class.php
===================================================================
--- /mods/wpsg_mod_giropay.class.php	(revision 7397)
+++ /mods/wpsg_mod_giropay.class.php	(revision 7398)
@@ -66,59 +66,59 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_giropay_merchantId', $_REQUEST['wpsg_mod_giropay_merchantId']);
+			$this->shop->update_option('wpsg_mod_giropay_merchantId', $_REQUEST['wpsg_mod_giropay_merchantId'], false, false, "key");
 			//$this->shop->update_option('wpsg_mod_giropay_currency', $_REQUEST['wpsg_mod_giropay_currency']);
-			$this->shop->update_option('wpsg_mod_giropay_paystart', $_REQUEST['wpsg_mod_giropay_paystart']);
-			$this->shop->update_option('wpsg_mod_giropay_subject', $_REQUEST['wpsg_mod_giropay_subject']);
-			$this->shop->createPage(__('Erfolgreiche Zahlung', 'wpsg'), 'wpsg_mod_giropay_successPage', $_REQUEST['wpsg_mod_giropay_successPage']);
-			$this->shop->createPage(__('Fehlerhafte Zahlung', 'wpsg'), 'wpsg_mod_giropay_errorPage', $_REQUEST['wpsg_mod_giropay_errorPage']);
+			$this->shop->update_option('wpsg_mod_giropay_paystart', $_REQUEST['wpsg_mod_giropay_paystart'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_giropay_subject', $_REQUEST['wpsg_mod_giropay_subject'], false, false, "text_field");
+			$this->shop->createPage(__('Erfolgreiche Zahlung', 'wpsg'), 'wpsg_mod_giropay_successPage', wpsg_xss($_REQUEST['wpsg_mod_giropay_successPage']));
+			$this->shop->createPage(__('Fehlerhafte Zahlung', 'wpsg'), 'wpsg_mod_giropay_errorPage', wpsg_xss($_REQUEST['wpsg_mod_giropay_errorPage']));
 						
 			// DirektÃŒberweisung
-			$this->shop->update_option('wpsg_mod_giropay_giropay_activ', $_REQUEST['wpsg_mod_giropay_giropay_activ']);
-			$this->shop->update_option('wpsg_mod_giropay_giropay_projectid', $_REQUEST['wpsg_mod_giropay_giropay_projectid']);
-			$this->shop->update_option('wpsg_mod_giropay_giropay_projectpw', $_REQUEST['wpsg_mod_giropay_giropay_projectpw']);
-			
-			$this->shop->update_option('wpsg_mod_giropay_giropay_name', $_REQUEST['wpsg_mod_giropay_giropay_name']);
-			$this->shop->update_option('wpsg_mod_giropay_giropay_hint', $_REQUEST['wpsg_mod_giropay_giropay_hint']);
-			
-			$this->shop->addTranslationString('wpsg_mod_giropay_giropay_name', $_REQUEST['wpsg_mod_giropay_giropay_name']);
-			$this->shop->addTranslationString('wpsg_mod_giropay_giropay_hint', $_REQUEST['wpsg_mod_giropay_giropay_hint']);
-			
-			$this->shop->update_option('wpsg_mod_giropay_giropay_logo', $_REQUEST['wpsg_mod_giropay_giropay_logo']);
-			$this->shop->update_option('wpsg_mod_giropay_giropay_gebuehr', $_REQUEST['wpsg_mod_giropay_giropay_gebuehr']);
-			$this->shop->update_option('wpsg_mod_giropay_giropay_mwst', $_REQUEST['wpsg_mod_giropay_giropay_mwst']);
-			$this->shop->update_option('wpsg_mod_giropay_giropay_mwstland', $_REQUEST['wpsg_mod_giropay_giropay_mwstland']);
+			$this->shop->update_option('wpsg_mod_giropay_giropay_activ', $_REQUEST['wpsg_mod_giropay_giropay_activ'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_giropay_giropay_projectid', $_REQUEST['wpsg_mod_giropay_giropay_projectid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_giropay_giropay_projectpw', $_REQUEST['wpsg_mod_giropay_giropay_projectpw'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_giropay_giropay_name', $_REQUEST['wpsg_mod_giropay_giropay_name'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_giropay_giropay_hint', $_REQUEST['wpsg_mod_giropay_giropay_hint'], false, false, "text_field");
+			
+			$this->shop->addTranslationString('wpsg_mod_giropay_giropay_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_giropay_giropay_name']));
+			$this->shop->addTranslationString('wpsg_mod_giropay_giropay_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_giropay_giropay_hint']));
+			
+			$this->shop->update_option('wpsg_mod_giropay_giropay_logo', $_REQUEST['wpsg_mod_giropay_giropay_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_giropay_giropay_gebuehr', $_REQUEST['wpsg_mod_giropay_giropay_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_giropay_giropay_mwst', $_REQUEST['wpsg_mod_giropay_giropay_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_giropay_giropay_mwstland', $_REQUEST['wpsg_mod_giropay_giropay_mwstland'], false, false, "key");
 			
 			// Kreditkarte
-			$this->shop->update_option('wpsg_mod_giropay_creditcard_activ', $_REQUEST['wpsg_mod_giropay_creditcard_activ']);
-			$this->shop->update_option('wpsg_mod_giropay_creditcard_projectid', $_REQUEST['wpsg_mod_giropay_creditcard_projectid']);
-			$this->shop->update_option('wpsg_mod_giropay_creditcard_projectpw', $_REQUEST['wpsg_mod_giropay_creditcard_projectpw']);
-			
-			$this->shop->update_option('wpsg_mod_giropay_creditcard_name', $_REQUEST['wpsg_mod_giropay_creditcard_name']);
-			$this->shop->update_option('wpsg_mod_giropay_creditcard_hint', $_REQUEST['wpsg_mod_giropay_creditcard_hint']);
-			
-			$this->shop->addTranslationString('wpsg_mod_giropay_creditcard_name', $_REQUEST['wpsg_mod_giropay_creditcard_name']);
-			$this->shop->addTranslationString('wpsg_mod_giropay_creditcard_hint', $_REQUEST['wpsg_mod_giropay_creditcard_hint']);
-			
-			$this->shop->update_option('wpsg_mod_giropay_creditcard_logo', $_REQUEST['wpsg_mod_giropay_creditcard_logo']);
-			$this->shop->update_option('wpsg_mod_giropay_creditcard_gebuehr', $_REQUEST['wpsg_mod_giropay_creditcard_gebuehr']);
-			$this->shop->update_option('wpsg_mod_giropay_creditcard_mwst', $_REQUEST['wpsg_mod_giropay_creditcard_mwst']);
-			$this->shop->update_option('wpsg_mod_giropay_creditcard_mwstland', $_REQUEST['wpsg_mod_giropay_creditcard_mwstland']);
+			$this->shop->update_option('wpsg_mod_giropay_creditcard_activ', $_REQUEST['wpsg_mod_giropay_creditcard_activ'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_giropay_creditcard_projectid', $_REQUEST['wpsg_mod_giropay_creditcard_projectid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_giropay_creditcard_projectpw', $_REQUEST['wpsg_mod_giropay_creditcard_projectpw'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_giropay_creditcard_name', $_REQUEST['wpsg_mod_giropay_creditcard_name'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_giropay_creditcard_hint', $_REQUEST['wpsg_mod_giropay_creditcard_hint'], false, false, "text_field");
+			
+			$this->shop->addTranslationString('wpsg_mod_giropay_creditcard_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_giropay_creditcard_name']));
+			$this->shop->addTranslationString('wpsg_mod_giropay_creditcard_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_giropay_creditcard_hint']));
+			
+			$this->shop->update_option('wpsg_mod_giropay_creditcard_logo', $_REQUEST['wpsg_mod_giropay_creditcard_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_giropay_creditcard_gebuehr', $_REQUEST['wpsg_mod_giropay_creditcard_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_giropay_creditcard_mwst', $_REQUEST['wpsg_mod_giropay_creditcard_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_giropay_creditcard_mwstland', $_REQUEST['wpsg_mod_giropay_creditcard_mwstland'], false, false, "key");
 			
 			// Lastschrift
-			$this->shop->update_option('wpsg_mod_giropay_directdebit_activ', $_REQUEST['wpsg_mod_giropay_directdebit_activ']);
-			$this->shop->update_option('wpsg_mod_giropay_directdebit_projectid', $_REQUEST['wpsg_mod_giropay_directdebit_projectid']);
-			$this->shop->update_option('wpsg_mod_giropay_directdebit_projectpw', $_REQUEST['wpsg_mod_giropay_directdebit_projectpw']);
-			
-			$this->shop->update_option('wpsg_mod_giropay_directdebit_name', $_REQUEST['wpsg_mod_giropay_directdebit_name']);
-			$this->shop->update_option('wpsg_mod_giropay_directdebit_hint', $_REQUEST['wpsg_mod_giropay_directdebit_hint']);
-			
-			$this->shop->addTranslationString('wpsg_mod_giropay_directdebit_name', $_REQUEST['wpsg_mod_giropay_directdebit_name']);
-			$this->shop->addTranslationString('wpsg_mod_giropay_directdebit_hint', $_REQUEST['wpsg_mod_giropay_directdebit_hint']);
-			
-			$this->shop->update_option('wpsg_mod_giropay_directdebit_logo', $_REQUEST['wpsg_mod_giropay_directdebit_logo']);
-			$this->shop->update_option('wpsg_mod_giropay_directdebit_gebuehr', $_REQUEST['wpsg_mod_giropay_directdebit_gebuehr']);
-			$this->shop->update_option('wpsg_mod_giropay_directdebit_mwst', $_REQUEST['wpsg_mod_giropay_directdebit_mwst']);
-			$this->shop->update_option('wpsg_mod_giropay_directdebit_mwstland', $_REQUEST['wpsg_mod_giropay_directdebit_mwstland']);
-			
+			$this->shop->update_option('wpsg_mod_giropay_directdebit_activ', $_REQUEST['wpsg_mod_giropay_directdebit_activ'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_giropay_directdebit_projectid', $_REQUEST['wpsg_mod_giropay_directdebit_projectid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_giropay_directdebit_projectpw', $_REQUEST['wpsg_mod_giropay_directdebit_projectpw'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_giropay_directdebit_name', $_REQUEST['wpsg_mod_giropay_directdebit_name'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_giropay_directdebit_hint', $_REQUEST['wpsg_mod_giropay_directdebit_hint'], false, false, "text_field");
+			
+			$this->shop->addTranslationString('wpsg_mod_giropay_directdebit_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_giropay_directdebit_name']));
+			$this->shop->addTranslationString('wpsg_mod_giropay_directdebit_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_giropay_directdebit_hint']));
+			
+			$this->shop->update_option('wpsg_mod_giropay_directdebit_logo', $_REQUEST['wpsg_mod_giropay_directdebit_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_giropay_directdebit_gebuehr', $_REQUEST['wpsg_mod_giropay_directdebit_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_giropay_directdebit_mwst', $_REQUEST['wpsg_mod_giropay_directdebit_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_giropay_directdebit_mwstland', $_REQUEST['wpsg_mod_giropay_directdebit_mwstland'], false, false, "key");
+
 		} // public function settings_save()
 
@@ -203,14 +203,16 @@
 			if ($_REQUEST['wpsg_plugin'] != 'wpsg_mod_giropay') return;
 			
+			$_REQUEST['order_id'] = wpsg_sinput("key", $_REQUEST['order_id']);
+
 			if ($_REQUEST['confirm'] == 'giropay')
 			{
-				
+
 				// Bestellung heraussuchen
 				$order_id = preg_replace('/(^O)|(T\d+$)/', '', $_REQUEST['order_id']);
-				
+
 				if (!wpsg_isSizedInt($order_id)) throw new \wpsg\Exception(__('Keine gÃŒltige Bestellung aus Request gefiltert', 'wpsg'));
-				
+
 				$order = $this->shop->cache->loadOrderObject($order_id);
-				
+
 				list($project_id, $project_pw) = $this->getpassidfrompayment($order->getPaymentID());
 				
@@ -337,8 +339,11 @@
 				
 		/** Modul Funktionen */
-		
+
 		/**
 		 * Gibt den Zahlungslink fÃŒr eine neue Zahlung fÃŒr die Bestellung $order_id zurÃŒck
+		 *
 		 * @param Integer $order_id ID der Bestellung
+		 *
+		 * @return array|mixed|object
 		 */
 		public function getPayLink($order_id, $project_id, $project_pw)
Index: /mods/wpsg_mod_gutschein.class.php
===================================================================
--- /mods/wpsg_mod_gutschein.class.php	(revision 7397)
+++ /mods/wpsg_mod_gutschein.class.php	(revision 7398)
@@ -445,6 +445,6 @@
 			//$tStart = wpsg_fieldarray_todate($_REQUEST['wpsg_mod_gutschein_start']);
 			//$tEnd = wpsg_fieldarray_todate($_REQUEST['wpsg_mod_gutschein_end']);
-			$tStart = strtotime($_REQUEST['wpsg_mod_gutschein_start']);
-			$tEnd = strtotime($_REQUEST['wpsg_mod_gutschein_end']);
+			$tStart = strtotime(wpsg_sinput("key", $_REQUEST['wpsg_mod_gutschein_start']));
+			$tEnd = strtotime(wpsg_sinput("key", $_REQUEST['wpsg_mod_gutschein_end']));
 
 			// Validierung
@@ -495,15 +495,15 @@
 
 			        $this->db->UpdateQuery(WPSG_TBL_GUTSCHEIN, [ 
-                        'code' => wpsg_q($_REQUEST['wpsg_mod_gutschein_code']),
-                        'value' => wpsg_q(wpsg_tf($_REQUEST['wpsg_mod_gutschein_value'])),
-                        'calc_typ' => wpsg_q($_REQUEST['wpsg_mod_gutschein_calc']),
-                        'start_date' => wpsg_q(date('Y-m-d H:i:s', strtotime($_REQUEST['wpsg_mod_gutschein_start']))),
-                        'end_date' => wpsg_q(date('Y-m-d H:i:s', strtotime($_REQUEST['wpsg_mod_gutschein_end']))),
-                        'multi' => wpsg_q($_REQUEST['wpsg_mod_gutschein_multi']),
-                        'comment' => wpsg_q($_REQUEST['wpsg_mod_gutschein_comment']),
-                        'minvalue' => wpsg_q($_REQUEST['wpsg_mod_gutschein_minvalue']),
-                        'productgroups' => wpsg_q(implode(',', wpsg_getArray($_REQUEST['wpsg_mod_gutschein_productgroups']))),
-                        'products' => wpsg_q(implode(',', wpsg_getArray($_REQUEST['wpsg_mod_gutschein_products']))),
-                    ], " `id` = '".wpsg_q($_REQUEST['edit_id'])."' ");
+                        'code' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['wpsg_mod_gutschein_code'])),
+                        'value' => wpsg_q(wpsg_tf(wpsg_sinput("key", $_REQUEST['wpsg_mod_gutschein_value'], "isFloat"))),
+                        'calc_typ' => wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_gutschein_calc'])),
+                        'start_date' => wpsg_q(date('Y-m-d H:i:s', strtotime(wpsg_sinput("text_field", $_REQUEST['wpsg_mod_gutschein_start'])))),
+                        'end_date' => wpsg_q(date('Y-m-d H:i:s', strtotime(wpsg_sinput("text_field", $_REQUEST['wpsg_mod_gutschein_end'])))),
+                        'multi' => wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_gutschein_multi'])),
+                        'comment' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['wpsg_mod_gutschein_comment'])),
+                        'minvalue' => wpsg_q(wpsg_tf(wpsg_sinput("key", $_REQUEST['wpsg_mod_gutschein_minvalue'], "isFloat"))),
+                        'productgroups' => wpsg_q(implode(',', wpsg_getArray(wpsg_xss($_REQUEST['wpsg_mod_gutschein_productgroups'])))),
+                        'products' => wpsg_q(implode(',', wpsg_getArray(wpsg_xss($_REQUEST['wpsg_mod_gutschein_products'])))),
+                    ], " `id` = '".wpsg_q(wpsg_sinput("key", $_REQUEST['edit_id']))."' ");
 			        
 			        $this->shop->addBackendMessage(__('Gutschein erfolgreich gespeichert.', 'wpsg'));
@@ -521,5 +521,5 @@
                         {
     
-                            $setCode = $_REQUEST['wpsg_mod_gutschein_code'];
+                            $setCode = wpsg_sinput("text_field", $_REQUEST['wpsg_mod_gutschein_code']);
     
                         }
@@ -532,11 +532,11 @@
     
                         $this->genGS(
-                            wpsg_tf($_REQUEST['wpsg_mod_gutschein_value']),
-                            $_REQUEST['wpsg_mod_gutschein_calc'],
+                            wpsg_tf(wpsg_sinput("key", $_REQUEST['wpsg_mod_gutschein_value'], "isFloat")),
+                            wpsg_sinput("text_field", $_REQUEST['wpsg_mod_gutschein_calc']),
                             $tStart,
                             $tEnd,
                             $_REQUEST['wpsg_mod_gutschein_multi'],
                             $this->shop->get_option('wpsg_mod_gutschein_size'),
-                            $_REQUEST['wpsg_mod_gutschein_comment'],
+                            wpsg_sinput("text_field", $_REQUEST['wpsg_mod_gutschein_comment']),
                             0,
                             0,
@@ -544,5 +544,5 @@
                             $arProductGroups,
                             $arProducts,
-                            $_REQUEST['wpsg_mod_gutschein_minvalue'],
+                            wpsg_tf(wpsg_sinput("key", $_REQUEST['wpsg_mod_gutschein_minvalue'], "isFloat")),
                             $setCode
                         );
@@ -879,17 +879,18 @@
 		 * Generiert einen Gutschein in der Datenbank
 		 *
-		 * @param double $value der Wert des Gutscheins
-		 * @param varchar $calc_typ Typ 'p' = Prozentual, 'w' = Absoluter Wert
-		 * @param int $tStart Timestamp Start der GÃŒltigkeit
-		 * @param int $tEnd Timestamp Ende der GÃŒltigkeit
-		 * @param int $multi 1 = Mehrfach, 0 = Einmalig
-		 * @param int $laenge LÀnge des Gutscheins
-		 * @param String $comment Kommentar
-		 * @param int $autocreate_order ID Der Bestellung aus der der Gutschein generiert wurde
-		 * @param int $autocreate_product ID Des Produkts aus dem der Gutschein generiert wurde
+		 * @param double  $value              der Wert des Gutscheins
+		 * @param varchar $calc_typ           Typ 'p' = Prozentual, 'w' = Absoluter Wert
+		 * @param int     $tStart             Timestamp Start der GÃŒltigkeit
+		 * @param int     $tEnd               Timestamp Ende der GÃŒltigkeit
+		 * @param int     $multi              1 = Mehrfach, 0 = Einmalig
+		 * @param int     $laenge             LÀnge des Gutscheins
+		 * @param String  $comment            Kommentar
+		 * @param int     $autocreate_order   ID Der Bestellung aus der der Gutschein generiert wurde
+		 * @param int     $autocreate_product ID Des Produkts aus dem der Gutschein generiert wurde
 		 * @param <int>Array $productgroups Array mit IDs von Produktgruppen fÃŒr die der Gutschein gÃŒltig ist
 		 * @param <int>Array $products Array mit IDs von Produkten fÃŒr die der Gutschein gÃŒltig ist
 		 *
 		 * @return Der generierte Code
+		 * @throws \wpsg\Exception
 		 */
 		public function genGS($value, $calc_typ, $tStart, $tEnd, $multi, $laenge, $comment, $autocreate_order = 0, $autocreate_product = 0, $autocreate_order_product, $productgroups = array(), $products = array(), $minValue = false, $code = false)
@@ -1211,5 +1212,5 @@
 			{
 
-				$this->shop->view['arFilter'] = $_REQUEST['filter'];
+				$this->shop->view['arFilter'] = wpsg_xss($_REQUEST['filter']);
 				$this->shop->view['hasFilter'] = true;
 
@@ -1264,6 +1265,6 @@
 		{
 
-			$this->shop->update_option('wpsg_mod_gutschein_size', $_REQUEST['wpsg_mod_gutschein_size']);
-			$this->shop->update_option('wpsg_mod_gutschein_perPage', $_REQUEST['wpsg_mod_gutschein_perPage']);
+			$this->shop->update_option('wpsg_mod_gutschein_size', $_REQUEST['wpsg_mod_gutschein_size'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_gutschein_perPage', $_REQUEST['wpsg_mod_gutschein_perPage'], false, false, "key");
 			
 		} // public function settings_save()
@@ -1279,5 +1280,5 @@
 		{
 
-			$this->shop->update_option('wpsg_mod_gutschein_hideInsert', $_REQUEST['wpsg_mod_gutschein_hideInsert']);
+			$this->shop->update_option('wpsg_mod_gutschein_hideInsert', $_REQUEST['wpsg_mod_gutschein_hideInsert'], false, false, "key");
 
 		} // public function admin_presentation_submit()
Index: /mods/wpsg_mod_icp.class.php
===================================================================
--- /mods/wpsg_mod_icp.class.php	(revision 7397)
+++ /mods/wpsg_mod_icp.class.php	(revision 7398)
@@ -92,22 +92,22 @@
 		{
 		
-			$this->shop->update_option('wpsg_mod_icp_sandbox', $_REQUEST['wpsg_mod_icp_sandbox']);
-			$this->shop->update_option('wpsg_mod_icp_sender', $_REQUEST['wpsg_mod_icp_sender']);
-			$this->shop->update_option('wpsg_mod_icp_channelid', $_REQUEST['wpsg_mod_icp_channelid']);
-			$this->shop->update_option('wpsg_mod_icp_userid', $_REQUEST['wpsg_mod_icp_userid']);
-			$this->shop->update_option('wpsg_mod_icp_password', $_REQUEST['wpsg_mod_icp_password']);
-				
-			$this->shop->update_option('wpsg_mod_icp_activ', $_REQUEST['wpsg_mod_icp_activ']);
-			$this->shop->update_option('wpsg_mod_icp_paymenttypes', $_REQUEST['wpsg_mod_icp_paymenttypes']);
-			$this->shop->update_option('wpsg_mod_icp_name', $_REQUEST['wpsg_mod_icp_name']); $this->shop->addTranslationString('wpsg_mod_icp_name', $_REQUEST['wpsg_mod_icp_name']);
-			$this->shop->update_option('wpsg_mod_icp_hint', $_REQUEST['wpsg_mod_icp_hint']); $this->shop->addTranslationString('wpsg_mod_icp_hint', $_REQUEST['wpsg_mod_icp_hint']);
-			$this->shop->update_option('wpsg_mod_icp_logo', $_REQUEST['wpsg_mod_icp_logo']);
-			$this->shop->update_option('wpsg_mod_icp_language', $_REQUEST['wpsg_mod_icp_language']);
-			$this->shop->update_option('wpsg_mod_icp_gebuehr', $_REQUEST['wpsg_mod_icp_gebuehr']);
-			$this->shop->update_option('wpsg_mod_icp_mwst', $_REQUEST['wpsg_mod_icp_mwst']);
-			$this->shop->update_option('wpsg_mod_icp_mwstland', $_REQUEST['wpsg_mod_icp_mwstland']);
-				
-			$this->shop->createPage(__('Erfolgreiche Zahlung', 'wpsg'), 'wpsg_mod_icp_successPage', $_REQUEST['wpsg_mod_icp_successPage']);
-			$this->shop->createPage(__('Fehlerhafte Zahlung', 'wpsg'), 'wpsg_mod_icp_errorPage', $_REQUEST['wpsg_mod_icp_errorPage']);
+			$this->shop->update_option('wpsg_mod_icp_sandbox', $_REQUEST['wpsg_mod_icp_sandbox'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_icp_sender', $_REQUEST['wpsg_mod_icp_sender'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_icp_channelid', $_REQUEST['wpsg_mod_icp_channelid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_icp_userid', $_REQUEST['wpsg_mod_icp_userid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_icp_password', $_REQUEST['wpsg_mod_icp_password'], false, false, "text_field");
+				
+			$this->shop->update_option('wpsg_mod_icp_activ', $_REQUEST['wpsg_mod_icp_activ'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_icp_paymenttypes', $_REQUEST['wpsg_mod_icp_paymenttypes'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_icp_name', $_REQUEST['wpsg_mod_icp_name'], false, false, "text_field"); $this->shop->addTranslationString('wpsg_mod_icp_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_icp_name']));
+			$this->shop->update_option('wpsg_mod_icp_hint', $_REQUEST['wpsg_mod_icp_hint'], false, false, "text_field"); $this->shop->addTranslationString('wpsg_mod_icp_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_icp_hint']));
+			$this->shop->update_option('wpsg_mod_icp_logo', $_REQUEST['wpsg_mod_icp_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_icp_language', $_REQUEST['wpsg_mod_icp_language'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_icp_gebuehr', $_REQUEST['wpsg_mod_icp_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_icp_mwst', $_REQUEST['wpsg_mod_icp_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_icp_mwstland', $_REQUEST['wpsg_mod_icp_mwstland'], false, false, "key");
+
+			$this->shop->createPage(__('Erfolgreiche Zahlung', 'wpsg'), 'wpsg_mod_icp_successPage', wpsg_sinput("key", $_REQUEST['wpsg_mod_icp_successPage']));
+			$this->shop->createPage(__('Fehlerhafte Zahlung', 'wpsg'), 'wpsg_mod_icp_errorPage', wpsg_sinput("key", $_REQUEST['wpsg_mod_icp_errorPage']));
 				
 		} // public function settings_save()
Index: /mods/wpsg_mod_klarna.class.php
===================================================================
--- /mods/wpsg_mod_klarna.class.php	(revision 7397)
+++ /mods/wpsg_mod_klarna.class.php	(revision 7398)
@@ -65,21 +65,21 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_klarna_bezeichnung', $_REQUEST['wpsg_mod_klarna_bezeichnung']);
-			$this->shop->update_option('wpsg_mod_klarna_aktiv', $_REQUEST['wpsg_mod_klarna_aktiv']);
-			$this->shop->update_option('wpsg_mod_klarna_aktiv_from', $_REQUEST['wpsg_mod_klarna_aktiv_from']);
-			$this->shop->update_option('wpsg_mod_klarna_aktiv_to', $_REQUEST['wpsg_mod_klarna_aktiv_to']);
-			$this->shop->update_option('wpsg_mod_klarna_hint', $_REQUEST['wpsg_mod_klarna_hint']);
-			
-			$this->shop->update_option('wpsg_mod_klarna_merchantID', $_REQUEST['wpsg_mod_klarna_merchantID']);
-			$this->shop->update_option('wpsg_mod_klarna_sharedSecret', $_REQUEST['wpsg_mod_klarna_sharedSecret']);
-			
-			$this->shop->update_option('wpsg_mod_klarna_sandbox', $_REQUEST['wpsg_mod_klarna_sandbox']);
-			
-			$this->shop->update_option('wpsg_mod_klarna_gebuehr', $_REQUEST['wpsg_mod_klarna_gebuehr']);
-			$this->shop->update_option('wpsg_mod_klarna_mwst', $_REQUEST['wpsg_mod_klarna_mwst']);
-			$this->shop->update_option('wpsg_mod_klarna_mwstland', $_REQUEST['wpsg_mod_klarna_mwstland']);
-			
-			$this->shop->createPage(__('Erfolgreiche Klarna Zahlung', 'wpsg'), 'wpsg_mod_klarna_success', $_REQUEST['wpsg_mod_klarna_success']);
-			$this->shop->createPage(__('Fehlgeschlagene Klarna Zahlung', 'wpsg'), 'wpsg_mod_klarna_error', $_REQUEST['wpsg_mod_klarna_error']);
+			$this->shop->update_option('wpsg_mod_klarna_bezeichnung', $_REQUEST['wpsg_mod_klarna_bezeichnung'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_klarna_aktiv', $_REQUEST['wpsg_mod_klarna_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_klarna_aktiv_from', $_REQUEST['wpsg_mod_klarna_aktiv_from'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_klarna_aktiv_to', $_REQUEST['wpsg_mod_klarna_aktiv_to'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_klarna_hint', $_REQUEST['wpsg_mod_klarna_hint'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_klarna_merchantID', $_REQUEST['wpsg_mod_klarna_merchantID'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_klarna_sharedSecret', $_REQUEST['wpsg_mod_klarna_sharedSecret'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_klarna_sandbox', $_REQUEST['wpsg_mod_klarna_sandbox'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_klarna_gebuehr', $_REQUEST['wpsg_mod_klarna_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_klarna_mwst', $_REQUEST['wpsg_mod_klarna_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_klarna_mwstland', $_REQUEST['wpsg_mod_klarna_mwstland'], false, false, "key");
+			
+			$this->shop->createPage(__('Erfolgreiche Klarna Zahlung', 'wpsg'), 'wpsg_mod_klarna_success', wpsg_sinput("key", $_REQUEST['wpsg_mod_klarna_success']));
+			$this->shop->createPage(__('Fehlgeschlagene Klarna Zahlung', 'wpsg'), 'wpsg_mod_klarna_error', wpsg_sinput("key", $_REQUEST['wpsg_mod_klarna_error']));
 						
 		} // public function settings_save()
Index: /mods/wpsg_mod_kundenkontakt.class.php
===================================================================
--- /mods/wpsg_mod_kundenkontakt.class.php	(revision 7397)
+++ /mods/wpsg_mod_kundenkontakt.class.php	(revision 7398)
@@ -73,12 +73,12 @@
 		
 		public function settings_save() {
-			
-			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_active', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['active']);
-			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_key', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['key']);
-			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_from', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['from']);
-			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_type', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['type']);
-			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_status', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['status']);
-			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_reply', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['reply']);
-			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_replytomail', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['replytomail']);
+
+			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_active', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['active'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_key', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['key'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_from', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['from'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_type', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['type'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_status', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['status'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_reply', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['reply'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenkontakt_smsflatrate_replytomail', $_REQUEST['wpsg_mod_kundenkontakt']['smsflatrate']['replytomail'], false, false, "email");
 						
 		}
@@ -303,5 +303,5 @@
 		/**
 		 * 
-		 * ermöglichr die Auswahl eines Templates zum versenden als Kundenkontakt
+		 * ermöglicht die Auswahl eines Templates zum Versenden als Kundenkontakt
 		 */
 		private function switchTemplate()
@@ -361,5 +361,5 @@
 								
 				$arData = array(
-					'subject' => $template_betreff,
+					'subject' => wpsg_sinput("text_field", $template_betreff),
 					'content' => $content						
 				);
Index: /mods/wpsg_mod_kundenverwaltung.class.php
===================================================================
--- /mods/wpsg_mod_kundenverwaltung.class.php	(revision 7397)
+++ /mods/wpsg_mod_kundenverwaltung.class.php	(revision 7398)
@@ -181,34 +181,33 @@
 		{
 
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_perpage', $_REQUEST['wpsg_mod_kundenverwaltung_perpage']); 
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_showCheckoutLogin', $_REQUEST['wpsg_mod_kundenverwaltung_showCheckoutLogin']);
-			//$this->shop->update_option('wpsg_mod_kundenverwaltung_showCheckoutLogout', $_REQUEST['wpsg_mod_kundenverwaltung_showCheckoutLogout']);
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_showCheckoutRegister', $_REQUEST['wpsg_mod_kundenverwaltung_showCheckoutRegister']);
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_showCheckoutRegisterzwang', $_REQUEST['wpsg_mod_kundenverwaltung_showCheckoutRegisterzwang']);
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_loginZwang', $_REQUEST['wpsg_mod_kundenverwaltung_loginZwang']);
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_preisAnzeige', $_REQUEST['wpsg_mod_kundenverwaltung_preisAnzeige']);
-			
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_redirectlogin', $_REQUEST['wpsg_mod_kundenverwaltung_redirectlogin']);
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_redirectLogout', $_REQUEST['wpsg_mod_kundenverwaltung_redirectLogout']);
-			$this->shop->update_option('wpsg_page_mod_kundenverwaltung_status', $_REQUEST['wpsg_page_mod_kundenverwaltung_status']);
-
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_wpuser', $_REQUEST['wpsg_mod_kundenverwaltung_wpuser']);
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_wpuser_role', $_REQUEST['wpsg_mod_kundenverwaltung_wpuser_role']);
-			
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_aweber', $_REQUEST['wpsg_mod_kundenverwaltung_aweber']);
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_aweber_formid', $_REQUEST['wpsg_mod_kundenverwaltung_aweber_formid']);
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_aweber_listname', $_REQUEST['wpsg_mod_kundenverwaltung_aweber_listname']);
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_aweber_metaAdtracking', $_REQUEST['wpsg_mod_kundenverwaltung_aweber_metaAdtracking']);
-			
-			$this->shop->update_option('wpsg_mod_kundenverwaltung_recaptcha_register', $_REQUEST['wpsg_mod_kundenverwaltung_recaptcha_register']);
-			$this->shop->update_option('wpsg_mod_kundenveraltung_recaptcha_key', $_REQUEST['wpsg_mod_kundenveraltung_recaptcha_key']);
-			$this->shop->update_option('wpsg_mod_kundenveraltung_recaptcha_secretkey', $_REQUEST['wpsg_mod_kundenveraltung_recaptcha_secretkey']);
-			
-			$this->shop->createPage(__('Profil', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_profil', $_REQUEST['wpsg_page_mod_kundenverwaltung_profil']);
-			$this->shop->createPage(__('Registrierung', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_registrierung', $_REQUEST['wpsg_page_mod_kundenverwaltung_registrierung']);
-			$this->shop->createPage(__('Registrierung abgeschlossen', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_weiterleitung_nach_registrierung', $_REQUEST['wpsg_page_mod_kundenverwaltung_weiterleitung_nach_registrierung']);
-			$this->shop->createPage(__('Passwort gesendet', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_passwordsend', $_REQUEST['wpsg_page_mod_kundenverwaltung_passwordsend']);				
-			$this->shop->createPage(__('Bestellungen', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_order', $_REQUEST['wpsg_page_mod_kundenverwaltung_order']);
-			$this->shop->createPage(__('Abonnements', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_abo', $_REQUEST['wpsg_page_mod_kundenverwaltung_abo']);
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_perpage', $_REQUEST['wpsg_mod_kundenverwaltung_perpage'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_showCheckoutLogin', $_REQUEST['wpsg_mod_kundenverwaltung_showCheckoutLogin'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_showCheckoutRegister', $_REQUEST['wpsg_mod_kundenverwaltung_showCheckoutRegister'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_showCheckoutRegisterzwang', $_REQUEST['wpsg_mod_kundenverwaltung_showCheckoutRegisterzwang'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_loginZwang', $_REQUEST['wpsg_mod_kundenverwaltung_loginZwang'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_preisAnzeige', $_REQUEST['wpsg_mod_kundenverwaltung_preisAnzeige'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_redirectlogin', $_REQUEST['wpsg_mod_kundenverwaltung_redirectlogin'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_redirectLogout', $_REQUEST['wpsg_mod_kundenverwaltung_redirectLogout'], false, false, "key");
+			$this->shop->update_option('wpsg_page_mod_kundenverwaltung_status', $_REQUEST['wpsg_page_mod_kundenverwaltung_status'], false, false, "key");
+
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_wpuser', $_REQUEST['wpsg_mod_kundenverwaltung_wpuser'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_wpuser_role', wpsg_xss($_REQUEST['wpsg_mod_kundenverwaltung_wpuser_role']));
+			
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_aweber', $_REQUEST['wpsg_mod_kundenverwaltung_aweber'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_aweber_formid', $_REQUEST['wpsg_mod_kundenverwaltung_aweber_formid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_aweber_listname', $_REQUEST['wpsg_mod_kundenverwaltung_aweber_listname'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_aweber_metaAdtracking', $_REQUEST['wpsg_mod_kundenverwaltung_aweber_metaAdtracking'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_kundenverwaltung_recaptcha_register', $_REQUEST['wpsg_mod_kundenverwaltung_recaptcha_register'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_kundenveraltung_recaptcha_key', $_REQUEST['wpsg_mod_kundenveraltung_recaptcha_key'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_kundenveraltung_recaptcha_secretkey', $_REQUEST['wpsg_mod_kundenveraltung_recaptcha_secretkey'], false, false, "text_field");
+			
+			$this->shop->createPage(__('Profil', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_profil', wpsg_sinput("key", $_REQUEST['wpsg_page_mod_kundenverwaltung_profil']));
+			$this->shop->createPage(__('Registrierung', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_registrierung', wpsg_sinput("key", $_REQUEST['wpsg_page_mod_kundenverwaltung_registrierung']));
+			$this->shop->createPage(__('Registrierung abgeschlossen', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_weiterleitung_nach_registrierung', wpsg_sinput("key", $_REQUEST['wpsg_page_mod_kundenverwaltung_weiterleitung_nach_registrierung']));
+			$this->shop->createPage(__('Passwort gesendet', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_passwordsend', wpsg_sinput("key", $_REQUEST['wpsg_page_mod_kundenverwaltung_passwordsend']));
+			$this->shop->createPage(__('Bestellungen', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_order', wpsg_sinput("key", $_REQUEST['wpsg_page_mod_kundenverwaltung_order']));
+			$this->shop->createPage(__('Abonnements', 'wpsg'), 'wpsg_page_mod_kundenverwaltung_abo', wpsg_sinput("key", $_REQUEST['wpsg_page_mod_kundenverwaltung_abo']));
 			
 		} // public function settings_save()
@@ -1938,26 +1937,28 @@
 		private function be_saveAction()
 		{
+
+			if(isset($_REQUEST['edit_id'])) $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
 			
 			$data = array(
-				'knr' 		=> wpsg_q($_REQUEST['knr']), 
-				'geb' 		=> wpsg_toDate($_REQUEST['geb']),
-				'email' 	=> strtolower(wpsg_q($_REQUEST['email'])),
-				'ustidnr' 	=> wpsg_q($_REQUEST['ustidnr']),
-				'comment' 	=> wpsg_q($_REQUEST['comment']),
-				'status' 	=> wpsg_q($_REQUEST['status'])
+				'knr' 		=> wpsg_q(wpsg_sinput("key", $_REQUEST['knr'])),
+				'geb' 		=> wpsg_toDate(wpsg_sinput("key", $_REQUEST['geb'])),
+				'email' 	=> strtolower(wpsg_q(wpsg_sinput("email", $_REQUEST['email']))),
+				'ustidnr' 	=> wpsg_q(wpsg_sinput("key", $_REQUEST['ustidnr'])),
+				'comment' 	=> wpsg_q(wpsg_sinput("text_field", $_REQUEST['comment'])),
+				'status' 	=> wpsg_q(wpsg_sinput("key", $_REQUEST['status']))
 			);
 			$adata = array(
 					'cdate' 	=> 'NOW()',
-					'title' 	=> wpsg_q($_REQUEST['title']),
-					'name' 		=> wpsg_q($_REQUEST['name']),
-					'vname' 	=> wpsg_q($_REQUEST['vname']),
-					'firma' 	=> wpsg_q($_REQUEST['firma']),
-					'fax' 		=> wpsg_q($_REQUEST['fax']),
-					'strasse' 	=> wpsg_q($_REQUEST['strasse']),
-					'nr' 		=> wpsg_q(wpsg_getStr($_REQUEST['nr'])),
-					'plz' 		=> wpsg_q($_REQUEST['plz']),
-					'ort' 		=> wpsg_q($_REQUEST['ort']),
-					'land' 		=> wpsg_q($_REQUEST['land']),
-					'tel' 		=> wpsg_q($_REQUEST['tel'])
+					'title' 	=> wpsg_q(wpsg_sinput("key", $_REQUEST['title'])),
+					'name' 		=> wpsg_q(wpsg_sinput("user", $_REQUEST['name'])),
+					'vname' 	=> wpsg_q(wpsg_sinput("user", $_REQUEST['vname'])),
+					'firma' 	=> wpsg_q(wpsg_sinput("text_field", $_REQUEST['firma'])),
+					'fax' 		=> wpsg_q(wpsg_sinput("key", $_REQUEST['fax'])),
+					'strasse' 	=> wpsg_q(wpsg_sinput("text_field", $_REQUEST['strasse'])),
+					'nr' 		=> wpsg_q(wpsg_getStr(wpsg_sinput("key", $_REQUEST['nr']))),
+					'plz' 		=> wpsg_q(wpsg_sinput("key", $_REQUEST['plz'])),
+					'ort' 		=> wpsg_q(wpsg_sinput("text_field", $_REQUEST['ort'])),
+					'land' 		=> wpsg_q(wpsg_sinput("key", $_REQUEST['land'])),
+					'tel' 		=> wpsg_q(wpsg_sinput("key", $_REQUEST['tel']))
 			);
 				
@@ -1965,5 +1966,5 @@
 			{
 				
-				$data['group_id'] = wpsg_q($_REQUEST['group_id']);
+				$data['group_id'] = wpsg_q(wpsg_sinput("key", $_REQUEST['group_id']));
 				
 			}
@@ -1972,9 +1973,12 @@
 
 			if (isset($_REQUEST['deleted'])) $data['deleted'] = $_REQUEST['deleted'];
-			
+
+			if(wpsg_isSizedString($_REQUEST['password1'])) $_REQUEST['password1'] = wpsg_sinput("text_field", $_REQUEST['password1']);
+			if(wpsg_isSizedString($_REQUEST['password2'])) $_REQUEST['password2'] = wpsg_sinput("text_field", $_REQUEST['password2']);
+
 			if ($_REQUEST['password1'] == $_REQUEST['password2'] && trim($_REQUEST['password1']) != '')
 			{
 				
-				$data['passwort_saltmd5'] = $this->hashString($_REQUEST['password1']);	
+				$data['passwort_saltmd5'] = $this->hashString($_REQUEST['password1']);
 								
 				$this->shop->addBackendMessage(__('Passwort wurde erfolgreich geÀndert.', 'wpsg'));
@@ -1995,6 +1999,6 @@
 				if ($_REQUEST['info-mail'] == '1')
 				{
-					$data['info-mail'] = wpsg_q($_REQUEST['info-mail']);
-					
+					$data['info-mail'] = wpsg_q(wpsg_sinput("key", $_REQUEST['info-mail']));
+
 					$this->activateMail($data);
 					
@@ -2008,5 +2012,4 @@
 					
 				}
-				
 
 				$a = $this->db->fetchRow("
@@ -2024,5 +2027,5 @@
 					$this->db->UpdateQuery(WPSG_TBL_ADRESS, $adata, "`id` = '".wpsg_q($a['adress_id'])."'");
 				
-				$this->db->UpdateQuery(WPSG_TBL_KU, $data, "`id` = '".wpsg_q($_REQUEST['edit_id'])."'");
+				$this->db->UpdateQuery(WPSG_TBL_KU, $data, "`id` = '".wpsg_q(wpsg_sinput("key", $_REQUEST['edit_id']))."'");
 
 			}
@@ -2067,7 +2070,7 @@
             if (isset($_REQUEST['submit-button']) || isset($_REQUEST['submit_do']))
             {
-                
+
                 $this->shop->view['targetCustomer'] = wpsg_customer::find(array(
-                    's' => $_REQUEST['filter']['s']
+                    's' => wpsg_xss($_REQUEST['filter']['s'])
                 ));
             }
@@ -2082,5 +2085,5 @@
 		private function be_indexAction()
 		{
-			 
+
 		    if (isset($_REQUEST['wpsg_do']) && $_REQUEST['wpsg_do'] !== '-1')
             {
@@ -2104,4 +2107,7 @@
 			if (wpsg_isSizedArray($_REQUEST['filter']))
 			{
+
+				$_REQUEST['filter']['s'] = wpsg_sinput("text_field", $_REQUEST['filter']['s']);
+				$_REQUEST['filter']['group_id'] = wpsg_sinput("key", $_REQUEST['filter']['group_id']);
 
 				$this->shop->view['arFilter'] = $_REQUEST['filter'];
Index: /mods/wpsg_mod_legaltexts.class.php
===================================================================
--- /mods/wpsg_mod_legaltexts.class.php	(revision 7397)
+++ /mods/wpsg_mod_legaltexts.class.php	(revision 7398)
@@ -42,6 +42,6 @@
 		
 		public function settings_save() {
-			
-			$this->shop->update_option('wpsg_mod_legaltexts_provider', $_REQUEST['wpsg_mod_legaltexts_provider']);
+
+			$this->shop->update_option('wpsg_mod_legaltexts_provider', $_REQUEST['wpsg_mod_legaltexts_provider'], false, false, "key");
 			
 			if (isset($_REQUEST['wpsg_mod_legaltexts_submitform']) && $_REQUEST['wpsg_mod_legaltexts_submitform'] == '1') {
Index: /mods/wpsg_mod_micropayment.class.php
===================================================================
--- /mods/wpsg_mod_micropayment.class.php	(revision 7397)
+++ /mods/wpsg_mod_micropayment.class.php	(revision 7398)
@@ -144,95 +144,95 @@
 					
 			// Allgemein
-			$this->shop->update_option('wpsg_mod_micropayment_projectid', $_REQUEST['wpsg_mod_micropayment_projectid']);
-			$this->shop->update_option('wpsg_mod_micropayment_accountid', $_REQUEST['wpsg_mod_micropayment_accountid']);
-			$this->shop->update_option('wpsg_mod_micropayment_accesskey', $_REQUEST['wpsg_mod_micropayment_accesskey']);
-			$this->shop->createPage(__('Erfolgreiche Zahlung', 'wpsg'), 'wpsg_mod_micropayment_successPage', $_REQUEST['wpsg_mod_micropayment_successPage']);
-			$this->shop->update_option('wpsg_mod_micropayment_paystart', $_REQUEST['wpsg_mod_micropayment_paystart']);
-			
-			$this->shop->update_option('wpsg_mod_micropayment_account', $_REQUEST['wpsg_mod_micropayment_account']);
-			$this->shop->update_option('wpsg_mod_micropayment_layout', $_REQUEST['wpsg_mod_micropayment_layout']);
-			$this->shop->update_option('wpsg_mod_micropayment_bgcolor', $_REQUEST['wpsg_mod_micropayment_bgcolor']);
-			$this->shop->update_option('wpsg_mod_micropayment_campaign', $_REQUEST['wpsg_mod_micropayment_campaign']);
-			$this->shop->update_option('wpsg_mod_micropayment_sandbox', $_REQUEST['wpsg_mod_micropayment_sandbox']);
-			$this->shop->update_option('wpsg_mod_micropayment_bggfx', $_REQUEST['wpsg_mod_micropayment_bggfx']);
+			$this->shop->update_option('wpsg_mod_micropayment_projectid', $_REQUEST['wpsg_mod_micropayment_projectid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_accountid', $_REQUEST['wpsg_mod_micropayment_accountid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_accesskey', $_REQUEST['wpsg_mod_micropayment_accesskey'], false, false, "key");
+			$this->shop->createPage(__('Erfolgreiche Zahlung', 'wpsg'), 'wpsg_mod_micropayment_successPage', wpsg_sinput("key", $_REQUEST['wpsg_mod_micropayment_successPage']));
+			$this->shop->update_option('wpsg_mod_micropayment_paystart', $_REQUEST['wpsg_mod_micropayment_paystart'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_micropayment_account', $_REQUEST['wpsg_mod_micropayment_account'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_micropayment_layout', $_REQUEST['wpsg_mod_micropayment_layout'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_micropayment_bgcolor', $_REQUEST['wpsg_mod_micropayment_bgcolor'], false, false, "hex_color");
+			$this->shop->update_option('wpsg_mod_micropayment_campaign', $_REQUEST['wpsg_mod_micropayment_campaign'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_micropayment_sandbox', $_REQUEST['wpsg_mod_micropayment_sandbox'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_bggfx', $_REQUEST['wpsg_mod_micropayment_bggfx'], false, false, "text_field");
 			
 			// Kreditkarte
-			$this->shop->update_option('wpsg_mod_micropayment_creditcard_activ', $_REQUEST['wpsg_mod_micropayment_creditcard_activ']);
-			$this->shop->update_option('wpsg_mod_micropayment_creditcard_name', $_REQUEST['wpsg_mod_micropayment_creditcard_name']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_creditcard_name', $_REQUEST['wpsg_mod_micropayment_creditcard_name']);
-			$this->shop->update_option('wpsg_mod_micropayment_creditcard_hint', $_REQUEST['wpsg_mod_micropayment_creditcard_hint']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_creditcard_hint', $_REQUEST['wpsg_mod_micropayment_creditcard_hint']);
-			$this->shop->update_option('wpsg_mod_micropayment_creditcard_logo', $_REQUEST['wpsg_mod_micropayment_creditcard_logo']);
-			$this->shop->update_option('wpsg_mod_micropayment_creditcard_gebuehr', $_REQUEST['wpsg_mod_micropayment_creditcard_gebuehr']);
-			$this->shop->update_option('wpsg_mod_micropayment_creditcard_mwst', $_REQUEST['wpsg_mod_micropayment_creditcard_mwst']);
-			$this->shop->update_option('wpsg_mod_micropayment_creditcard_mwstland', $_REQUEST['wpsg_mod_micropayment_creditcard_mwstland']);
+			$this->shop->update_option('wpsg_mod_micropayment_creditcard_activ', $_REQUEST['wpsg_mod_micropayment_creditcard_activ'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_creditcard_name', $_REQUEST['wpsg_mod_micropayment_creditcard_name'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_creditcard_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_creditcard_name']));
+			$this->shop->update_option('wpsg_mod_micropayment_creditcard_hint', $_REQUEST['wpsg_mod_micropayment_creditcard_hint'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_creditcard_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_creditcard_hint']));
+			$this->shop->update_option('wpsg_mod_micropayment_creditcard_logo', $_REQUEST['wpsg_mod_micropayment_creditcard_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_micropayment_creditcard_gebuehr', $_REQUEST['wpsg_mod_micropayment_creditcard_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_micropayment_creditcard_mwst', $_REQUEST['wpsg_mod_micropayment_creditcard_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_creditcard_mwstland', $_REQUEST['wpsg_mod_micropayment_creditcard_mwstland'], false, false, "key");
 			
 			// Kreditkarte (Reservierung)
-			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_activ', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_activ']);
-			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_name', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_name']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_creditcardreservation_name', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_name']);
-			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_hint', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_hint']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_creditcardreservation_hint', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_hint']);
-			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_logo', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_logo']);
-			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_gebuehr', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_gebuehr']);
-			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_mwst', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_mwst']);
-			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_mwstland', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_mwstland']);
+			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_activ', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_activ'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_name', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_name'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_creditcardreservation_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_creditcardreservation_name']));
+			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_hint', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_hint'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_creditcardreservation_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_creditcardreservation_hint']));
+			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_logo', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_gebuehr', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_mwst', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_creditcardreservation_mwstland', $_REQUEST['wpsg_mod_micropayment_creditcardreservation_mwstland'], false, false, "key");
 						
 			// Lastschrift
-			$this->shop->update_option('wpsg_mod_micropayment_directdebit_activ', $_REQUEST['wpsg_mod_micropayment_directdebit_activ']);
-			$this->shop->update_option('wpsg_mod_micropayment_directdebit_name', $_REQUEST['wpsg_mod_micropayment_directdebit_name']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_directdebit_name', $_REQUEST['wpsg_mod_micropayment_directdebit_name']);
-			$this->shop->update_option('wpsg_mod_micropayment_directdebit_hint', $_REQUEST['wpsg_mod_micropayment_directdebit_hint']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_directdebit_hint', $_REQUEST['wpsg_mod_micropayment_directdebit_hint']);
-			$this->shop->update_option('wpsg_mod_micropayment_directdebit_logo', $_REQUEST['wpsg_mod_micropayment_directdebit_logo']);
-			$this->shop->update_option('wpsg_mod_micropayment_directdebit_gebuehr', $_REQUEST['wpsg_mod_micropayment_directdebit_gebuehr']);
-			$this->shop->update_option('wpsg_mod_micropayment_directdebit_mwst', $_REQUEST['wpsg_mod_micropayment_directdebit_mwst']);
-			$this->shop->update_option('wpsg_mod_micropayment_directdebit_mwstland', $_REQUEST['wpsg_mod_micropayment_directdebit_mwstland']);
-			$this->shop->update_option('wpsg_mod_micropayment_directdebit_subject', $_REQUEST['wpsg_mod_micropayment_directdebit_subject']);
+			$this->shop->update_option('wpsg_mod_micropayment_directdebit_activ', $_REQUEST['wpsg_mod_micropayment_directdebit_activ'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_directdebit_name', $_REQUEST['wpsg_mod_micropayment_directdebit_name'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_directdebit_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_directdebit_name']));
+			$this->shop->update_option('wpsg_mod_micropayment_directdebit_hint', $_REQUEST['wpsg_mod_micropayment_directdebit_hint'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_directdebit_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_directdebit_hint']));
+			$this->shop->update_option('wpsg_mod_micropayment_directdebit_logo', $_REQUEST['wpsg_mod_micropayment_directdebit_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_micropayment_directdebit_gebuehr', $_REQUEST['wpsg_mod_micropayment_directdebit_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_micropayment_directdebit_mwst', $_REQUEST['wpsg_mod_micropayment_directdebit_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_directdebit_mwstland', $_REQUEST['wpsg_mod_micropayment_directdebit_mwstland'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_directdebit_subject', $_REQUEST['wpsg_mod_micropayment_directdebit_subject'], false, false, "text_field");
 			
 			// eBank2Pay
-			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_activ', $_REQUEST['wpsg_mod_micropayment_ebank2pay_activ']);
-			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_name', $_REQUEST['wpsg_mod_micropayment_ebank2pay_name']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_ebank2pay_name', $_REQUEST['wpsg_mod_micropayment_ebank2pay_name']);
-			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_hint', $_REQUEST['wpsg_mod_micropayment_ebank2pay_hint']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_ebank2pay_hint', $_REQUEST['wpsg_mod_micropayment_ebank2pay_hint']);
-			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_logo', $_REQUEST['wpsg_mod_micropayment_ebank2pay_logo']);
-			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_gebuehr', $_REQUEST['wpsg_mod_micropayment_ebank2pay_gebuehr']);
-			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_mwst', $_REQUEST['wpsg_mod_micropayment_ebank2pay_mwst']);
-			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_mwstland', $_REQUEST['wpsg_mod_micropayment_ebank2pay_mwstland']);
+			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_activ', $_REQUEST['wpsg_mod_micropayment_ebank2pay_activ'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_name', $_REQUEST['wpsg_mod_micropayment_ebank2pay_name'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_ebank2pay_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_ebank2pay_name']));
+			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_hint', $_REQUEST['wpsg_mod_micropayment_ebank2pay_hint'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_ebank2pay_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_ebank2pay_hint']));
+			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_logo', $_REQUEST['wpsg_mod_micropayment_ebank2pay_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_gebuehr', $_REQUEST['wpsg_mod_micropayment_ebank2pay_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_mwst', $_REQUEST['wpsg_mod_micropayment_ebank2pay_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_ebank2pay_mwstland', $_REQUEST['wpsg_mod_micropayment_ebank2pay_mwstland'], false, false, "key");
 						
 			// Vorkasse
-			$this->shop->update_option('wpsg_mod_micropayment_prepayment_activ', $_REQUEST['wpsg_mod_micropayment_prepayment_activ']);
-			$this->shop->update_option('wpsg_mod_micropayment_prepayment_name', $_REQUEST['wpsg_mod_micropayment_prepayment_name']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_prepayment_name', $_REQUEST['wpsg_mod_micropayment_prepayment_name']);
-			$this->shop->update_option('wpsg_mod_micropayment_prepayment_hint', $_REQUEST['wpsg_mod_micropayment_prepayment_hint']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_prepayment_hint', $_REQUEST['wpsg_mod_micropayment_prepayment_hint']);
-			$this->shop->update_option('wpsg_mod_micropayment_prepayment_logo', $_REQUEST['wpsg_mod_micropayment_prepayment_logo']);
-			$this->shop->update_option('wpsg_mod_micropayment_prepayment_gebuehr', $_REQUEST['wpsg_mod_micropayment_prepayment_gebuehr']);
-			$this->shop->update_option('wpsg_mod_micropayment_prepayment_mwst', $_REQUEST['wpsg_mod_micropayment_prepayment_mwst']);
-			$this->shop->update_option('wpsg_mod_micropayment_prepayment_mwstland', $_REQUEST['wpsg_mod_micropayment_prepayment_mwstland']);
-			$this->shop->update_option('wpsg_mod_micropayment_prepayment_subject', $_REQUEST['wpsg_mod_micropayment_prepayment_subject']);
+			$this->shop->update_option('wpsg_mod_micropayment_prepayment_activ', $_REQUEST['wpsg_mod_micropayment_prepayment_activ'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_prepayment_name', $_REQUEST['wpsg_mod_micropayment_prepayment_name'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_prepayment_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_prepayment_name']));
+			$this->shop->update_option('wpsg_mod_micropayment_prepayment_hint', $_REQUEST['wpsg_mod_micropayment_prepayment_hint'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_prepayment_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_prepayment_hint']));
+			$this->shop->update_option('wpsg_mod_micropayment_prepayment_logo', $_REQUEST['wpsg_mod_micropayment_prepayment_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_micropayment_prepayment_gebuehr', $_REQUEST['wpsg_mod_micropayment_prepayment_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_micropayment_prepayment_mwst', $_REQUEST['wpsg_mod_micropayment_prepayment_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_prepayment_mwstland', $_REQUEST['wpsg_mod_micropayment_prepayment_mwstland'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_prepayment_subject', $_REQUEST['wpsg_mod_micropayment_prepayment_subject'], false, false, "text_field");
 			
 			// Call2Pay
-			$this->shop->update_option('wpsg_mod_micropayment_call2pay_activ', $_REQUEST['wpsg_mod_micropayment_call2pay_activ']);
-			$this->shop->update_option('wpsg_mod_micropayment_call2pay_name', $_REQUEST['wpsg_mod_micropayment_call2pay_name']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_call2pay_name', $_REQUEST['wpsg_mod_micropayment_call2pay_name']);
-			$this->shop->update_option('wpsg_mod_micropayment_call2pay_hint', $_REQUEST['wpsg_mod_micropayment_call2pay_hint']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_call2pay_hint', $_REQUEST['wpsg_mod_micropayment_call2pay_hint']);
-			$this->shop->update_option('wpsg_mod_micropayment_call2pay_logo', $_REQUEST['wpsg_mod_micropayment_call2pay_logo']);
-			$this->shop->update_option('wpsg_mod_micropayment_call2pay_gebuehr', $_REQUEST['wpsg_mod_micropayment_call2pay_gebuehr']);
-			$this->shop->update_option('wpsg_mod_micropayment_call2pay_mwst', $_REQUEST['wpsg_mod_micropayment_call2pay_mwst']);
-			$this->shop->update_option('wpsg_mod_micropayment_call2pay_mwstland', $_REQUEST['wpsg_mod_micropayment_call2pay_mwstland']);
+			$this->shop->update_option('wpsg_mod_micropayment_call2pay_activ', $_REQUEST['wpsg_mod_micropayment_call2pay_activ'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_call2pay_name', $_REQUEST['wpsg_mod_micropayment_call2pay_name'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_call2pay_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_call2pay_name']));
+			$this->shop->update_option('wpsg_mod_micropayment_call2pay_hint', $_REQUEST['wpsg_mod_micropayment_call2pay_hint'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_call2pay_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_call2pay_hint']));
+			$this->shop->update_option('wpsg_mod_micropayment_call2pay_logo', $_REQUEST['wpsg_mod_micropayment_call2pay_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_micropayment_call2pay_gebuehr', $_REQUEST['wpsg_mod_micropayment_call2pay_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_micropayment_call2pay_mwst', $_REQUEST['wpsg_mod_micropayment_call2pay_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_call2pay_mwstland', $_REQUEST['wpsg_mod_micropayment_call2pay_mwstland'], false, false, "key");
 						
 			// HandyPay
-			$this->shop->update_option('wpsg_mod_micropayment_handypay_activ', $_REQUEST['wpsg_mod_micropayment_handypay_activ']);
-			$this->shop->update_option('wpsg_mod_micropayment_handypay_name', $_REQUEST['wpsg_mod_micropayment_handypay_name']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_handypay_name', $_REQUEST['wpsg_mod_micropayment_handypay_name']);
-			$this->shop->update_option('wpsg_mod_micropayment_handypay_hint', $_REQUEST['wpsg_mod_micropayment_handypay_hint']);
-			$this->shop->addTranslationString('wpsg_mod_micropayment_handypay_hint', $_REQUEST['wpsg_mod_micropayment_handypay_hint']);
-			$this->shop->update_option('wpsg_mod_micropayment_handypay_logo', $_REQUEST['wpsg_mod_micropayment_handypay_logo']);
-			$this->shop->update_option('wpsg_mod_micropayment_handypay_gebuehr', $_REQUEST['wpsg_mod_micropayment_handypay_gebuehr']);
-			$this->shop->update_option('wpsg_mod_micropayment_handypay_mwst', $_REQUEST['wpsg_mod_micropayment_handypay_mwst']);
-			$this->shop->update_option('wpsg_mod_micropayment_handypay_mwstland', $_REQUEST['wpsg_mod_micropayment_handypay_mwstland']);
+			$this->shop->update_option('wpsg_mod_micropayment_handypay_activ', $_REQUEST['wpsg_mod_micropayment_handypay_activ'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_handypay_name', $_REQUEST['wpsg_mod_micropayment_handypay_name'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_handypay_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_handypay_name']));
+			$this->shop->update_option('wpsg_mod_micropayment_handypay_hint', $_REQUEST['wpsg_mod_micropayment_handypay_hint'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_micropayment_handypay_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_micropayment_handypay_hint']));
+			$this->shop->update_option('wpsg_mod_micropayment_handypay_logo', $_REQUEST['wpsg_mod_micropayment_handypay_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_micropayment_handypay_gebuehr', $_REQUEST['wpsg_mod_micropayment_handypay_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_micropayment_handypay_mwst', $_REQUEST['wpsg_mod_micropayment_handypay_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_micropayment_handypay_mwstland', $_REQUEST['wpsg_mod_micropayment_handypay_mwstland'], false, false, "key");
 						
 			$this->getBillingURLs();
@@ -461,7 +461,9 @@
 			if (wpsg_getStr($_REQUEST['wpsg_plugin']) == 'wpsg_mod_micropayment' && $_REQUEST['module_action'] == 'pay')
 			{
-				
+
+				$_REQUEST['order_id'] = wpsg_sinput("key", $_REQUEST['order_id']);
+
 				$form_data = null;
-				parse_str($_REQUEST['form_data'], $form_data);
+				parse_str(wpsg_sinput("text_field", $_REQUEST['form_data']), $form_data);
 				
 				if (!wpsg_isSizedString($form_data['number'])) die(__('Bitte die Kreditkartennummer angeben.', 'wpsg'));
@@ -553,5 +555,8 @@
 			else if ($_REQUEST['wpsg_plugin'] == 'wpsg_mod_micropayment' && $_REQUEST['confirm'] == 'micropayment')
 			{
-				 
+
+				$_REQUEST['title'] = wpsg_sinput("text_field", $_REQUEST['title']);
+				$_REQUEST['amount'] = wpsg_sinput("key", $_REQUEST['amount']);
+
 				$title = explode('|', $_REQUEST['title']);
 				$order_id = $title[0];
Index: /mods/wpsg_mod_minquantity.class.php
===================================================================
--- /mods/wpsg_mod_minquantity.class.php	(revision 7397)
+++ /mods/wpsg_mod_minquantity.class.php	(revision 7398)
@@ -43,5 +43,5 @@
 		public function product_addedit_content(&$product_content, &$product_data)
 		{
-		
+
 			if (wpsg_isSizedInt($product_data['id']))
 			{
@@ -61,5 +61,6 @@
 			$product_data['arMinquantity_valuemax'] = explode(',', $this->shop->get_option('wpsg_mod_minquantity_valuemax'));
 			
-			$product_content['general']['content'] .= $this->shop->render(WPSG_PATH_VIEW.'/mods/mod_minquantity/produkt_addedit_allgemein.phtml', false);
+			#$product_content['general']['content'] .= $this->shop->render(WPSG_PATH_VIEW.'/mods/mod_minquantity/produkt_addedit_allgemein.phtml', false);
+			$this->shop->view['arSubAction']['stock']['content'] .= $this->shop->render(WPSG_PATH_VIEW.'/mods/mod_minquantity/produkt_addedit_allgemein.phtml', false);
 		}
 		
@@ -76,11 +77,11 @@
 		} // public function settings_save()
 		
-		public function produkt_edit_allgemein(&$produkt_data) 
-		{ 
-	 
+		public function produkt_edit_allgemein(&$produkt_data)
+		{
+
 			$this->shop->view['wpsg_mod_minquantity']['value'] = $produkt_data['wpsg_mod_minquantity_value'];
 			$this->shop->view['wpsg_mod_minquantity']['valuemax'] = $produkt_data['wpsg_mod_minquantity_valuemax'];
 			
-			$this->shop->render(WPSG_PATH_VIEW.'/mods/mod_minquantity/produkt_edit_allgemein.phtml');
+			//$this->shop->render(WPSG_PATH_VIEW.'/mods/mod_minquantity/produkt_edit_allgemein.phtml');
 			
 		} // public function produkt_edit_allgemein(&$produkt_data)
@@ -89,6 +90,6 @@
 		{
 				
-			$produkt_data['wpsg_mod_minquantity_value'] = wpsg_tf($_REQUEST['wpsg_mod_minquantity']['value']);
-			$produkt_data['wpsg_mod_minquantity_valuemax'] = wpsg_tf($_REQUEST['wpsg_mod_minquantity']['valuemax']);
+			$produkt_data['wpsg_mod_minquantity_value'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['wpsg_mod_minquantity']['value']));
+			$produkt_data['wpsg_mod_minquantity_valuemax'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['wpsg_mod_minquantity']['valuemax']));
  
 		} // public function produkt_save_before(&$produkt_data)
@@ -120,5 +121,5 @@
 					// In Session korrigieren
 					// Sollte eigentlich anders gebaut werden, aber will den Kern momentan nicht anpassen
-					foreach ($_SESSION['wpsg']['basket'] as $k => $p)
+					foreach ($_SESSION['wpsg']['basket'] ?: [] as $k => $p)
 					{
 						
Index: /mods/wpsg_mod_minrequest.class.php
===================================================================
--- /mods/wpsg_mod_minrequest.class.php	(revision 7397)
+++ /mods/wpsg_mod_minrequest.class.php	(revision 7398)
@@ -39,6 +39,6 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_minrequest_basketamount', wpsg_tf($_REQUEST['wpsg_mod_minrequest_basketamount']));
-			$this->shop->update_option('wpsg_mod_minrequest_basketmaxamount', wpsg_tf($_REQUEST['wpsg_mod_minrequest_basketmaxamount']));
+			$this->shop->update_option('wpsg_mod_minrequest_basketamount', $_REQUEST['wpsg_mod_minrequest_basketamount'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_minrequest_basketmaxamount', $_REQUEST['wpsg_mod_minrequest_basketmaxamount'], false, false, "key", ["isFloat"]);
 			
 		} // public function settings_save()
Index: /mods/wpsg_mod_newsletter.class.php
===================================================================
--- /mods/wpsg_mod_newsletter.class.php	(revision 7397)
+++ /mods/wpsg_mod_newsletter.class.php	(revision 7398)
@@ -51,6 +51,6 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_newsletter_groups', implode(',', (array)array_values($_REQUEST['wpsg_mod_newsletter_groups'])));
-			$this->shop->update_option('wpsg_mod_newsletter_action', $_REQUEST['wpsg_mod_newsletter_action']);
+			$this->shop->update_option('wpsg_mod_newsletter_groups', implode(',', (array)array_values($_REQUEST['wpsg_mod_newsletter_groups'])), false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_newsletter_action', $_REQUEST['wpsg_mod_newsletter_action'], false, false, "text_field");
 			
 		} // public function settings_save()
Index: /mods/wpsg_mod_nlsatolo.class.php
===================================================================
--- /mods/wpsg_mod_nlsatolo.class.php	(revision 7397)
+++ /mods/wpsg_mod_nlsatolo.class.php	(revision 7398)
@@ -55,6 +55,6 @@
         public function settings_save() {
     
-            $this->shop->update_option('wpsg_mod_nlsatolo_doubleoptin', $_REQUEST['wpsg_mod_nlsatolo_doubleoptin']);
-            $this->shop->update_option('wpsg_mod_nlsatolo_group', $_REQUEST['wpsg_mod_nlsatolo_group']);
+            $this->shop->update_option('wpsg_mod_nlsatolo_doubleoptin', $_REQUEST['wpsg_mod_nlsatolo_doubleoptin'], false, false, "key");
+            $this->shop->update_option('wpsg_mod_nlsatolo_group', $_REQUEST['wpsg_mod_nlsatolo_group'], false, false, "key");
     
         } // public function settings_save()
Index: /mods/wpsg_mod_onepagecheckout.class.php
===================================================================
--- /mods/wpsg_mod_onepagecheckout.class.php	(revision 7397)
+++ /mods/wpsg_mod_onepagecheckout.class.php	(revision 7398)
@@ -52,7 +52,7 @@
 		public function settings_save()
 		{
-			
-			$this->shop->createPage(__('Kasse', 'wpsg'), 'wpsg_mod_onepagecheckout_page', $_REQUEST['wpsg_mod_onepagecheckout_page']);
-			$this->shop->update_option('wpsg_mod_onepagecheckout_basket', $_REQUEST['wpsg_mod_onepagecheckout_basket']);
+
+			$this->shop->createPage(__('Kasse', 'wpsg'), 'wpsg_mod_onepagecheckout_page', wpsg_sinput("key", $_REQUEST['wpsg_mod_onepagecheckout_page']));
+			$this->shop->update_option('wpsg_mod_onepagecheckout_basket', $_REQUEST['wpsg_mod_onepagecheckout_basket'], false, false, "key");
 				
 		} // public function settings_save()
Index: /mods/wpsg_mod_ordercondition.class.php
===================================================================
--- /mods/wpsg_mod_ordercondition.class.php	(revision 7397)
+++ /mods/wpsg_mod_ordercondition.class.php	(revision 7398)
@@ -141,8 +141,11 @@
 			else if ($_REQUEST['do'] == 'inlinedit')
 			{
-				
+
 				if ($_REQUEST['field'] == 'name')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+					$_REQUEST['oc_id'] = wpsg_sinput("key", $_REQUEST['oc_id']);
+
 					$this->db->UpdateQuery(WPSG_TBL_ORDERCOND, array(
 						'name' => wpsg_q($_REQUEST['value'])
@@ -176,5 +179,8 @@
 				else if ($_REQUEST['field'] == 'text')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+					$_REQUEST['oc_id'] = wpsg_sinput("key", $_REQUEST['oc_id']);
+
 					if ($this->shop->get_option('wpsg_options_nl2br') == '1') $_REQUEST['value'] = nl2br($_REQUEST['value']);
 					
@@ -190,5 +196,8 @@
 				else if ($_REQUEST['field'] == 'errortext')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+					$_REQUEST['oc_id'] = wpsg_sinput("key", $_REQUEST['oc_id']);
+
 					if ($this->shop->get_option('wpsg_options_nl2br') == '1') $_REQUEST['value'] = nl2br($_REQUEST['value']);
 						
@@ -241,5 +250,5 @@
 				{
 					
-					if ($oc_value === '1') $arSave[] = $oc_id;
+					if ($oc_value === '1') $arSave[] = wpsg_sinput("key", $oc_id);
 					
 				}
Index: /mods/wpsg_mod_orderupload.class.php
===================================================================
--- /mods/wpsg_mod_orderupload.class.php	(revision 7397)
+++ /mods/wpsg_mod_orderupload.class.php	(revision 7398)
@@ -60,14 +60,14 @@
 		public function settings_save()
 		{
-			
-			$this->shop->update_option('wpsg_mod_orderupload_filename', $_REQUEST['wpsg_mod_orderupload_filename']);
-			$this->shop->update_option('wpsg_mod_orderupload_allowedext', $_REQUEST['wpsg_mod_orderupload_allowedext']);
-			$this->shop->update_option('wpsg_mod_orderupload_multifiles', $_REQUEST['wpsg_mod_orderupload_multifiles']);
-			$this->shop->update_option('wpsg_mod_orderupload_optional', $_REQUEST['wpsg_mod_orderupload_optional']);
-			$this->shop->update_option('wpsg_mod_orderupload_zip', $_REQUEST['wpsg_mod_orderupload_zip']);
-			$this->shop->update_option('wpsg_mod_orderupload_maxweight', $_REQUEST['wpsg_mod_orderupload_maxweight']);
-			$this->shop->update_option('wpsg_mod_orderupload_mail', $_REQUEST['wpsg_mod_orderupload_mail']);
-			$this->shop->update_option('wpsg_mod_orderupload_maxweight_text', $_REQUEST['wpsg_mod_orderupload_maxweight_text']);
-			$this->shop->update_option('wpsg_mod_orderupload__mode', $_REQUEST['wpsg_mod_orderupload__mode']);
+
+			$this->shop->update_option('wpsg_mod_orderupload_filename', $_REQUEST['wpsg_mod_orderupload_filename'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_orderupload_allowedext', $_REQUEST['wpsg_mod_orderupload_allowedext'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_orderupload_multifiles', $_REQUEST['wpsg_mod_orderupload_multifiles'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_orderupload_optional', $_REQUEST['wpsg_mod_orderupload_optional'],false, false, "key");
+			$this->shop->update_option('wpsg_mod_orderupload_zip', $_REQUEST['wpsg_mod_orderupload_zip'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_orderupload_maxweight', $_REQUEST['wpsg_mod_orderupload_maxweight'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_orderupload_mail', $_REQUEST['wpsg_mod_orderupload_mail'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_orderupload_maxweight_text', $_REQUEST['wpsg_mod_orderupload_maxweight_text'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_orderupload__mode', $_REQUEST['wpsg_mod_orderupload__mode'], false, false, "key");
 			
 		} // public function settings_save()
@@ -231,5 +231,9 @@
 			
 			if (isset($_REQUEST['wpsg_mod_orderupload_download'])) {
-								
+
+				$_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+				$_REQUEST['product_index'] = wpsg_xss($_REQUEST['product_index']);
+				$_REQUEST['wpsg_mod_orderupload_download'] = wpsg_xss($_REQUEST['wpsg_mod_orderupload_download']);
+
                 if (isset($_REQUEST['product_index'])) {
                     
@@ -329,7 +333,7 @@
             
             if (wpsg_isSizedArray($_REQUEST['wpsg_mod_orderupload'])) {
-                 
-                $produkt_data['wpsg_mod_orderupload_set'] = $_REQUEST['wpsg_mod_orderupload']['set'];
-                $produkt_data['wpsg_mod_orderupload_mandatory'] = $_REQUEST['wpsg_mod_orderupload']['mandatory'];
+
+                $produkt_data['wpsg_mod_orderupload_set'] = wpsg_sinput("key", $_REQUEST['wpsg_mod_orderupload']['set']);
+                $produkt_data['wpsg_mod_orderupload_mandatory'] = wpsg_sinput("key", $_REQUEST['wpsg_mod_orderupload']['mandatory']);
                  
             }
Index: /mods/wpsg_mod_ordervars.class.php
===================================================================
--- /mods/wpsg_mod_ordervars.class.php	(revision 7397)
+++ /mods/wpsg_mod_ordervars.class.php	(revision 7398)
@@ -116,5 +116,7 @@
 				$data = array();
 				if ($_REQUEST['field'] == 'name') 
-				{ 
+				{
+
+					$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
 
 					$data['name'] = wpsg_q($_REQUEST['value']);
@@ -213,13 +215,21 @@
 			if (wpsg_isSizedString($_REQUEST['do'], 'inlinedit'))
 			{
-	 
+
+				$_REQUEST['order_id'] = wpsg_sinput("key", $_REQUEST['order_id']);
+
 				$ov_db = $this->db->fetchRow("SELECT * FROM `".WPSG_TBL_ORDERVARS."` WHERE `id` = '".wpsg_q($_REQUEST['ov_id'])."' ");
 				$arAuswahl = explode('|', $ov_db['auswahl']);
-				
+
 				if ($ov_db['typ'] == 1 && is_numeric($_REQUEST['value']))
 				{
 				
-					$_REQUEST['value'] = $arAuswahl[$_REQUEST['value']];
-						
+					$_REQUEST['value'] = wpsg_sinput("key", $arAuswahl[$_REQUEST['value']]);
+
+				}
+				else
+				{
+
+					$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+
 				}
 				
Index: /mods/wpsg_mod_packagetracking.class.php
===================================================================
--- /mods/wpsg_mod_packagetracking.class.php	(revision 7397)
+++ /mods/wpsg_mod_packagetracking.class.php	(revision 7398)
@@ -167,5 +167,7 @@
 				
 				if (!wpsg_isSizedInt($_REQUEST['trackingprovider_id'])) throw new \wpsg\Exception(__('Inline Edit ohne ID', 'wpsg'));
-				
+
+				$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+
 				if ($_REQUEST['field'] == 'name')
 				{
@@ -200,5 +202,5 @@
 				
 				$this->db->UpdateQuery(WPSG_TBL_VA, array(
-					'wpsg_mod_packagetracking_provider' => wpsg_q($_REQUEST['trackingprovider_id'])
+					'wpsg_mod_packagetracking_provider' => wpsg_q(wpsg_sinput("key", $_REQUEST['trackingprovider_id']))
 				), " `id` = '".wpsg_q($_REQUEST['va_id'])."' ");
 				
@@ -281,6 +283,6 @@
 				
 				$this->db->UpdateQuery(WPSG_TBL_ORDER, array(
-					'wpsg_mod_packagetracking_code' => wpsg_q($_REQUEST['wpsg_mod_packagetracking_code']),
-					'wpsg_mod_packagetracking_provider' => wpsg_q($_REQUEST['wpsg_mod_packagetracking_provider'])
+					'wpsg_mod_packagetracking_code' => wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_packagetracking_code'])),
+					'wpsg_mod_packagetracking_provider' => wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_packagetracking_provider']))
 				), " `id` = '".wpsg_q($order_id)."' ");
 												
Index: /mods/wpsg_mod_paypal.class.php
===================================================================
--- /mods/wpsg_mod_paypal.class.php	(revision 7397)
+++ /mods/wpsg_mod_paypal.class.php	(revision 7398)
@@ -86,20 +86,23 @@
 		public function settings_save()
 		{
-			
-			$this->shop->update_option('wpsg_mod_paypal_bezeichnung', $_REQUEST['wpsg_mod_paypal_bezeichnung']);
-			$this->shop->update_option('wpsg_mod_paypal_aktiv', $_REQUEST['wpsg_mod_paypal_aktiv']);
-			$this->shop->update_option('wpsg_mod_paypal_hint', $_REQUEST['wpsg_mod_paypal_hint']);
-			$this->shop->update_option('wpsg_mod_paypal_gebuehr', wpsg_tf($_REQUEST['wpsg_mod_paypal_gebuehr'], true));
-			$this->shop->update_option('wpsg_mod_paypal_mwst', $_REQUEST['wpsg_mod_paypal_mwst']);
+
+			foreach($_REQUEST['wpsg_mod_paypal_stornostate'] as $k => $v)
+				$_REQUEST['wpsg_mod_paypal_stornostate'][$k] = wpsg_sinput("key", $v);
+
+			$this->shop->update_option('wpsg_mod_paypal_bezeichnung', $_REQUEST['wpsg_mod_paypal_bezeichnung'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_paypal_aktiv', $_REQUEST['wpsg_mod_paypal_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_paypal_hint', $_REQUEST['wpsg_mod_paypal_hint'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_paypal_gebuehr', $_REQUEST['wpsg_mod_paypal_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_paypal_mwst', $_REQUEST['wpsg_mod_paypal_mwst'], false, false, "key");
 			
 			// Vor dem CreateWebHook
-			$this->shop->update_option('wpsg_mod_paypal_sandbox', $_REQUEST['wpsg_mod_paypal_sandbox']);
+			$this->shop->update_option('wpsg_mod_paypal_sandbox', $_REQUEST['wpsg_mod_paypal_sandbox'], false, false, "key");
 						
 			// Classic API
-			$this->shop->update_option('wpsg_mod_paypal_email', $_REQUEST['wpsg_mod_paypal_email']);
+			$this->shop->update_option('wpsg_mod_paypal_email', $_REQUEST['wpsg_mod_paypal_email'], false, false, "email");
 			
 			// Rest API
-			$this->shop->update_option('wpsg_mod_paypal_clientid', $_REQUEST['wpsg_mod_paypal_clientid']);
-			$this->shop->update_option('wpsg_mod_paypal_secret', $_REQUEST['wpsg_mod_paypal_secret']);
+			$this->shop->update_option('wpsg_mod_paypal_clientid', $_REQUEST['wpsg_mod_paypal_clientid'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_paypal_secret', $_REQUEST['wpsg_mod_paypal_secret'], false, false, "text_field");
 			
 			if (wpsg_isSizedInt($_REQUEST['wpsg_mod_paypal_createwebhook']))
@@ -109,20 +112,20 @@
 				
 			}
-			
+
 			$this->shop->update_option('wpsg_mod_paypal_stornostate', $_REQUEST['wpsg_mod_paypal_stornostate']);
 			
-			$this->shop->update_option('wpsg_mod_paypal_subject', $_REQUEST['wpsg_mod_paypal_subject']);
-			$this->shop->addTranslationString('wpsg_mod_paypal_hint', $_REQUEST['wpsg_mod_paypal_hint']);
-			
-			$this->shop->update_option('wpsg_mod_paypal_currency', $_REQUEST['wpsg_mod_paypal_currency']);
-			$this->shop->update_option('wpsg_mod_paypal_autostart', $_REQUEST['wpsg_mod_paypal_autostart']);			
-			$this->shop->update_option('wpsg_mod_paypal_mwstland', $_REQUEST['wpsg_mod_paypal_mwstland']);
-			$this->shop->update_option('wpsg_mod_paypal_language', $_REQUEST['wpsg_mod_paypal_language']);
-			
-			$this->shop->createPage(__('Erfolgreiche PayPal Zahlung', 'wpsg'), 'wpsg_page_mod_paypal_success', $_REQUEST['wpsg_page_mod_paypal_success']);
-			$this->shop->createPage(__('Fehlgeschlagene PayPal Zahlung', 'wpsg'), 'wpsg_page_mod_paypal_error', $_REQUEST['wpsg_page_mod_paypal_error']);
-			
-			$this->shop->addTranslationString('mod_paypal_bezeichnung', $_REQUEST['mod_paypal_bezeichnung']);
-			$this->shop->addTranslationString('wpsg_mod_paypal_hint', $_REQUEST['wpsg_mod_paypal_hint']);
+			$this->shop->update_option('wpsg_mod_paypal_subject', $_REQUEST['wpsg_mod_paypal_subject'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_paypal_hint', wpsg_sanitize("text_field", $_REQUEST['wpsg_mod_paypal_hint']) ?: $this->shop->get_option('wpsg_mod_paypal_hint'));
+			
+			$this->shop->update_option('wpsg_mod_paypal_currency', $_REQUEST['wpsg_mod_paypal_currency'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_paypal_autostart', $_REQUEST['wpsg_mod_paypal_autostart'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_paypal_mwstland', $_REQUEST['wpsg_mod_paypal_mwstland'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_paypal_language', $_REQUEST['wpsg_mod_paypal_language'], false, false, "text_field");
+			
+			$this->shop->createPage(__('Erfolgreiche PayPal Zahlung', 'wpsg'), 'wpsg_page_mod_paypal_success', wpsg_sinput("key", $_REQUEST['wpsg_page_mod_paypal_success']));
+			$this->shop->createPage(__('Fehlgeschlagene PayPal Zahlung', 'wpsg'), 'wpsg_page_mod_paypal_error', wpsg_sinput("key", $_REQUEST['wpsg_page_mod_paypal_error']));
+			
+			$this->shop->addTranslationString('mod_paypal_bezeichnung', wpsg_sanitize("text_field", $_REQUEST['mod_paypal_bezeichnung']) ?: $this->shop->get_option('mod_paypal_bezeichnung'));
+			$this->shop->addTranslationString('wpsg_mod_paypal_hint', wpsg_sanitize("text_field", $_REQUEST['wpsg_mod_paypal_hint']) ?: $this->shop->get_option('wpsg_mod_paypal_hint'));
 			
 		} // public function settings_save()
@@ -140,5 +143,7 @@
 			if (wpsg_isSizedString($_REQUEST['do'], 'refresh'))
 			{
-		
+
+				$_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+
 				$state = $this->getPaymentState($_REQUEST['edit_id']);
 		
@@ -314,12 +319,12 @@
 									"title" => __("PayPal VERIFIED", "wpsg"),
 									"cdate" => "NOW()",
-									"o_id" => wpsg_q($_REQUEST['custom']),
+									"o_id" => wpsg_q(wpsg_xss($_REQUEST['custom'])),
 									"mailtext" => wpsg_q(htmlentities(print_r($_REQUEST, 1), ENT_IGNORE))
 								));
 							
-								if ($this->shop->setPayMent($_REQUEST['custom'], $_REQUEST['mc_gross']))
+								if ($this->shop->setPayMent(wpsg_xss($_REQUEST['custom']), $_REQUEST['mc_gross']))
 								{
 									
-									$this->shop->setOrderStatus($_REQUEST['custom'], 100, true);
+									$this->shop->setOrderStatus(wpsg_xss($_REQUEST['custom']), 100, true);
 									
 								}
@@ -334,5 +339,5 @@
 								"title" => __("PayPal FAILED", "wpsg"),
 								"cdate" => "NOW()",
-								"o_id" => wpsg_q($_REQUEST['custom']),
+								"o_id" => wpsg_q(wpsg_xss($_REQUEST['custom'])),
 								"mailtext" => wpsg_q(wpsg_hspc(print_r($_REQUEST, 1)))
 							));
@@ -493,5 +498,5 @@
 			if (!wpsg_isSizedInt($_REQUEST['order_id'])) throw new \wpsg\Exception(__('Beim start der Zahlung wurde keine BestellID ÃŒbergeben.', 'wpsg'));
 				
-			$oOrder = wpsg_order::getInstance($_REQUEST['order_id']);
+			$oOrder = wpsg_order::getInstance(wpsg_sinput("key", $_REQUEST['order_id']));
 			$paymentId = $oOrder->getMeta('wpsg_mod_paypal_paymentid');
 				
@@ -666,8 +671,8 @@
 		{
 		
-			$payment = \PayPal\Api\Payment::get($_REQUEST['paymentId'], $this->getApiContext());
+			$payment = \PayPal\Api\Payment::get(wpsg_sinput("key", $_REQUEST['paymentId']), $this->getApiContext());
 		
 			$execution = new \PayPal\Api\PaymentExecution();
-			$execution->setPayerId($_REQUEST['PayerID']);
+			$execution->setPayerId(wpsg_sinput("key", $_REQUEST['PayerID']));
 		
 			try
Index: /mods/wpsg_mod_paypalapi.class.php
===================================================================
--- /mods/wpsg_mod_paypalapi.class.php	(revision 7397)
+++ /mods/wpsg_mod_paypalapi.class.php	(revision 7398)
@@ -85,39 +85,42 @@
 		public function settings_save()
 		{
-			
-			$this->shop->update_option('wpsg_mod_paypalapi_clientid', $_REQUEST['wpsg_mod_paypalapi_clientid']);
-			$this->shop->update_option('wpsg_mod_paypalapi_secret', $_REQUEST['wpsg_mod_paypalapi_secret']);
-			$this->shop->update_option('wpsg_mod_paypalapi_sandbox', $_REQUEST['wpsg_mod_paypalapi_sandbox']);
-			$this->shop->update_option('wpsg_mod_paypalapi_sandbox_clientid', $_REQUEST['wpsg_mod_paypalapi_sandbox_clientid']);
-			$this->shop->update_option('wpsg_mod_paypalapi_sandbox_secret', $_REQUEST['wpsg_mod_paypalapi_sandbox_secret']);
-			$this->shop->update_option('wpsg_mod_paypalapi_currency', $_REQUEST['wpsg_mod_paypalapi_currency']);
-			$this->shop->update_option('wpsg_mod_paypalapi_webhook_log', $_REQUEST['wpsg_mod_paypalapi_webhook_log']);
-			$this->shop->update_option('wpsg_mod_paypalapi_webhook_logfile', $_REQUEST['wpsg_mod_paypalapi_webhook_logfile']);
-			
-			$this->shop->update_option('wpsg_mod_paypalapi_gebuehr', wpsg_tf($_REQUEST['wpsg_mod_paypalapi_gebuehr'], true));
-			$this->shop->update_option('wpsg_mod_paypalapi_mwst', $_REQUEST['wpsg_mod_paypalapi_mwst']);
-			$this->shop->update_option('wpsg_mod_paypalapi_mwstland', $_REQUEST['wpsg_mod_paypalapi_mwstland']);
-			
-			$this->shop->update_option('wpsg_mod_paypalapi_stornostate', $_REQUEST['wpsg_mod_paypalapi_stornostate']);
-			
-			$this->shop->update_option('wpsg_mod_paypalapi_aktiv', $_REQUEST['wpsg_mod_paypalapi_aktiv']);
-			$this->shop->update_option('wpsg_mod_paypalapi_paypalexpress', $_REQUEST['wpsg_mod_paypalapi_paypalexpress']);
-			$this->shop->update_option('wpsg_mod_paypalapi_paypalexpress_name', $_REQUEST['wpsg_mod_paypalapi_paypalexpress_name'], false, true);
-			$this->shop->update_option('wpsg_mod_paypalapi_plus_hint', $_REQUEST['wpsg_mod_paypalapi_plus_hint'], false, true);
-			$this->shop->update_option('wpsg_mod_paypalapi_paypalexpress_subject', $_REQUEST['wpsg_mod_paypalapi_paypalexpress_subject']);
-			$this->shop->update_option('wpsg_mod_paypalapi_paypalexpress_forceSSL', $_REQUEST['wpsg_mod_paypalapi_paypalexpress_forceSSL']);
-			$this->shop->update_option('wpsg_mod_paypalapi_autostart', $_REQUEST['wpsg_mod_paypalapi_autostart']);
-			$this->shop->update_option('wpsg_mod_paypalapi_paypalexpress_details', $_REQUEST['wpsg_mod_paypalapi_paypalexpress_details']);
-			
-			$this->shop->update_option('wpsg_mod_paypalapi_experience_label', $_REQUEST['wpsg_mod_paypalapi_experience_label'], false, true);
-			$this->shop->update_option('wpsg_mod_paypalapi_experience_logo', $_REQUEST['wpsg_mod_paypalapi_experience_logo']);
-			$this->shop->update_option('wpsg_mod_paypalapi_experience_locale_code', $_REQUEST['wpsg_mod_paypalapi_experience_locale_code']);
-
-			$this->shop->update_option('wpsg_mod_paypalapi_plus_aktiv', $_REQUEST['wpsg_mod_paypalapi_plus_aktiv']);
-			$this->shop->update_option('wpsg_mod_paypalapi_plus_basket', $_REQUEST['wpsg_mod_paypalapi_plus_basket']);
+
+			foreach($_REQUEST['wpsg_mod_paypalapi_stornostate'] as $k => $v)
+				$_REQUEST['wpsg_mod_paypalapi_stornostate'][$k] = wpsg_sinput("key", $v);
+
+			$this->shop->update_option('wpsg_mod_paypalapi_clientid', $_REQUEST['wpsg_mod_paypalapi_clientid'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_paypalapi_secret', $_REQUEST['wpsg_mod_paypalapi_secret'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_paypalapi_sandbox', $_REQUEST['wpsg_mod_paypalapi_sandbox'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_paypalapi_sandbox_clientid', $_REQUEST['wpsg_mod_paypalapi_sandbox_clientid'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_paypalapi_sandbox_secret', $_REQUEST['wpsg_mod_paypalapi_sandbox_secret'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_paypalapi_currency', $_REQUEST['wpsg_mod_paypalapi_currency'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_paypalapi_webhook_log', $_REQUEST['wpsg_mod_paypalapi_webhook_log'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_paypalapi_webhook_logfile', $_REQUEST['wpsg_mod_paypalapi_webhook_logfile'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_paypalapi_gebuehr', $_REQUEST['wpsg_mod_paypalapi_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_paypalapi_mwst', $_REQUEST['wpsg_mod_paypalapi_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_paypalapi_mwstland', $_REQUEST['wpsg_mod_paypalapi_mwstland'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_paypalapi_stornostate', $_REQUEST['wpsg_mod_paypalapi_stornostate']); // Sanitized at begin of function call
+			
+			$this->shop->update_option('wpsg_mod_paypalapi_aktiv', $_REQUEST['wpsg_mod_paypalapi_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_paypalapi_paypalexpress', $_REQUEST['wpsg_mod_paypalapi_paypalexpress'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_paypalapi_paypalexpress_name', $_REQUEST['wpsg_mod_paypalapi_paypalexpress_name'], false, true, "text_field");
+			$this->shop->update_option('wpsg_mod_paypalapi_plus_hint', $_REQUEST['wpsg_mod_paypalapi_plus_hint'], false, true, "text_field");
+			$this->shop->update_option('wpsg_mod_paypalapi_paypalexpress_subject', $_REQUEST['wpsg_mod_paypalapi_paypalexpress_subject'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_paypalapi_paypalexpress_forceSSL', $_REQUEST['wpsg_mod_paypalapi_paypalexpress_forceSSL'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_paypalapi_autostart', $_REQUEST['wpsg_mod_paypalapi_autostart'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_paypalapi_paypalexpress_details', $_REQUEST['wpsg_mod_paypalapi_paypalexpress_details'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_paypalapi_experience_label', $_REQUEST['wpsg_mod_paypalapi_experience_label'], false, true, "text_field");
+			$this->shop->update_option('wpsg_mod_paypalapi_experience_logo', $_REQUEST['wpsg_mod_paypalapi_experience_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_paypalapi_experience_locale_code', $_REQUEST['wpsg_mod_paypalapi_experience_locale_code'], false, false, "text_field");
+
+			$this->shop->update_option('wpsg_mod_paypalapi_plus_aktiv', $_REQUEST['wpsg_mod_paypalapi_plus_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_paypalapi_plus_basket', $_REQUEST['wpsg_mod_paypalapi_plus_basket'], false, false, "key");
 			
 			// WebHook
 			if (wpsg_isSizedInt($_REQUEST['wpsg_mod_paypalapi_create'])) $this->createWebHook();
-			
+
 			// PaymentExperience
 			if (wpsg_isSizedString($_REQUEST['wpsg_mod_paypalapi_clientid']) && wpsg_isSizedString($_REQUEST['wpsg_mod_paypalapi_secret']))
@@ -344,5 +347,7 @@
 		public function order_ajax()
 		{
-			
+
+			$_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+
 			if (wpsg_isSizedString($_REQUEST['do'], 'refund'))
 			{
@@ -648,5 +653,8 @@
 		public function returnPayPalExpressRedirect()
 		{
-			
+
+			$_REQUEST['paymentId'] = wpsg_sinput("key", $_REQUEST['paymentId']);
+			$_REQUEST['PayerID'] = wpsg_sinput("key", $_REQUEST['PayerID']);
+
 			$json_data = $this->api_getPaymentInfo($_REQUEST['paymentId']);
 
@@ -775,5 +783,5 @@
 		{
 			
-			$_SESSION['wpsg']['checkout']['payment'] = $_REQUEST['payment_id'];
+			$_SESSION['wpsg']['checkout']['payment'] = wpsg_sinput("key", $_REQUEST['payment_id']);
 			
 			$this->shop->redirect($this->shop->getUrl(wpsg_ShopController::URL_OVERVIEW));
@@ -1522,5 +1530,5 @@
 			{
 				
-				$oOrder = wpsg_order::getInstance($_REQUEST['edit_id']);
+				$oOrder = wpsg_order::getInstance(wpsg_sinput("key", $_REQUEST['edit_id']));
 				$oOrder->log('PayPal API Fehler', $errorValue);
 				
Index: /mods/wpsg_mod_prepayment.class.php
===================================================================
--- /mods/wpsg_mod_prepayment.class.php	(revision 7397)
+++ /mods/wpsg_mod_prepayment.class.php	(revision 7398)
@@ -51,18 +51,18 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_prepayment_bezeichnung', $_REQUEST['wpsg_mod_prepayment_bezeichnung']);
-			$this->shop->update_option('wpsg_mod_prepayment_aktiv', $_REQUEST['wpsg_mod_prepayment_aktiv']);
-			$this->shop->update_option('wpsg_mod_prepayment_hint', $_REQUEST['wpsg_mod_prepayment_hint']);
-			$this->shop->update_option('wpsg_mod_prepayment_gebuehr', wpsg_tf($_REQUEST['wpsg_mod_prepayment_gebuehr'], true));
-			$this->shop->update_option('wpsg_mod_prepayment_mwst', $_REQUEST['wpsg_mod_prepayment_mwst']);
-			$this->shop->update_option('wpsg_mod_prepayment_mwstland', $_REQUEST['wpsg_mod_prepayment_mwstland']);
-			$this->shop->update_option('wpsg_mod_prepayment_kinhaber', $_REQUEST['wpsg_mod_prepayment_kinhaber']);		
-			$this->shop->update_option('wpsg_mod_prepayment_bank', $_REQUEST['wpsg_mod_prepayment_bank']);
-			$this->shop->update_option('wpsg_mod_prepayment_iban', $_REQUEST['wpsg_mod_prepayment_iban']);
-			$this->shop->update_option('wpsg_mod_prepayment_swift', $_REQUEST['wpsg_mod_prepayment_swift']);
-			$this->shop->update_option('wpsg_mod_prepayment_subject', $_REQUEST['wpsg_mod_prepayment_subject']);
-			
-			$this->shop->addTranslationString('wpsg_mod_prepayment_bezeichnung', $_REQUEST['wpsg_mod_prepayment_bezeichnung']);
-			$this->shop->addTranslationString('wpsg_mod_prepayment_hint', $_REQUEST['wpsg_mod_prepayment_hint']);
+			$this->shop->update_option('wpsg_mod_prepayment_bezeichnung', $_REQUEST['wpsg_mod_prepayment_bezeichnung'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_prepayment_aktiv', $_REQUEST['wpsg_mod_prepayment_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_prepayment_hint', $_REQUEST['wpsg_mod_prepayment_hint'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_prepayment_gebuehr', $_REQUEST['wpsg_mod_prepayment_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_prepayment_mwst', $_REQUEST['wpsg_mod_prepayment_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_prepayment_mwstland', $_REQUEST['wpsg_mod_prepayment_mwstland'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_prepayment_kinhaber', $_REQUEST['wpsg_mod_prepayment_kinhaber'], false, false, "user");
+			$this->shop->update_option('wpsg_mod_prepayment_bank', $_REQUEST['wpsg_mod_prepayment_bank'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_prepayment_iban', $_REQUEST['wpsg_mod_prepayment_iban'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_prepayment_swift', $_REQUEST['wpsg_mod_prepayment_swift'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_prepayment_subject', $_REQUEST['wpsg_mod_prepayment_subject'], false, false, "text_field");
+			
+			$this->shop->addTranslationString('wpsg_mod_prepayment_bezeichnung', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_prepayment_bezeichnung']));
+			$this->shop->addTranslationString('wpsg_mod_prepayment_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_prepayment_hint']));
 			
 		} // public function settings_save()
@@ -216,5 +216,5 @@
 				header("Content-Type: image/png");
 				
-				readfile(WPSG_PATH_UPLOADS.'wpsg_girocode/'.intval($_REQUEST['order_id']).'.png');
+				readfile(WPSG_PATH_UPLOADS.'wpsg_girocode/'.intval(wpsg_sinput("key", $_REQUEST['order_id'])).'.png');
 				
 			}
Index: /mods/wpsg_mod_productgroups.class.php
===================================================================
--- /mods/wpsg_mod_productgroups.class.php	(revision 7397)
+++ /mods/wpsg_mod_productgroups.class.php	(revision 7398)
@@ -98,8 +98,8 @@
 		{
 			
-			$this->shop->update_option('wpsg_productgroups_page', $_REQUEST['wpsg_productgroups_page']);
-			$this->shop->update_option('wpsg_productgroups_order', $_REQUEST['wpsg_productgroups_order']);
-			$this->shop->update_option('wpsg_mod_productgroups_order_filter', $_REQUEST['wpsg_mod_productgroups_order_filter']);
-			$this->shop->update_option('wpsg_mod_productgroups_productindex', $_REQUEST['wpsg_mod_productgroups_productindex']); 
+			$this->shop->update_option('wpsg_productgroups_page', $_REQUEST['wpsg_productgroups_page'], false, false, "key");
+			$this->shop->update_option('wpsg_productgroups_order', $_REQUEST['wpsg_productgroups_order'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_productgroups_order_filter', $_REQUEST['wpsg_mod_productgroups_order_filter'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_productgroups_productindex', $_REQUEST['wpsg_mod_productgroups_productindex'], false, false, "key");
 						
 		} // public function settings_save()
@@ -230,6 +230,6 @@
 			$data = array(
 				'produkt_id' => wpsg_q($produkt_id),
-				'von' => wpsg_q(strtotime($_REQUEST['wpsg_productgroup_sticky_von'])),
-				'bis' => wpsg_q(strtotime($_REQUEST['wpsg_productgroup_sticky_bis']))
+				'von' => wpsg_q(strtotime(wpsg_xss($_REQUEST['wpsg_productgroup_sticky_von']))),
+				'bis' => wpsg_q(strtotime(wpsg_xss($_REQUEST['wpsg_productgroup_sticky_bis'])))
 			);
 
@@ -704,10 +704,10 @@
 
 			$data = array(
-				'name' => wpsg_q($_REQUEST['wpsg_mod_productgroups_name']),
-				'template_file' => wpsg_q($_REQUEST['wpsg_mod_productgroups_template']),
-				'infopage' => wpsg_q($_REQUEST['wpsg_mod_productgroups_infopage']),
-				'stock_aktiv' => wpsg_q($_REQUEST['wpsg_mod_productgroups']['stock_aktiv']),
-				'stock_value' => wpsg_q($_REQUEST['wpsg_mod_productgroups']['stock_value']),
-				'lang' => wpsg_q(serialize(wpsg_getArray($_REQUEST['lang'])))
+				'name' => wpsg_q(wpsg_sinput("text_field", $_REQUEST['wpsg_mod_productgroups_name'])),
+				'template_file' => wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_productgroups_template'])),
+				'infopage' => wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_productgroups_infopage'])),
+				'stock_aktiv' => wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_productgroups']['stock_aktiv'])),
+				'stock_value' => wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_productgroups']['stock_value'])),
+				'lang' => wpsg_q(serialize(wpsg_getArray(wpsg_xss($_REQUEST['lang']))))
 			);
 
Index: /mods/wpsg_mod_productvariants.class.php
===================================================================
--- /mods/wpsg_mod_productvariants.class.php	(revision 7397)
+++ /mods/wpsg_mod_productvariants.class.php	(revision 7398)
@@ -120,7 +120,7 @@
 		{
 
-			$this->shop->update_option('wpsg_mod_productvariants_price', $_REQUEST['wpsg_mod_productvariants_price']);
-			$this->shop->update_option('wpsg_vp_detailview', $_REQUEST['wpsg_vp_detailview']);
-			$this->shop->update_option('wpsg_vp_replaceanr', $_REQUEST['wpsg_vp_replaceanr']);
+			$this->shop->update_option('wpsg_mod_productvariants_price', $_REQUEST['wpsg_mod_productvariants_price'], false, false, "key");
+			$this->shop->update_option('wpsg_vp_detailview', $_REQUEST['wpsg_vp_detailview'], false, false, "key");
+			$this->shop->update_option('wpsg_vp_replaceanr', wpsg_xss($_REQUEST['wpsg_vp_replaceanr']));
 
 		} // public function settings_save()
@@ -532,4 +532,6 @@
         	//error_reporting(E_ALL);
 
+	        $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+
         	if (isset($_REQUEST['cmd']) && $_REQUEST['cmd'] == 'wpsg_vp_add')
         	{
@@ -538,6 +540,6 @@
 
         		$data = array(
-        				"name" => $_REQUEST['name'],
-        				"typ" => $_REQUEST['typ'],
+        				"name" => wpsg_sinput("text_field", $_REQUEST['name']),
+        				"typ" => wpsg_sinput("key", $_REQUEST['typ']),
         				"aktiv" => "1"
         		);
@@ -771,4 +773,6 @@
         		if ($_REQUEST['typ'] == "vari_name")
         		{
+
+        			$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
 
         			if (wpsg_isSizedString($_REQUEST['wpsg_lang']))
@@ -785,4 +789,6 @@
         		{
 
+			        $_REQUEST['value'] = wpsg_xss($_REQUEST['value']);
+
         			if (wpsg_isSizedString($_REQUEST['wpsg_lang']))
         			{
@@ -798,5 +804,6 @@
         		{
 
-        			$_REQUEST['value'] = wpsg_tf($_REQUEST['value']);
+			        $_REQUEST['value'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['value'], "isFloat"));
+
         			$vp_data[$_REQUEST['var_id']]['vari'][$_REQUEST['vari_id']]['preis'] = $_REQUEST['value'];
         			$_REQUEST['value'] = wpsg_ff($_REQUEST['value'], $this->shop->get_option('wpsg_currency'));
@@ -806,8 +813,10 @@
         		{
 
+			        $_REQUEST['value'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['value'], "isFloat"));
+
         			$arFeinheiten = explode(',', $this->shop->get_option('wpsg_mod_fuellmenge_einheit'));
 
-        			$_REQUEST['value'] = wpsg_ff(wpsg_tf($_REQUEST['value']), $arFeinheiten[$product_data['feinheit']]);
-        			$vp_data[$_REQUEST['var_id']]['vari'][$_REQUEST['vari_id']]['fmenge'] = wpsg_tf($_REQUEST['value']);
+        			$_REQUEST['value'] = wpsg_ff($_REQUEST['value'], $arFeinheiten[$product_data['feinheit']]);
+        			$vp_data[$_REQUEST['var_id']]['vari'][$_REQUEST['vari_id']]['fmenge'] = $_REQUEST['value'];
 
         		}
@@ -815,5 +824,6 @@
         		{
 
-        			$_REQUEST['value'] = wpsg_tf($_REQUEST['value']);
+			        $_REQUEST['value'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['value'], "isFloat"));
+
         			$vp_data[$_REQUEST['var_id']]['vari'][$_REQUEST['vari_id']]['weight'] = $_REQUEST['value'];
 
@@ -822,5 +832,5 @@
         		{
 
-        			$_REQUEST['value'] = intval($_REQUEST['value']);
+        			$_REQUEST['value'] = intval(wpsg_sinput("key", $_REQUEST['value']));
         			$vp_data[$_REQUEST['var_id']]['vari'][$_REQUEST['vari_id']]['stock'] = $_REQUEST['value'];
 
@@ -829,5 +839,5 @@
 		        {
 
-			        $_REQUEST['value'] = intval($_REQUEST['value']);
+			        $_REQUEST['value'] = intval(wpsg_sinput("key", $_REQUEST['value']));
 			        $vp_data[$_REQUEST['var_id']]['vari'][$_REQUEST['vari_id']]['min_stock'] = $_REQUEST['value'];
 
@@ -835,4 +845,6 @@
         		else if ($_REQUEST['typ'] == "var_name")
         		{
+
+			        $_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
 
         			if (wpsg_isSizedString($_REQUEST['wpsg_lang']))
@@ -849,5 +861,5 @@
         		{
 
-        			$_REQUEST['value'] = wpsg_tf($_REQUEST['value']);
+        			$_REQUEST['value'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['value'], "isFloat"));
         			$vp_data[$_REQUEST['var_id']]['preis'] = $_REQUEST['value'];
         			$_REQUEST['value'] = wpsg_ff($_REQUEST['value'], $this->shop->get_option('wpsg_currency'));
@@ -857,5 +869,5 @@
         		{
 
-        			$_REQUEST['value'] = wpsg_tf($_REQUEST['value']);
+        			$_REQUEST['value'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['value'], "isFloat"));
         			$vp_data[$_REQUEST['var_id']]['weight'] = $_REQUEST['value'];
 
@@ -866,10 +878,12 @@
         			$arFeinheiten = explode(',', $this->shop->get_option('wpsg_mod_fuellmenge_einheit'));
 
-        			$_REQUEST['value'] = wpsg_ff(wpsg_tf($_REQUEST['value']), $arFeinheiten[$product_data['feinheit']]);
-        			$vp_data[$_REQUEST['var_id']]['fmenge'] = wpsg_tf($_REQUEST['value']);
+        			$_REQUEST['value'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['value'], "isFloat"), $arFeinheiten[$product_data['feinheit']]);
+        			$vp_data[$_REQUEST['var_id']]['fmenge'] = $_REQUEST['value'];
 
         		}
         		else if ($_REQUEST['typ'] == "var_artnr")
         		{
+
+			        $_REQUEST['value'] = wpsg_xss($_REQUEST['value']);
 
         			if (wpsg_isSizedString($_REQUEST['wpsg_lang']))
@@ -886,5 +900,5 @@
         		{
 
-        			$_REQUEST['value'] = intval($_REQUEST['value']);
+        			$_REQUEST['value'] = intval(wpsg_sinput("key", $_REQUEST['value']));
         			$vp_data[$_REQUEST['var_id']]['stock'] = $_REQUEST['value'];
 
@@ -893,5 +907,5 @@
 		        {
 
-			        $_REQUEST['value'] = intval($_REQUEST['value']);
+			        $_REQUEST['value'] = intval(wpsg_sinput("key", $_REQUEST['value']));
 			        $vp_data[$_REQUEST['var_id']]['min_stock'] = $_REQUEST['value'];
 
@@ -900,5 +914,5 @@
         		$this->saveVariantsData($vp_data);
 
-        		die(strval($_REQUEST['value']));
+        		die(strval(wpsg_xss($_REQUEST['value'])));
 
         	}
@@ -1428,7 +1442,12 @@
 		{
 
+			$_REQUEST['product_id'] = wpsg_sinput("key", $_REQUEST['product_id']);
+			$_REQUEST['variant_id'] = wpsg_sinput("key", $_REQUEST['variant_id']);
+
 			$this->shop->view['product_id'] = wpsg_getStr($_REQUEST['product_id'], '0');
 			$this->shop->view['variant'] = $this->getVariant($_REQUEST['variant_id']);
 			$this->shop->view['arVariation'] = $this->getVariationOfVariant($_REQUEST['variant_id'], $_REQUEST['product_id']);
+
+			//die(wpsg_debug($this->shop->view['arVariation']));
 
 			die($this->shop->render(WPSG_PATH_VIEW.'/mods/mod_productvariants/admin_edit.phtml'));
@@ -1568,7 +1587,11 @@
 		{
 
+			$_REQUEST['field'] = wpsg_sinput("text_field", $_REQUEST['field']);
+
 			if (wpsg_isSizedString($_REQUEST['field'], 'name'))
 			{
 
+				$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+
 				$this->db->UpdateQuery(WPSG_TBL_VARIANTS, array('name' => wpsg_q($_REQUEST['value'])), " `id` = '".wpsg_q($_REQUEST['field_id'])."' ");
 
@@ -1577,5 +1600,5 @@
 			{
 
-				$this->db->UpdateQuery(WPSG_TBL_VARIANTS, array('type' => wpsg_q($_REQUEST['value'])), " `id` = '".wpsg_q($_REQUEST['field_id'])."' ");
+				$this->db->UpdateQuery(WPSG_TBL_VARIANTS, array('type' => wpsg_q(wpsg_sinput("key", $_REQUEST['value']))), " `id` = '".wpsg_q(wpsg_sinput("key", $_REQUEST['field_id']))."' ");
 				die(self::$arTypeLabel[$_REQUEST['value']]);
 
@@ -1602,4 +1625,6 @@
 			{
 
+				$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+
 				$this->db->UpdateQuery(WPSG_TBL_VARIANTS_VARI, array('name' => wpsg_q($_REQUEST['value'])), " `id` = '".wpsg_q($_REQUEST['field_id'])."' ");
 
@@ -1607,4 +1632,6 @@
 			else if (wpsg_isSizedString($_REQUEST['field'], 'vari_shortname'))
 			{
+
+				$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
 
 				$this->db->UpdateQuery(WPSG_TBL_VARIANTS_VARI, array('shortname' => wpsg_q($_REQUEST['value'])), " `id` = '".wpsg_q($_REQUEST['field_id'])."' ");
@@ -1630,9 +1657,21 @@
 			else if (preg_match('/vari_(.*)/', $_REQUEST['field']))
 			{
+
 				$value = $_REQUEST['value'];
 				$f = $_REQUEST['field'];
-				if (($f == 'vari_price') || ($f == 'vari_stock') || ($f == 'vari_min_stock') || ($f == 'vari_weight')) {
-					$value =  wpsg_tf($value);
-				}
+
+				if (($f == 'vari_fmenge') || ($f == 'vari_stock') || ($f == 'vari_min_stock') || ($f == 'vari_weight'))
+					$value = $_REQUEST['value'] = wpsg_tf(wpsg_sinput("key", $value, "isFloat"));
+
+				else
+				{
+
+					if($f == 'vari_anr') $value = $_REQUEST['value'] = wpsg_xss($value);
+					else $value = $_REQUEST['value'] = wpsg_sinput("text_field", $value);
+
+					if($f == 'vari_price') $value = str_replace(",", ".", $value);
+
+				}
+
 				$this->setProductVariation($_REQUEST['product_id'], $_REQUEST['field_id'], substr($_REQUEST['field'], 5), $value);
 
Index: /mods/wpsg_mod_productvars.class.php
===================================================================
--- /mods/wpsg_mod_productvars.class.php	(revision 7397)
+++ /mods/wpsg_mod_productvars.class.php	(revision 7398)
@@ -67,8 +67,8 @@
 		{
 
-			$this->shop->update_option('wpsg_mod_productvars_showProduct', $_REQUEST['wpsg_mod_productvars_showProduct']);
-			$this->shop->update_option('wpsg_mod_productvars_showBasket', $_REQUEST['wpsg_mod_productvars_showBasket']);
-			$this->shop->update_option('wpsg_mod_productvars_showOverview', $_REQUEST['wpsg_mod_productvars_showOverview']);
-			$this->shop->update_option('wpsg_mod_productvars_showMail', $_REQUEST['wpsg_mod_productvars_showMail']);
+			$this->shop->update_option('wpsg_mod_productvars_showProduct', $_REQUEST['wpsg_mod_productvars_showProduct'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_productvars_showBasket', $_REQUEST['wpsg_mod_productvars_showBasket'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_productvars_showOverview', $_REQUEST['wpsg_mod_productvars_showOverview'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_productvars_showMail', $_REQUEST['wpsg_mod_productvars_showMail'], false, false, "key");
 
 		}
@@ -130,4 +130,6 @@
 				if ($_REQUEST['field'] == 'name') {
 
+					$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+
 					$data['name'] = wpsg_q($_REQUEST['value']);
 					$this->shop->addTranslationString('wpsg_mod_productvars_'.$_REQUEST['pv_id'], $_REQUEST['value']);
@@ -135,10 +137,10 @@
 
 				}
-				else if ($_REQUEST['field'] == 'pflicht') { $data['pflicht'] = wpsg_q($_REQUEST['value']); $value = $_REQUEST['value']; }
-				else if ($_REQUEST['field'] == 'typ') { $data['typ'] = wpsg_q($_REQUEST['value']); $value = $this->arTypen[$_REQUEST['value']]; }
+				else if ($_REQUEST['field'] == 'pflicht') { $data['pflicht'] = wpsg_q(wpsg_sinput("key", $_REQUEST['value'])); $value = wpsg_sinput("key", $_REQUEST['value']); }
+				else if ($_REQUEST['field'] == 'typ') { $data['typ'] = wpsg_q(wpsg_sinput("key", $_REQUEST['value'])); $value = $this->arTypen[wpsg_sinput("key", $_REQUEST['value'])]; }
 				else if ($_REQUEST['field'] == 'auswahl') {
 
 					$data['auswahl'] = wpsg_q($_REQUEST['value']);
-					$this->shop->addTranslationString('wpsg_mod_productvars_auswahl'.$_REQUEST['pv_id'], $_REQUEST['value']);
+					$this->shop->addTranslationString('wpsg_mod_productvars_auswahl'.$_REQUEST['pv_id'], wpsg_sinput("key", $_REQUEST['value']));
 					$value = $_REQUEST['value'];
 
@@ -176,5 +178,5 @@
 				foreach ((array)$_REQUEST['wpsg_pv'] as $k => $v) { if ($v != '1') unset($_REQUEST['wpsg_pv'][$k]); }
 
-				$this->db->UpdateQuery(WPSG_TBL_PRODUCTS, array('produktvars' => implode(",", array_keys((array)$_REQUEST['wpsg_pv']))), "`id` = '".wpsg_q($produkt_id)."'");
+				$this->db->UpdateQuery(WPSG_TBL_PRODUCTS, array('produktvars' => wpsg_sinput("text_field", implode(",", array_keys((array)$_REQUEST['wpsg_pv'])))), "`id` = '".wpsg_q($produkt_id)."'");
 			}
 
@@ -384,5 +386,5 @@
 		{
 
-			$this->shop->update_option('wpsg_mod_productvars_showvariprice', $_REQUEST['wpsg_mod_productvars_showvariprice']);
+			$this->shop->update_option('wpsg_mod_productvars_showvariprice', $_REQUEST['wpsg_mod_productvars_showvariprice'], false, false, "key");
 
 		} // public function admin_presentation_submit()
Index: /mods/wpsg_mod_produktartikel.class.php
===================================================================
--- /mods/wpsg_mod_produktartikel.class.php	(revision 7397)
+++ /mods/wpsg_mod_produktartikel.class.php	(revision 7398)
@@ -108,5 +108,5 @@
         public function be_ajax()
         {
-    
+
             if (wpsg_isSizedString($_REQUEST['do'], 'setWPMLPathKey'))
             {
@@ -320,30 +320,33 @@
         public function settings_save()
         {
-    
+
             global $wpdb;
-    
-            $this->shop->update_option('wpsg_mod_produktartikel_showHome', $_REQUEST['wpsg_mod_produktartikel_showHome']);
-            $this->shop->update_option('wpsg_mod_produktartikel_showCategory', $_REQUEST['wpsg_mod_produktartikel_showCategory']);
-            $this->shop->update_option('wpsg_mod_produktartikel_showFeed', $_REQUEST['wpsg_mod_produktartikel_showFeed']);
-            $this->shop->update_option('wpsg_mod_produktartikel_showSearch', $_REQUEST['wpsg_mod_produktartikel_showSearch']);
-            $this->shop->update_option('wpsg_mod_produktartikel_onlyMainQuery', $_REQUEST['wpsg_mod_produktartikel_onlyMainQuery']);
-    
-            $this->shop->update_option('wpsg_mod_produktartikel_hometemplate', $_REQUEST['wpsg_mod_produktartikel_hometemplate']);
-            $this->shop->update_option('wpsg_mod_produktartikel_listtemplate', $_REQUEST['wpsg_mod_produktartikel_listtemplate']);
-            $this->shop->update_option('wpsg_mod_produktartikel_searchtemplate', $_REQUEST['wpsg_mod_produktartikel_searchtemplate']);
-    
-            $this->shop->update_option('wpsg_mod_produktartikel_showui', $_REQUEST['wpsg_mod_produktartikel_showui']);
-            $this->shop->update_option('wpsg_mod_produktartikel_ean', $_REQUEST['wpsg_mod_produktartikel_ean']);
-            $this->shop->update_option('wpsg_mod_produktartikel_gtin', $_REQUEST['wpsg_mod_produktartikel_gtin']);
-            $this->shop->update_option('wpsg_mod_produktartikel_comment', $_REQUEST['wpsg_mod_produktartikel_comment']);
-    
-            $this->shop->update_option('wpsg_mod_produktartikel_postthumbnail', $_REQUEST['wpsg_mod_produktartikel_postthumbnail']);
-    
-            $this->shop->update_option('wpsg_mod_produktartikel_positionnumber', $_REQUEST['wpsg_mod_produktartikel_positionnumber']); 
+
+	        $_REQUEST['wpsg_mod_produktartikel_pathkey'] = wpsg_sinput("text_field", $_REQUEST['wpsg_mod_produktartikel_pathkey']);
+	        $_REQUEST['wpsg_mod_produktartikel_pathkey_cat'] = wpsg_sinput("text_field", $_REQUEST['wpsg_mod_produktartikel_pathkey_cat']);
+
+            $this->shop->update_option('wpsg_mod_produktartikel_showHome', $_REQUEST['wpsg_mod_produktartikel_showHome'], false, false, "key");
+            $this->shop->update_option('wpsg_mod_produktartikel_showCategory', $_REQUEST['wpsg_mod_produktartikel_showCategory'], false, false, "key");
+            $this->shop->update_option('wpsg_mod_produktartikel_showFeed', $_REQUEST['wpsg_mod_produktartikel_showFeed'], false, false, "key");
+            $this->shop->update_option('wpsg_mod_produktartikel_showSearch', $_REQUEST['wpsg_mod_produktartikel_showSearch'], false, false, "key");
+            $this->shop->update_option('wpsg_mod_produktartikel_onlyMainQuery', $_REQUEST['wpsg_mod_produktartikel_onlyMainQuery'], false, false, "key");
+    
+            $this->shop->update_option('wpsg_mod_produktartikel_hometemplate', wpsg_xss($_REQUEST['wpsg_mod_produktartikel_hometemplate']));
+            $this->shop->update_option('wpsg_mod_produktartikel_listtemplate', wpsg_xss($_REQUEST['wpsg_mod_produktartikel_listtemplate']));
+            $this->shop->update_option('wpsg_mod_produktartikel_searchtemplate', wpsg_xss($_REQUEST['wpsg_mod_produktartikel_searchtemplate']));
+    
+            $this->shop->update_option('wpsg_mod_produktartikel_showui', $_REQUEST['wpsg_mod_produktartikel_showui'], false, false, "key");
+            $this->shop->update_option('wpsg_mod_produktartikel_ean', $_REQUEST['wpsg_mod_produktartikel_ean'], false, false, "key");
+            $this->shop->update_option('wpsg_mod_produktartikel_gtin', $_REQUEST['wpsg_mod_produktartikel_gtin'], false, false, "key");
+            $this->shop->update_option('wpsg_mod_produktartikel_comment', $_REQUEST['wpsg_mod_produktartikel_comment'], false, false, "key");
+    
+            $this->shop->update_option('wpsg_mod_produktartikel_postthumbnail', $_REQUEST['wpsg_mod_produktartikel_postthumbnail'], false, false, "key");
+    
+            $this->shop->update_option('wpsg_mod_produktartikel_positionnumber', $_REQUEST['wpsg_mod_produktartikel_positionnumber'], false, false, "key");
             
             $pathkey_alt = $this->shop->get_option('wpsg_mod_produktartikel_pathkey');
             $pathkey_new = $this->shop->clear($_REQUEST['wpsg_mod_produktartikel_pathkey']);
     
-            $this->shop->update_option('wpsg_mod_produktartikel_rating', $_REQUEST['wpsg_mod_produktartikel_rating']);
+            $this->shop->update_option('wpsg_mod_produktartikel_rating', $_REQUEST['wpsg_mod_produktartikel_rating'], false, false, "key");
     
             if ($pathkey_alt != $_REQUEST['wpsg_mod_produktartikel_pathkey'] && $pathkey_new != '')
@@ -354,5 +357,5 @@
                 ), "`post_type` = '".wpsg_q($pathkey_alt)."'");
     
-                $this->shop->update_option('wpsg_mod_produktartikel_pathkey', $pathkey_new);
+                $this->shop->update_option('wpsg_mod_produktartikel_pathkey', $pathkey_new, false, false, "text_field");
     
                 $this->shop->addBackendMessage(__('Path Key erfolgreich geÀndert. Die Produkt URLs haben sich geÀndert!', 'wpsg'));
@@ -380,5 +383,5 @@
                 ), " `meta_key` = '_menu_item_object' AND `meta_value` = '".wpsg_q($pathkey_cat_old)."' ");
     
-                $this->shop->update_option('wpsg_mod_produktartikel_pathkey_cat', $pathkey_cat_new);
+                $this->shop->update_option('wpsg_mod_produktartikel_pathkey_cat', $pathkey_cat_new, false, false, "text_field");
     
                 $this->shop->addBackendMessage(__('Path Key (Kategorie) erfolgreich geÀndert. Die Kategorie URLs haben sich geÀndert!', 'wpsg'));
@@ -440,5 +443,5 @@
         {
     
-            $this->shop->update_option('wpsg_mod_produktartikel_noJS', $_REQUEST['wpsg_mod_produktartikel_noJS']);
+            $this->shop->update_option('wpsg_mod_produktartikel_noJS', $_REQUEST['wpsg_mod_produktartikel_noJS'], false, false, "key");
     
         } // function admin_includes_save()
@@ -694,6 +697,6 @@
         {
     
-            $produkt_data['ean'] = wpsg_tf(wpsg_getStr($_REQUEST['wpsg_mod_produktartikel']['ean']));
-            $produkt_data['gtin'] = wpsg_tf(wpsg_getStr($_REQUEST['wpsg_mod_produktartikel']['gtin']));
+            $produkt_data['ean'] = wpsg_tf(wpsg_sinput("key", wpsg_getStr($_REQUEST['wpsg_mod_produktartikel']['ean']), "isFloat"));
+            $produkt_data['gtin'] = wpsg_tf(wpsg_sinput("key", wpsg_getStr($_REQUEST['wpsg_mod_produktartikel']['gtin']), "isFloat"));
     
         } // public function produkt_save_before(&$produkt_data)
@@ -701,8 +704,8 @@
         public function produkt_save(&$product_id)
         {
-    
-            if (isset($_REQUEST['wpsg_mod_produktartikel'])) $comment = $_REQUEST['wpsg_mod_produktartikel']['kommentare']; else $comment = false;
-    
-            $this->getPostIdFromProductId($product_id, $_REQUEST['wpsg_mod_produktartikel']['path'], $comment, $_REQUEST['wpsg_produktartikel_menuorder'], true, @$_REQUEST['disabled']);
+
+            if (isset($_REQUEST['wpsg_mod_produktartikel'])) $comment = wpsg_sinput("key", $_REQUEST['wpsg_mod_produktartikel']['kommentare']); else $comment = false;
+    
+            $this->getPostIdFromProductId($product_id, $_REQUEST['wpsg_mod_produktartikel']['path'], $comment, wpsg_sinput("key", $_REQUEST['wpsg_produktartikel_menuorder']), true, wpsg_sinput("key", @$_REQUEST['disabled']));
     
         } // public function produkt_save($produkt_id)
Index: /mods/wpsg_mod_produktattribute.class.php
===================================================================
--- /mods/wpsg_mod_produktattribute.class.php	(revision 7397)
+++ /mods/wpsg_mod_produktattribute.class.php	(revision 7398)
@@ -120,4 +120,7 @@
 				{
 
+					$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+					$_REQUEST['pa_id'] = wpsg_sinput("key", $_REQUEST['pa_id']);
+
 					$this->db->UpdateQuery(WPSG_TBL_AT, array(
 						'name' => wpsg_q($_REQUEST['value'])
@@ -126,5 +129,5 @@
 					$this->shop->addTranslationString('wpsg_mod_produktattribute_'.$_REQUEST['pa_id'], $_REQUEST['value']);
 
-					die(stripslashes($_REQUEST['value']));
+					die($_REQUEST['value']);
 
 				}
@@ -188,8 +191,8 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_produktattribute_showProduct', $_REQUEST['wpsg_mod_produktattribute_showProduct']);
-			$this->shop->update_option('wpsg_mod_produktattribute_showBasket', $_REQUEST['wpsg_mod_produktattribute_showBasket']);
-			$this->shop->update_option('wpsg_mod_produktattribute_showOverview', $_REQUEST['wpsg_mod_produktattribute_showOverview']);
-			$this->shop->update_option('wpsg_mod_produktattribute_showMail', $_REQUEST['wpsg_mod_produktattribute_showMail']);
+			$this->shop->update_option('wpsg_mod_produktattribute_showProduct', $_REQUEST['wpsg_mod_produktattribute_showProduct'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_produktattribute_showBasket', $_REQUEST['wpsg_mod_produktattribute_showBasket'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_produktattribute_showOverview', $_REQUEST['wpsg_mod_produktattribute_showOverview'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_produktattribute_showMail', $_REQUEST['wpsg_mod_produktattribute_showMail'], false, false, "key");
 			
 		} // public function settings_save()
@@ -205,5 +208,6 @@
 				{
 
-					$pa_id = substr($pa_id, 3);
+					$pa_id = wpsg_sinput("key", substr($pa_id, 3));
+					$pa_value = wpsg_xss($pa_value);
 
 					$nExists = $this->db->fetchOne("
Index: /mods/wpsg_mod_rechnungen.class.php
===================================================================
--- /mods/wpsg_mod_rechnungen.class.php	(revision 7397)
+++ /mods/wpsg_mod_rechnungen.class.php	(revision 7398)
@@ -124,14 +124,14 @@
 			else if ($_REQUEST['do'] == 'inlinedit')
 			{
-				
+
 				$foot_text = $this->shop->get_option("wpsg_rechnungen_footer");
 				if (!is_array($foot_text)) $foot_text = @unserialize($foot_text);
 				if (!is_array($foot_text)) $foot_text = array();
 				
-				$foot_text[$_REQUEST['field_id']][$_REQUEST['field']] = $_REQUEST['value'];
-				
-				$this->shop->update_option('wpsg_rechnungen_footer', $foot_text);
-				
-				die($_REQUEST['value']);
+				$foot_text[$_REQUEST['field_id']][$_REQUEST['field']] = wpsg_sinput("text_field", $_REQUEST['value']);
+				
+				$this->shop->update_option('wpsg_rechnungen_footer', $foot_text, false, false, "text_field");
+				
+				die(wpsg_sinput("text_field", $_REQUEST['value']));
 				
 			}
@@ -213,11 +213,11 @@
 
 
-			if (array_key_exists('wpsg_rechnungen_logo_position_left', $_REQUEST) && strpos($_REQUEST['wpsg_rechnungen_logo_position_left'], 'selected') !== false)
+			if (array_key_exists('wpsg_rechnungen_logo_position_left', $_REQUEST) && strpos(wpsg_sinput("text_field", $_REQUEST['wpsg_rechnungen_logo_position_left']), 'selected') !== false)
 				$wpsg_rechnungen_logo_position = "left";
 
-			if (array_key_exists('wpsg_rechnungen_logo_position_center', $_REQUEST) && strpos($_REQUEST['wpsg_rechnungen_logo_position_center'], 'selected') !== false)
+			if (array_key_exists('wpsg_rechnungen_logo_position_center', $_REQUEST) && strpos(wpsg_sinput("text_field", $_REQUEST['wpsg_rechnungen_logo_position_center']), 'selected') !== false)
 				$wpsg_rechnungen_logo_position = "center";
 
-			if (array_key_exists('wpsg_rechnungen_logo_position_right', $_REQUEST) && strpos($_REQUEST['wpsg_rechnungen_logo_position_right'], 'selected') !== false)
+			if (array_key_exists('wpsg_rechnungen_logo_position_right', $_REQUEST) && strpos(wpsg_sinput("text_field", $_REQUEST['wpsg_rechnungen_logo_position_right']), 'selected') !== false)
 				$wpsg_rechnungen_logo_position = "right";
 
@@ -250,27 +250,26 @@
 			}
 
-			$this->shop->update_option("wpsg_mod_rechnungen_texte", $_REQUEST['text']);
-			 
-
-			$this->shop->update_option("wpsg_rechnungen_url", $_REQUEST['wpsg_rechnungen_url']);
-			$this->shop->update_option("wpsg_mod_rechnungen_auto", $_REQUEST['wpsg_mod_rechnungen_auto']);
-			$this->shop->update_option("wpsg_rechnungen_logo_position", $wpsg_rechnungen_logo_position ? $wpsg_rechnungen_logo_position : null);
-			$this->shop->update_option("wpsg_rechnungen_logo_transparency", $_REQUEST['wpsg_rechnungen_logo_transparency']);
-			$this->shop->update_option("wpsg_rechnungen_faelligkeit", $_REQUEST['wpsg_rechnungen_faelligkeit']);
-			$this->shop->update_option('wpsg_rechnungen_pdfperpage', $_REQUEST['wpsg_rechnungen_pdfperpage']);
-			$this->shop->update_option("wpsg_rechnungen_pbeschreibung", $_REQUEST['wpsg_rechnungen_pbeschreibung']);
-			$this->shop->update_option("wpsg_rechnungen_produktattribute", $_REQUEST['wpsg_rechnungen_produktattribute']);
-			$this->shop->update_option("wpsg_mod_rechnungen_showgutschriftrechnung", $_REQUEST['wpsg_mod_rechnungen_showgutschriftrechnung']);
-			$this->shop->update_option('wpsg_mod_rechnungen_anr', $_REQUEST['wpsg_mod_rechnungen_anr']);
-			$this->shop->update_option("wpsg_mod_rechnungen_showpv", $_REQUEST['wpsg_mod_rechnungen_showpv']);
-			$this->shop->update_option("wpsg_mod_rechnungen_showov", $_REQUEST['wpsg_mod_rechnungen_showov']);
-			$this->shop->update_option("wpsg_rechnungen_start", $_REQUEST['wpsg_rechnungen_start']);
-			$this->shop->update_option("wpsg_gutschrift_start", $_REQUEST['wpsg_gutschrift_start']);
-			$this->shop->update_option('wpsg_mod_rechnungen_gutschrifttax', $_REQUEST['wpsg_mod_rechnungen_gutschrifttax']);
-			$this->shop->update_option("wpsg_rechnungen_format", $_REQUEST['wpsg_rechnungen_format']);
-			$this->shop->update_option("wpsg_gutschrift_format", $_REQUEST['wpsg_gutschrift_format']);
-			$this->shop->update_option('wpsg_rechnungen_adresszeile', $_REQUEST['wpsg_rechnungen_adresszeile']);
-			$this->shop->update_option('wpsg_rechnungen_foottext_standard', $_REQUEST['wpsg_rechnungen_foottext_standard']);
-			$this->shop->update_option('wpsg_mod_rechnungen_hideCountry', $_REQUEST['wpsg_mod_rechnungen_hideCountry']);
+			$this->shop->update_option("wpsg_mod_rechnungen_texte", wpsg_sanitize("wpsg_txt_tbl", $_REQUEST['text']));
+
+			$this->shop->update_option("wpsg_rechnungen_url", $_REQUEST['wpsg_rechnungen_url'], false, false, "text_field");
+			$this->shop->update_option("wpsg_mod_rechnungen_auto", $_REQUEST['wpsg_mod_rechnungen_auto'], false, false, "key");
+			$this->shop->update_option("wpsg_rechnungen_logo_position", $wpsg_rechnungen_logo_position ?: null);
+			$this->shop->update_option("wpsg_rechnungen_logo_transparency", $_REQUEST['wpsg_rechnungen_logo_transparency'], false, false, "key");
+			$this->shop->update_option("wpsg_rechnungen_faelligkeit", $_REQUEST['wpsg_rechnungen_faelligkeit'],false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_rechnungen_pdfperpage', $_REQUEST['wpsg_rechnungen_pdfperpage'], false, false, "key");
+			$this->shop->update_option("wpsg_rechnungen_pbeschreibung", $_REQUEST['wpsg_rechnungen_pbeschreibung'], false, false, "key");
+			$this->shop->update_option("wpsg_rechnungen_produktattribute", $_REQUEST['wpsg_rechnungen_produktattribute'], false, false, "key");
+			$this->shop->update_option("wpsg_mod_rechnungen_showgutschriftrechnung", $_REQUEST['wpsg_mod_rechnungen_showgutschriftrechnung'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_rechnungen_anr', $_REQUEST['wpsg_mod_rechnungen_anr'], false, false, "key");
+			$this->shop->update_option("wpsg_mod_rechnungen_showpv", $_REQUEST['wpsg_mod_rechnungen_showpv'], false, false, "key");
+			$this->shop->update_option("wpsg_mod_rechnungen_showov", $_REQUEST['wpsg_mod_rechnungen_showov'], false, false, "key");
+			$this->shop->update_option("wpsg_rechnungen_start", $_REQUEST['wpsg_rechnungen_start'], false, false, "key");
+			$this->shop->update_option("wpsg_gutschrift_start", $_REQUEST['wpsg_gutschrift_start'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_rechnungen_gutschrifttax', wpsg_xss($_REQUEST['wpsg_mod_rechnungen_gutschrifttax']));
+			$this->shop->update_option("wpsg_rechnungen_format", $_REQUEST['wpsg_rechnungen_format'], false, false, "text_field");
+			$this->shop->update_option("wpsg_gutschrift_format", $_REQUEST['wpsg_gutschrift_format'], false, false, "text_field");
+			$this->shop->update_option('wpsg_rechnungen_adresszeile', $_REQUEST['wpsg_rechnungen_adresszeile'], false, false, "text_field");
+			$this->shop->update_option('wpsg_rechnungen_foottext_standard', $_REQUEST['wpsg_rechnungen_foottext_standard'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_rechnungen_hideCountry', $_REQUEST['wpsg_mod_rechnungen_hideCountry'], false, false, "key");
 
 		}
@@ -351,6 +350,9 @@
 		
 		public function order_ajax() 
-		{ 
-			
+		{
+
+			if(isset($_REQUEST['edit_id'])) $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+			if(isset($_REQUEST['r_id'])) $_REQUEST['r_id'] = wpsg_sinput("key", $_REQUEST['r_id']);
+
 			if (isset($_REQUEST['wpsg_rechnungen_preview']))
 			{
@@ -902,5 +904,5 @@
 			$this->shop->view['kunde']['land'] = $this->db->fetchRow("SELECT L.* FROM `".WPSG_TBL_LAND."` AS L WHERE L.`id` = '".wpsg_q($this->shop->view['kunde']['land'])."'");
 			$this->shop->view['data']['shipping_land'] = $this->db->fetchRow("SELECT L.* FROM `".WPSG_TBL_LAND."` AS L WHERE L.`id` = '".wpsg_q($this->shop->view['data']['shipping_land'])."'");
-			$this->shop->view['rDatum'] = @$_REQUEST['wpsg_rechnungen_datum'];
+			$this->shop->view['rDatum'] = wpsg_sinput("key", @$_REQUEST['wpsg_rechnungen_datum']);
 			$this->shop->view['title'] = __('Rechnung', 'wpsg');
             
@@ -930,9 +932,9 @@
 			
 			$this->shop->view['payment'] = $this->shop->getPaymentName(@$this->shop->view['data']['type_payment'], $order_id);
-			$this->shop->view['fussText'] = $this->shop->replaceUniversalPlatzhalter(@$_REQUEST['wpsg_rechnungen_fusstext'], $order_id);
+			$this->shop->view['fussText'] = $this->shop->replaceUniversalPlatzhalter(wpsg_sinput("text_field", @$_REQUEST['wpsg_rechnungen_fusstext']), $order_id);
 			
 			if ($_REQUEST['wpsg_rechnungen_faelligkeit'] == '1')
 			{
-				$this->shop->view['faelligkeitdatum'] = $_REQUEST['wpsg_rechnungen_faelligkeitsdatum'];
+				$this->shop->view['faelligkeitdatum'] = wpsg_sinput("key", $_REQUEST['wpsg_rechnungen_faelligkeitsdatum']);
 			}
             				
@@ -1007,5 +1009,5 @@
 				{
 						
-					$this->shop->setOrderStatus($order_id, $_REQUEST['wpsg_rechnungen_status_neu'], false);
+					$this->shop->setOrderStatus($order_id, wpsg_sinput("key", $_REQUEST['wpsg_rechnungen_status_neu']), false);
 											
 				}
@@ -1705,5 +1707,5 @@
  			
  			$_REQUEST['wpsg_rechnungen_sendmail'] = '1';
- 			$_REQUEST['wpsg_rechnungen_email'] = wpsg_q($customer_data['email']);
+ 			$_REQUEST['wpsg_rechnungen_email'] = wpsg_q(wpsg_sinput("email", $customer_data['email']));
  			$_REQUEST['wpsg_rechnungen_fusstext'] = '';
  			$_REQUEST['wpsg_rechnungen_faelligkeit'] = '0';
Index: /mods/wpsg_mod_relatedproducts.class.php
===================================================================
--- /mods/wpsg_mod_relatedproducts.class.php	(revision 7397)
+++ /mods/wpsg_mod_relatedproducts.class.php	(revision 7398)
@@ -69,13 +69,13 @@
 		public function settings_save()
 		{
-			
-			$this->shop->update_option('wpsg_mod_relatedproducts_template', $_REQUEST['wpsg_mod_relatedproducts_template']);
-			$this->shop->update_option('wpsg_mod_relatedproducts_synchron', $_REQUEST['wpsg_mod_relatedproducts_synchron']);
-			$this->shop->update_option('wpsg_mod_relatedproducts_showBasket', $_REQUEST['wpsg_mod_relatedproducts_showBasket']);
-			$this->shop->update_option('wpsg_mod_relatedproducts_showBasketLimit', $_REQUEST['wpsg_mod_relatedproducts_showBasketLimit']);
-			$this->shop->update_option('wpsg_mod_relatedproducts_showBasketTemplate', $_REQUEST['wpsg_mod_relatedproducts_showBasketTemplate']);
-			$this->shop->update_option('wpsg_mod_relatedproducts_showAjaxDialog', $_REQUEST['wpsg_mod_relatedproducts_showAjaxDialog']);
-			$this->shop->update_option('wpsg_mod_relatedproducts_showAjaxDialogLimit', $_REQUEST['wpsg_mod_relatedproducts_showAjaxDialogLimit']);
-			$this->shop->update_option('wpsg_mod_relatedproducts_showAjaxDialogTemplate', $_REQUEST['wpsg_mod_relatedproducts_showAjaxDialogTemplate']);
+
+			$this->shop->update_option('wpsg_mod_relatedproducts_template', $_REQUEST['wpsg_mod_relatedproducts_template'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_relatedproducts_synchron', $_REQUEST['wpsg_mod_relatedproducts_synchron'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_relatedproducts_showBasket', $_REQUEST['wpsg_mod_relatedproducts_showBasket'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_relatedproducts_showBasketLimit', $_REQUEST['wpsg_mod_relatedproducts_showBasketLimit'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_relatedproducts_showBasketTemplate', $_REQUEST['wpsg_mod_relatedproducts_showBasketTemplate'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_relatedproducts_showAjaxDialog', $_REQUEST['wpsg_mod_relatedproducts_showAjaxDialog'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_relatedproducts_showAjaxDialogLimit', $_REQUEST['wpsg_mod_relatedproducts_showAjaxDialogLimit'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_relatedproducts_showAjaxDialogTemplate', $_REQUEST['wpsg_mod_relatedproducts_showAjaxDialogTemplate'], false, false, "key");
 			
 		} // public function settings_save
@@ -91,6 +91,6 @@
 					
 					$this->db->UpdateQuery(WPSG_TBL_PRODUCTS_REL, array(
-						'template' => wpsg_q($template)
-					), "`id` = '".wpsg_q($rp_id)."'");
+						'template' => wpsg_q(wpsg_sinput("text_field", $template))
+					), "`id` = '".wpsg_q(wpsg_sinput("key", $rp_id))."'");
 					
 				}
@@ -120,6 +120,10 @@
 		{
 
+
 			if (isset($_REQUEST['cmd']) && $_REQUEST['cmd'] == 'wpsg_rp_add')
 			{
+
+				$_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+				$_REQUEST['rel_id'] = wpsg_sinput("key", $_REQUEST['rel_id']);
 
 				if ($_REQUEST['template'] > 0 && strlen($_REQUEST['template_file']) > 0) $template = $_REQUEST['template_file']; else $template = '';
Index: /mods/wpsg_mod_request.class.php
===================================================================
--- /mods/wpsg_mod_request.class.php	(revision 7397)
+++ /mods/wpsg_mod_request.class.php	(revision 7398)
@@ -65,13 +65,13 @@
 		public function settings_save()
 		{
-									
-			$this->shop->createPage(__('Anfrage', 'wpsg'), 'wpsg_mod_request_page', $_REQUEST['wpsg_mod_request_page']);
-			$this->shop->createPage(__('Vielen Dank fÃŒr Ihre Anfrage', 'wpsg'), 'wpsg_mod_request_redirect', $_REQUEST['wpsg_mod_request_redirect']);
-			
-			$this->shop->update_option('wpsg_mod_request_afterinsert', $_REQUEST['wpsg_mod_request_afterinsert']);
-			$this->shop->update_option('wpsg_mod_request_customerdata', $_REQUEST['wpsg_mod_request_customerdata']);
-			
-			if ($this->shop->hasMod('wpsg_mod_ordervars')) $this->shop->update_option('wpsg_mod_request_ordervars', $_REQUEST['wpsg_mod_request_ordervars']);
-			if ($this->shop->hasMod('wpsg_mod_productvars')) $this->shop->update_option('wpsg_mod_request_productvars', $_REQUEST['wpsg_mod_request_productvars']);
+
+			$this->shop->createPage(__('Anfrage', 'wpsg'), 'wpsg_mod_request_page', wpsg_sinput("key", $_REQUEST['wpsg_mod_request_page']));
+			$this->shop->createPage(__('Vielen Dank fÃŒr Ihre Anfrage', 'wpsg'), 'wpsg_mod_request_redirect', wpsg_sinput("key", $_REQUEST['wpsg_mod_request_redirect']));
+			
+			$this->shop->update_option('wpsg_mod_request_afterinsert', $_REQUEST['wpsg_mod_request_afterinsert'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_request_customerdata', $_REQUEST['wpsg_mod_request_customerdata'], false, false, "key");
+			
+			if ($this->shop->hasMod('wpsg_mod_ordervars')) $this->shop->update_option('wpsg_mod_request_ordervars', $_REQUEST['wpsg_mod_request_ordervars'], false, false, "key");
+			if ($this->shop->hasMod('wpsg_mod_productvars')) $this->shop->update_option('wpsg_mod_request_productvars', $_REQUEST['wpsg_mod_request_productvars'], false, false, "key");
 			
 		} // public function settings_save()
@@ -202,5 +202,5 @@
 			$oProduct = wpsg_product::getInstance($product_id);
 			
-			$oProduct->setMeta('wpsg_mod_request_set', $_REQUEST['wpsg_mod_request_set']);
+			$oProduct->setMeta('wpsg_mod_request_set', wpsg_sinput("key", $_REQUEST['wpsg_mod_request_set']));
 			
 		} // public function produkt_save(&$produkt_id)
Index: /mods/wpsg_mod_scaleprice.class.php
===================================================================
--- /mods/wpsg_mod_scaleprice.class.php	(revision 7397)
+++ /mods/wpsg_mod_scaleprice.class.php	(revision 7398)
@@ -131,8 +131,8 @@
 		public function produkt_save_before(&$produkt_data) 
 		{ 
-			
-			$produkt_data['wpsg_mod_scaleprice_activ'] = wpsg_q($_REQUEST['wpsg_mod_scaleprice_activ']);
-			$produkt_data['wpsg_mod_scaleprice_typ'] = wpsg_q($_REQUEST['wpsg_mod_scaleprice_typ']);
-			$produkt_data['wpsg_mod_scaleprice_calc'] = wpsg_q($_REQUEST['wpsg_mod_scaleprice_calc']);
+
+			$produkt_data['wpsg_mod_scaleprice_activ'] = wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_scaleprice_activ']));
+			$produkt_data['wpsg_mod_scaleprice_typ'] = wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_scaleprice_typ']));
+			$produkt_data['wpsg_mod_scaleprice_calc'] = wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_scaleprice_calc']));
 			
 		} // public function produkt_save_before(&$produkt_data)
@@ -140,5 +140,8 @@
 		public function produkt_ajax()
 		{
-				
+
+			if(isset($_REQUEST['edit_id'])) $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+			if(isset($_REQUEST['scale_id'])) $_REQUEST['scale_id'] = wpsg_sinput("key", $_REQUEST['scale_id']);
+
 			if ($_REQUEST['cmd'] == 'add')
 			{
@@ -146,6 +149,6 @@
 				$this->db->ImportQuery(WPSG_TBL_SCALEPRICE, array(
 					'product_id' => wpsg_q($_REQUEST['edit_id']),
-					'scale' => wpsg_q($_REQUEST['scale']),
-					'value' => wpsg_q(wpsg_tf($_REQUEST['value']))	
+					'scale' => wpsg_q(wpsg_sinput("key", $_REQUEST['scale'])),
+					'value' => wpsg_q(wpsg_tf(wpsg_sinput("key", $_REQUEST['value'], "isFloat")))
 				));
 				
@@ -158,6 +161,6 @@
 				$this->db->UpdateQuery(WPSG_TBL_PRODUCTS, array(
 					'wpsg_mod_scaleprice_activ' => '1',
-					'wpsg_mod_scaleprice_typ' => wpsg_q($_REQUEST['typ']),
-					'wpsg_mod_scaleprice_calc' => wpsg_q($_REQUEST['calc'])
+					'wpsg_mod_scaleprice_typ' => wpsg_q(wpsg_sinput("key", $_REQUEST['typ'])),
+					'wpsg_mod_scaleprice_calc' => wpsg_q(wpsg_sinput("key", $_REQUEST['calc']))
 				), "`id` = '".wpsg_q($_REQUEST['edit_id'])."'");
 				
@@ -170,6 +173,6 @@
 				$this->db->UpdateQuery(WPSG_TBL_PRODUCTS, array(
 					'wpsg_mod_scaleprice_activ' => '1',
-					'wpsg_mod_scaleprice_typ' => wpsg_q($_REQUEST['typ']),
-					'wpsg_mod_scaleprice_calc' => wpsg_q($_REQUEST['calc'])
+					'wpsg_mod_scaleprice_typ' => wpsg_q(wpsg_sinput("key", $_REQUEST['typ'])),
+					'wpsg_mod_scaleprice_calc' => wpsg_q(wpsg_sinput("key", $_REQUEST['calc']))
 				), "`id` = '".wpsg_q($_REQUEST['edit_id'])."'");
 				
@@ -190,6 +193,8 @@
 				if ($_REQUEST['field'] == 'scale')
 				{
-					
-					$this->db->UpdateQuery(WPSG_TBL_SCALEPRICE, array('scale' => wpsg_q(wpsg_tf($_REQUEST['value']))), "`id` = '".wpsg_q($_REQUEST['scale_id'])."'");
+
+					$_REQUEST['value'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['value'], "isFloat"));
+
+					$this->db->UpdateQuery(WPSG_TBL_SCALEPRICE, array('scale' => wpsg_q($_REQUEST['value'])), "`id` = '".wpsg_q($_REQUEST['scale_id'])."'");
 					
 					die(wpsg_ff(wpsg_tf($_REQUEST['value'])));
@@ -198,6 +203,8 @@
 				else if ($_REQUEST['field'] == 'value')
 				{
-					
-					$this->db->UpdateQuery(WPSG_TBL_SCALEPRICE, array('value' => wpsg_q(wpsg_tf($_REQUEST['value']))), "`id` = '".wpsg_q($_REQUEST['scale_id'])."'");
+
+					$_REQUEST['value'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['value'], "isFloat"));
+
+					$this->db->UpdateQuery(WPSG_TBL_SCALEPRICE, array('value' => wpsg_q($_REQUEST['value'])), "`id` = '".wpsg_q($_REQUEST['scale_id'])."'");
 					
 					die(wpsg_ff(wpsg_tf($_REQUEST['value'])));
@@ -219,5 +226,5 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_scaleprice_showProductInfo', $_REQUEST['wpsg_mod_scaleprice_showProductInfo']);
+			$this->shop->update_option('wpsg_mod_scaleprice_showProductInfo', $_REQUEST['wpsg_mod_scaleprice_showProductInfo'], false, false, "key");
 			
 		} // public function admin_presentation_submit()
Index: /mods/wpsg_mod_securepay.class.php
===================================================================
--- /mods/wpsg_mod_securepay.class.php	(revision 7397)
+++ /mods/wpsg_mod_securepay.class.php	(revision 7398)
@@ -93,22 +93,22 @@
 		{
 						
-			$this->shop->update_option('wpsg_mod_securepay_sandbox', $_REQUEST['wpsg_mod_securepay_sandbox']);
-			$this->shop->update_option('wpsg_mod_securepay_sender', $_REQUEST['wpsg_mod_securepay_sender']);
-			$this->shop->update_option('wpsg_mod_securepay_channelid', $_REQUEST['wpsg_mod_securepay_channelid']);
-			$this->shop->update_option('wpsg_mod_securepay_userid', $_REQUEST['wpsg_mod_securepay_userid']);
-			$this->shop->update_option('wpsg_mod_securepay_password', $_REQUEST['wpsg_mod_securepay_password']);
-			
-			$this->shop->update_option('wpsg_mod_securepay_activ', $_REQUEST['wpsg_mod_securepay_activ']);
-			$this->shop->update_option('wpsg_mod_securepay_paymenttypes', $_REQUEST['wpsg_mod_securepay_paymenttypes']);
-			$this->shop->update_option('wpsg_mod_securepay_name', $_REQUEST['wpsg_mod_securepay_name']); $this->shop->addTranslationString('wpsg_mod_securepay_name', $_REQUEST['wpsg_mod_securepay_name']);
-			$this->shop->update_option('wpsg_mod_securepay_hint', $_REQUEST['wpsg_mod_securepay_hint']); $this->shop->addTranslationString('wpsg_mod_securepay_hint', $_REQUEST['wpsg_mod_securepay_hint']);
-			$this->shop->update_option('wpsg_mod_securepay_logo', $_REQUEST['wpsg_mod_securepay_logo']);			
-			$this->shop->update_option('wpsg_mod_securepay_language', $_REQUEST['wpsg_mod_securepay_language']);
-			$this->shop->update_option('wpsg_mod_securepay_gebuehr', $_REQUEST['wpsg_mod_securepay_gebuehr']);
-			$this->shop->update_option('wpsg_mod_securepay_mwst', $_REQUEST['wpsg_mod_securepay_mwst']);
-			$this->shop->update_option('wpsg_mod_securepay_mwstland', $_REQUEST['wpsg_mod_securepay_mwstland']);
-			
-			$this->shop->createPage(__('Erfolgreiche Zahlung', 'wpsg'), 'wpsg_mod_securepay_successPage', $_REQUEST['wpsg_mod_securepay_successPage']);
-			$this->shop->createPage(__('Fehlerhafte Zahlung', 'wpsg'), 'wpsg_mod_securepay_errorPage', $_REQUEST['wpsg_mod_securepay_errorPage']);
+			$this->shop->update_option('wpsg_mod_securepay_sandbox', $_REQUEST['wpsg_mod_securepay_sandbox'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_securepay_sender', $_REQUEST['wpsg_mod_securepay_sender'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_securepay_channelid', $_REQUEST['wpsg_mod_securepay_channelid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_securepay_userid', $_REQUEST['wpsg_mod_securepay_userid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_securepay_password', $_REQUEST['wpsg_mod_securepay_password'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_securepay_activ', $_REQUEST['wpsg_mod_securepay_activ'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_securepay_paymenttypes', $_REQUEST['wpsg_mod_securepay_paymenttypes'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_securepay_name', $_REQUEST['wpsg_mod_securepay_name'], false, false, "text_field"); $this->shop->addTranslationString('wpsg_mod_securepay_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_securepay_name']));
+			$this->shop->update_option('wpsg_mod_securepay_hint', $_REQUEST['wpsg_mod_securepay_hint'], false, false, "text_field"); $this->shop->addTranslationString('wpsg_mod_securepay_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_securepay_hint']));
+			$this->shop->update_option('wpsg_mod_securepay_logo', $_REQUEST['wpsg_mod_securepay_logo'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_securepay_language', $_REQUEST['wpsg_mod_securepay_language'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_securepay_gebuehr', $_REQUEST['wpsg_mod_securepay_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_securepay_mwst', $_REQUEST['wpsg_mod_securepay_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_securepay_mwstland', $_REQUEST['wpsg_mod_securepay_mwstland'], false, false, "key");
+			
+			$this->shop->createPage(__('Erfolgreiche Zahlung', 'wpsg'), 'wpsg_mod_securepay_successPage', wpsg_sinput("key", $_REQUEST['wpsg_mod_securepay_successPage']));
+			$this->shop->createPage(__('Fehlerhafte Zahlung', 'wpsg'), 'wpsg_mod_securepay_errorPage', wpsg_sinput("key", $_REQUEST['wpsg_mod_securepay_errorPage']));
 			
 		} // public function settings_save()
@@ -234,5 +234,5 @@
 				if ($this->shop->get_option('wpsg_mod_securepay_sandbox') === '1') $url = $this->api_url['GetStatus']['test']; 
 				
-				$url .= $_REQUEST['token'];
+				$url .= wpsg_sinput("text_field", $_REQUEST['token']);
 				
 				$result = $this->shop->get_url_post_content($url, $arParam, $this->curl_options);
Index: /mods/wpsg_mod_shippingadress.class.php
===================================================================
--- /mods/wpsg_mod_shippingadress.class.php	(revision 7397)
+++ /mods/wpsg_mod_shippingadress.class.php	(revision 7398)
@@ -55,5 +55,5 @@
 							`".WPSG_TBL_ORDER."`
 						WHERE
-							`id` = '".wpsg_q($_REQUEST['edit_id'])."'
+							`id` = '".wpsg_q(wpsg_sinput("key", $_REQUEST['edit_id']))."'
 					");
 				
Index: /mods/wpsg_mod_shs.class.php
===================================================================
--- /mods/wpsg_mod_shs.class.php	(revision 7397)
+++ /mods/wpsg_mod_shs.class.php	(revision 7398)
@@ -112,41 +112,41 @@
 		public function settings_save()
 		{
-			
-			$this->shop->update_option('wpsg_mod_shs_bezeichnung_creditcard', $_REQUEST['wpsg_mod_shs_bezeichnung_creditcard']);
-			$this->shop->update_option('wpsg_mod_shs_aktiv_creditcard', $_REQUEST['wpsg_mod_shs_aktiv_creditcard']); 
-			$this->shop->update_option('wpsg_mod_shs_hint_creditcard', $_REQUEST['wpsg_mod_shs_hint_creditcard']);
-			
-			$this->shop->update_option('wpsg_mod_shs_bezeichnung_maestro', $_REQUEST['wpsg_mod_shs_bezeichnung_maestro']);
-			$this->shop->update_option('wpsg_mod_shs_aktiv_maestro', $_REQUEST['wpsg_mod_shs_aktiv_maestro']);
-			$this->shop->update_option('wpsg_mod_shs_hint_maestro', $_REQUEST['wpsg_mod_shs_hint_maestro']);
-			
-			$this->shop->update_option('wpsg_mod_shs_bezeichnung_directdebit', $_REQUEST['wpsg_mod_shs_bezeichnung_directdebit']);
-			$this->shop->update_option('wpsg_mod_shs_aktiv_directdebit', $_REQUEST['wpsg_mod_shs_aktiv_directdebit']);
-			$this->shop->update_option('wpsg_mod_shs_hint_directdebit', $_REQUEST['wpsg_mod_shs_hint_directdebit']);
-			
-			$this->shop->update_option('wpsg_mod_shs_mwst', $_REQUEST['wpsg_mod_shs_mwst']);
-			$this->shop->update_option('wpsg_mod_shs_gebuehr', $_REQUEST['wpsg_mod_shs_gebuehr']);
-			$this->shop->update_option('wpsg_mod_shs_mwstland', $_REQUEST['wpsg_mod_shs_mwstland']);			
-			$this->shop->update_option('wpsg_mod_shs_autostart', $_REQUEST['wpsg_mod_shs_autostart']);
-			$this->shop->update_option('wpsg_mod_shs_autoend', $_REQUEST['wpsg_mod_shs_autoend']);			
-			
-			$this->shop->update_option('wpsg_mod_shs_mobileversion', wpsg_getStr($_REQUEST['wpsg_mod_shs_mobileversion']));
-			$this->shop->update_option('wpsg_mod_shs_creditcard_cardholder', wpsg_getStr($_REQUEST['wpsg_mod_shs_creditcard_cardholder']));
-			$this->shop->update_option('wpsg_mod_shs_creditcard_optionalcardholder', wpsg_getStr($_REQUEST['wpsg_mod_shs_creditcard_optionalcardholder']));
-			$this->shop->update_option('wpsg_mod_shs_creditcard_sslifvisaenrolledu', wpsg_getStr($_REQUEST['wpsg_mod_shs_creditcard_sslifvisaenrolledu']));
-			$this->shop->update_option('wpsg_mod_shs_directdebit_accountholder', wpsg_getStr($_REQUEST['wpsg_mod_shs_directdebit_accountholder']));
-			$this->shop->update_option('wpsg_mod_shs_directdebit_optionalaccountholder', wpsg_getStr($_REQUEST['wpsg_mod_shs_directdebit_optionalaccountholder']));
-			$this->shop->update_option('wpsg_mod_shs_directdebit_checklist', wpsg_getStr($_REQUEST['wpsg_mod_shs_directdebit_checklist']));
-
-			$this->shop->update_option('wpsg_mod_shs_transactiontype', $_REQUEST['wpsg_mod_shs_transactiontype']);
-			
-			$this->shop->update_option('wpsg_mod_shs_sandbox', $_REQUEST['wpsg_mod_shs_sandbox']);					
-			$this->shop->update_option('wpsg_mod_shs_sslmerchant', $_REQUEST['wpsg_mod_shs_sslmerchant']);
-			$this->shop->update_option('wpsg_mod_shs_sslpw', $_REQUEST['wpsg_mod_shs_sslpw']);			
+
+			$this->shop->update_option('wpsg_mod_shs_bezeichnung_creditcard', $_REQUEST['wpsg_mod_shs_bezeichnung_creditcard'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_shs_aktiv_creditcard', $_REQUEST['wpsg_mod_shs_aktiv_creditcard'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_hint_creditcard', $_REQUEST['wpsg_mod_shs_hint_creditcard'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_shs_bezeichnung_maestro', $_REQUEST['wpsg_mod_shs_bezeichnung_maestro'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_shs_aktiv_maestro', $_REQUEST['wpsg_mod_shs_aktiv_maestro'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_hint_maestro', $_REQUEST['wpsg_mod_shs_hint_maestro'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_shs_bezeichnung_directdebit', $_REQUEST['wpsg_mod_shs_bezeichnung_directdebit'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_shs_aktiv_directdebit', $_REQUEST['wpsg_mod_shs_aktiv_directdebit'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_hint_directdebit', $_REQUEST['wpsg_mod_shs_hint_directdebit'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_shs_mwst', $_REQUEST['wpsg_mod_shs_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_gebuehr', $_REQUEST['wpsg_mod_shs_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_shs_mwstland', $_REQUEST['wpsg_mod_shs_mwstland'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_autostart', $_REQUEST['wpsg_mod_shs_autostart'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_autoend', $_REQUEST['wpsg_mod_shs_autoend'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_shs_mobileversion', wpsg_getStr($_REQUEST['wpsg_mod_shs_mobileversion']), false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_creditcard_cardholder', wpsg_getStr($_REQUEST['wpsg_mod_shs_creditcard_cardholder']), false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_creditcard_optionalcardholder', wpsg_getStr($_REQUEST['wpsg_mod_shs_creditcard_optionalcardholder']), false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_creditcard_sslifvisaenrolledu', wpsg_getStr($_REQUEST['wpsg_mod_shs_creditcard_sslifvisaenrolledu']), false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_directdebit_accountholder', wpsg_getStr($_REQUEST['wpsg_mod_shs_directdebit_accountholder']), false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_directdebit_optionalaccountholder', wpsg_getStr($_REQUEST['wpsg_mod_shs_directdebit_optionalaccountholder']), false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_directdebit_checklist', wpsg_getStr($_REQUEST['wpsg_mod_shs_directdebit_checklist']), false, false, "key");
+
+			$this->shop->update_option('wpsg_mod_shs_transactiontype', $_REQUEST['wpsg_mod_shs_transactiontype'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_shs_sandbox', $_REQUEST['wpsg_mod_shs_sandbox'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_sslmerchant', $_REQUEST['wpsg_mod_shs_sslmerchant'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_shs_sslpw', $_REQUEST['wpsg_mod_shs_sslpw'], false, false, "key");
 									
-			$this->shop->update_option('wpsg_mod_shs_apiurl', $_REQUEST['wpsg_mod_shs_apiurl']);
-						
-			$this->shop->createPage(__('Erfolgreiche Zahlung (Sparkassen Internetkasse)', 'wpsg'), 'wpsg_page_mod_shs_success', $_REQUEST['wpsg_page_mod_shs_success']);
-			$this->shop->createPage(__('Fehlgeschlagene Zahlung (Sparkassen Internetkasse)', 'wpsg'), 'wpsg_page_mod_shs_error', $_REQUEST['wpsg_page_mod_shs_error']);
+			$this->shop->update_option('wpsg_mod_shs_apiurl', $_REQUEST['wpsg_mod_shs_apiurl'], false, false, "text_field");
+						
+			$this->shop->createPage(__('Erfolgreiche Zahlung (Sparkassen Internetkasse)', 'wpsg'), 'wpsg_page_mod_shs_success', wpsg_sinput("key", $_REQUEST['wpsg_page_mod_shs_success']));
+			$this->shop->createPage(__('Fehlgeschlagene Zahlung (Sparkassen Internetkasse)', 'wpsg'), 'wpsg_page_mod_shs_error', wpsg_sinput("key", $_REQUEST['wpsg_page_mod_shs_error']));
 							
 		} // public function settings_save()
@@ -232,5 +232,7 @@
 			if ($_REQUEST['wpsg_plugin'] == 'wpsg_mod_shs' && $_REQUEST['confirm'] == 'pp')
 			{
-				
+
+				$_REQUEST['orderid'] = wpsg_sinput("key", $_REQUEST['orderid']);
+
 				if (preg_match('/\d+-\d+/', $_REQUEST['orderid']))
 				{
@@ -244,30 +246,30 @@
 				
 				if ($_REQUEST['orderid'] <= 0) die(__('URL Erreichbar, aber orderid zum bilden des Hashs nicht Ìbergeben! URL sollte erst nach Zahlung mit den Daten angefragt werden. RÌckgabe ist dann die Zielurl. Ohne orderid ist auch keine interne Zuordnung der Bestellung möglich, deswegen hier Abbruch.', 'wpsg'));
-				
+
 				$arParam = array(
-					'account' => wpsg_getStr($_REQUEST['account']),
-					'aid' => wpsg_getStr($_REQUEST['aid']),
-					'amount' => wpsg_getStr($_REQUEST['amount']),
-					'bankcode' => wpsg_getStr($_REQUEST['bankcode']),
-					'basketid' => wpsg_getStr($_REQUEST['basketid']),
-					'bic' => wpsg_getStr($_REQUEST['bic']),
-					'creditc' => wpsg_getStr($_REQUEST['creditc']),
-					'currency' => wpsg_getStr($_REQUEST['currency']),
-					'deliverycountry' => wpsg_getStr($_REQUEST['deliverycountry']),
-					'directPosErrorCode' => wpsg_getStr($_REQUEST['directPosErrorCode']),
-					'directPosErrorMessage' => wpsg_getStr($_REQUEST['directPosErrorMessage']),
-					'expdat' => wpsg_getStr($_REQUEST['expdat']),					
-					'iban' => wpsg_getStr($_REQUEST['iban']),					
-					'ipcheckresult' => wpsg_getStr($_REQUEST['ipcheckresult']),					
-					'orderid' => wpsg_getStr($order_id_request),					
-					'ppan' => wpsg_getStr($_REQUEST['ppan']),
-					'rc' => wpsg_getStr($_REQUEST['rc']),
-					'rc_avsamex' => wpsg_getStr($_REQUEST['rc_avsamex']),
-					'rc_score' => wpsg_getStr($_REQUEST['rc_score']),
-					'retrefnum' => wpsg_getStr($_REQUEST['retrefnum']),
-					'sessionid' => wpsg_getStr($_REQUEST['sessionid']),
-					'trefnum' => wpsg_getStr($_REQUEST['trefnum']),					
-					'txn_card' => wpsg_getStr($_REQUEST['txn_card']),
-					'version' => wpsg_getStr($_REQUEST['version'])
+					'account' => sanitize_key(wpsg_getStr($_REQUEST['account'])),
+					'aid' => sanitize_key(wpsg_getStr($_REQUEST['aid'])),
+					'amount' => sanitize_key(wpsg_getStr($_REQUEST['amount'])),
+					'bankcode' => sanitize_key(wpsg_getStr($_REQUEST['bankcode'])),
+					'basketid' => sanitize_key(wpsg_getStr($_REQUEST['basketid'])),
+					'bic' => sanitize_key(wpsg_getStr($_REQUEST['bic'])),
+					'creditc' => sanitize_key(wpsg_getStr($_REQUEST['creditc'])),
+					'currency' => sanitize_key(wpsg_getStr($_REQUEST['currency'])),
+					'deliverycountry' => sanitize_key(wpsg_getStr($_REQUEST['deliverycountry'])),
+					'directPosErrorCode' => sanitize_key(wpsg_getStr($_REQUEST['directPosErrorCode'])),
+					'directPosErrorMessage' => sanitize_key(wpsg_getStr($_REQUEST['directPosErrorMessage'])),
+					'expdat' => sanitize_key(wpsg_getStr($_REQUEST['expdat'])),
+					'iban' => sanitize_key(wpsg_getStr($_REQUEST['iban'])),
+					'ipcheckresult' => sanitize_key(wpsg_getStr($_REQUEST['ipcheckresult'])),
+					'orderid' => wpsg_getStr($order_id_request),
+					'ppan' => sanitize_key(wpsg_getStr($_REQUEST['ppan'])),
+					'rc' => sanitize_key(wpsg_getStr($_REQUEST['rc'])),
+					'rc_avsamex' => sanitize_key(wpsg_getStr($_REQUEST['rc_avsamex'])),
+					'rc_score' => sanitize_key(wpsg_getStr($_REQUEST['rc_score'])),
+					'retrefnum' => sanitize_key(wpsg_getStr($_REQUEST['retrefnum'])),
+					'sessionid' => sanitize_key(wpsg_getStr($_REQUEST['sessionid'])),
+					'trefnum' => sanitize_key(wpsg_getStr($_REQUEST['trefnum'])),
+					'txn_card' => sanitize_key(wpsg_getStr($_REQUEST['txn_card'])),
+					'version' => sanitize_key(wpsg_getStr($_REQUEST['version']))
 				);
 				 
@@ -302,5 +304,5 @@
 						));
 						
-						if ($this->shop->setPayMent($_REQUEST['orderid'], wpsg_tf($_REQUEST['amount'])))
+						if ($this->shop->setPayMent($_REQUEST['orderid'], wpsg_tf(wpsg_sinput("key", $_REQUEST['amount'], "isFloat"))))
 						{
 								
Index: /mods/wpsg_mod_si.class.php
===================================================================
--- /mods/wpsg_mod_si.class.php	(revision 7397)
+++ /mods/wpsg_mod_si.class.php	(revision 7398)
@@ -62,14 +62,14 @@
 		public function settings_save() 
 		{
-			
-			$this->shop->update_option('wpsg_mod_si_user_id', $_REQUEST['wpsg_mod_si_user_id']);
-			$this->shop->update_option('wpsg_mod_si_project_id', $_REQUEST['wpsg_mod_si_project_id']);
-			
-			$this->shop->update_option('wpsg_mod_si_project_pwd', $_REQUEST['wpsg_mod_si_project_pwd']);
-			$this->shop->update_option('wpsg_mod_si_hashalgo', $_REQUEST['wpsg_mod_si_hashalgo']);
-			
-			$this->shop->update_option('wpsg_mod_si_minAge', $_REQUEST['wpsg_mod_si_minAge']);
-			$this->shop->update_option('wpsg_mod_si_country', $_REQUEST['wpsg_mod_si_country']);
-			
+
+			$this->shop->update_option('wpsg_mod_si_user_id', $_REQUEST['wpsg_mod_si_user_id'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_si_project_id', $_REQUEST['wpsg_mod_si_project_id'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_si_project_pwd', $_REQUEST['wpsg_mod_si_project_pwd'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_si_hashalgo', $_REQUEST['wpsg_mod_si_hashalgo'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_si_minAge', $_REQUEST['wpsg_mod_si_minAge'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_si_country', $_REQUEST['wpsg_mod_si_country'], false, false, "key");
+
 		} // public function settings_save() 
 		  
@@ -89,6 +89,6 @@
 		{
 				
-			$produkt_data['wpsg_mod_si_check'] = wpsg_getStr($_REQUEST['wpsg_mod_si']['check']);
-			$produkt_data['wpsg_mod_si_minage'] = wpsg_getStr($_REQUEST['wpsg_mod_si']['minAge']);
+			$produkt_data['wpsg_mod_si_check'] = wpsg_sinput("key", wpsg_getStr($_REQUEST['wpsg_mod_si']['check']));
+			$produkt_data['wpsg_mod_si_minage'] = wpsg_sinput("key", wpsg_getStr($_REQUEST['wpsg_mod_si']['minAge']));
 				
 		} // public function produkt_save_before(&$produkt_data)
Index: /mods/wpsg_mod_skrill.class.php
===================================================================
--- /mods/wpsg_mod_skrill.class.php	(revision 7397)
+++ /mods/wpsg_mod_skrill.class.php	(revision 7398)
@@ -78,25 +78,25 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_skrill_bezeichnung', $_REQUEST['wpsg_mod_skrill_bezeichnung']);
-			$this->shop->update_option('wpsg_mod_skrill_aktiv', $_REQUEST['wpsg_mod_skrill_aktiv']);
-			$this->shop->update_option('wpsg_mod_skrill_hint', $_REQUEST['wpsg_mod_skrill_hint']);
-						
-			$this->shop->update_option('wpsg_mod_skrill_gebuehr', wpsg_tf($_REQUEST['wpsg_mod_skrill_gebuehr'], true));
-			$this->shop->update_option('wpsg_mod_skrill_mwst', $_REQUEST['wpsg_mod_skrill_mwst']);
-			$this->shop->update_option('wpsg_mod_skrill_mwstland', $_REQUEST['wpsg_mod_skrill_mwstland']);
-			
-			$this->shop->update_option('wpsg_mod_skrill_currency', $_REQUEST['wpsg_mod_skrill_currency']);
-			$this->shop->update_option('wpsg_mod_skrill_recipient_description', $_REQUEST['wpsg_mod_skrill_recipient_description']);
-			$this->shop->update_option('wpsg_mod_skrill_code', $_REQUEST['wpsg_mod_skrill_code']);			
-			$this->shop->update_option('wpsg_mod_skrill_email', $_REQUEST['wpsg_mod_skrill_email']);
-			$this->shop->update_option('wpsg_mod_skrill_id', $_REQUEST['wpsg_mod_skrill_id']);
-			$this->shop->update_option('wpsg_mod_skrill_logo_url', $_REQUEST['wpsg_mod_skrill_logo_url']);
-			$this->shop->update_option('wpsg_mod_skrill_autostart', $_REQUEST['wpsg_mod_skrill_autostart']); 
-			
-			$this->shop->createPage(__('Erfolgreiche Skrill Zahlung', 'wpsg'), 'wpsg_page_mod_skrill_success', $_REQUEST['wpsg_page_mod_skrill_success']);
-			$this->shop->createPage(__('Fehlgeschlagene Skrill Zahlung', 'wpsg'), 'wpsg_page_mod_skrill_error', $_REQUEST['wpsg_page_mod_skrill_error']);
-			
-			$this->shop->addTranslationString('wpsg_mod_skrill_bezeichnung', $_REQUEST['wpsg_mod_skrill_bezeichnung']);
-			$this->shop->addTranslationString('wpsg_mod_skrill_hint', $_REQUEST['wpsg_mod_skrill_hint']);
+			$this->shop->update_option('wpsg_mod_skrill_bezeichnung', $_REQUEST['wpsg_mod_skrill_bezeichnung'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_skrill_aktiv', $_REQUEST['wpsg_mod_skrill_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_skrill_hint', $_REQUEST['wpsg_mod_skrill_hint'], false, false, "text_field");
+						
+			$this->shop->update_option('wpsg_mod_skrill_gebuehr',$_REQUEST['wpsg_mod_skrill_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_skrill_mwst', $_REQUEST['wpsg_mod_skrill_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_skrill_mwstland', $_REQUEST['wpsg_mod_skrill_mwstland'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_skrill_currency', $_REQUEST['wpsg_mod_skrill_currency'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_skrill_recipient_description', $_REQUEST['wpsg_mod_skrill_recipient_description'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_skrill_code', $_REQUEST['wpsg_mod_skrill_code'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_skrill_email', $_REQUEST['wpsg_mod_skrill_email'], false, false, "email");
+			$this->shop->update_option('wpsg_mod_skrill_id', $_REQUEST['wpsg_mod_skrill_id'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_skrill_logo_url', $_REQUEST['wpsg_mod_skrill_logo_url'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_skrill_autostart', $_REQUEST['wpsg_mod_skrill_autostart'], false, false, "key");
+			
+			$this->shop->createPage(__('Erfolgreiche Skrill Zahlung', 'wpsg'), 'wpsg_page_mod_skrill_success', wpsg_sinput("key", $_REQUEST['wpsg_page_mod_skrill_success']));
+			$this->shop->createPage(__('Fehlgeschlagene Skrill Zahlung', 'wpsg'), 'wpsg_page_mod_skrill_error', wpsg_sinput("key", $_REQUEST['wpsg_page_mod_skrill_error']));
+			
+			$this->shop->addTranslationString('wpsg_mod_skrill_bezeichnung', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_skrill_bezeichnung']));
+			$this->shop->addTranslationString('wpsg_mod_skrill_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_skrill_hint']));
 			
 		} // public function settings_save()
@@ -157,8 +157,8 @@
 					$calc_hash = strtoupper(md5(
 						$this->shop->get_option('wpsg_mod_skrill_id').
-						$_REQUEST['transaction_id'].
+						wpsg_sinput("key", $_REQUEST['transaction_id']).
 						strtoupper(md5($this->shop->get_option('wpsg_mod_skrill_code'))).
-						$_REQUEST['mb_amount'].
-						$_REQUEST['mb_currency'].
+						wpsg_sinput("key", $_REQUEST['mb_amount']).
+						wpsg_sinput("text_field", $_REQUEST['mb_currency']).
 						$_REQUEST['status']));
 											
Index: /mods/wpsg_mod_statistics.class.php
===================================================================
--- /mods/wpsg_mod_statistics.class.php	(revision 7397)
+++ /mods/wpsg_mod_statistics.class.php	(revision 7398)
@@ -133,5 +133,5 @@
         public function admin_includes_save() {
 
-            $this->shop->update_option('wpsg_mod_statistics_noJS', $_REQUEST['wpsg_mod_statistics_noJS']);
+            $this->shop->update_option('wpsg_mod_statistics_noJS', $_REQUEST['wpsg_mod_statistics_noJS'], false, false, "key");
 
         }
@@ -572,4 +572,5 @@
 			
 			$this->shop->view['filter'] = array();
+			foreach($_REQUEST['filter'] as $k => $v) $_REQUEST['filter'][$k] = wpsg_sinput("key", $v);
 			if (wpsg_isSizedArray($_REQUEST['filter'])) $this->shop->view['filter'] = $_REQUEST['filter'];
 			
@@ -675,42 +676,54 @@
 		public function settings_save() 
 		{
-			$this->shop->update_option('wpsg_mod_statistics_piwik_url', $_REQUEST['wpsg_mod_statistics_piwik_url']);
-			
-			$this->shop->update_option('wpsg_mod_statistics_piwik_generel', $_REQUEST['wpsg_mod_statistics_piwik_generel']);	
-			$this->shop->update_option('wpsg_mod_statistics_piwik_SiteId', $_REQUEST['wpsg_mod_statistics_piwik_SiteId']);		
-			$this->shop->update_option('wpsg_mod_statistics_piwik_ecommerce', $_REQUEST['wpsg_mod_statistics_piwik_ecommerce']);
-			
-			$this->shop->update_option('wpsg_mod_statistics_piwik_basket', $_REQUEST['wpsg_mod_statistics_piwik_basket']);
-			$this->shop->update_option('wpsg_mod_statistics_piwik_basket_target', $_REQUEST['wpsg_mod_statistics_piwik_basket_target']);
-			
-			$this->shop->update_option('wpsg_mod_statistics_piwik_checkout', $_REQUEST['wpsg_mod_statistics_piwik_checkout']);
-			$this->shop->update_option('wpsg_mod_statistics_piwik_checkout_target', $_REQUEST['wpsg_mod_statistics_piwik_checkout_target']);
-			
-			$this->shop->update_option('wpsg_mod_statistics_piwik_checkout2', $_REQUEST['wpsg_mod_statistics_piwik_checkout2']);
-			$this->shop->update_option('wpsg_mod_statistics_piwik_checkout2_target', $_REQUEST['wpsg_mod_statistics_piwik_checkout2_target']);
-			
-			$this->shop->update_option('wpsg_mod_statistics_piwik_overview', $_REQUEST['wpsg_mod_statistics_piwik_overview']);
-			$this->shop->update_option('wpsg_mod_statistics_piwik_overview_target', $_REQUEST['wpsg_mod_statistics_piwik_overview_target']);
-			
-			$this->shop->update_option('wpsg_mod_statistics_piwik_done', $_REQUEST['wpsg_mod_statistics_piwik_done']);
-			$this->shop->update_option('wpsg_mod_statistics_piwik_done_target', $_REQUEST['wpsg_mod_statistics_piwik_done_target']);
-			
-			$this->shop->update_option('wpsg_mod_statistics_google_active', $_REQUEST['wpsg_mod_statistics_google_active']);
-			$this->shop->update_option('wpsg_mod_statistics_google_domainname', $_REQUEST['wpsg_mod_statistics_google_domainname']);
-			$this->shop->update_option('wpsg_mod_statistics_google_tracking_code', $_REQUEST['wpsg_mod_statistics_google_tracking_code']);
-			$this->shop->update_option('wpsg_mod_statistics_google_anonymise_ip_address', $_REQUEST['wpsg_mod_statistics_google_anonymise_ip_address']);
-			$this->shop->update_option('wpsg_mod_statistics_google_track_page_load_time', $_REQUEST['wpsg_mod_statistics_google_track_page_load_time']);
-			
-			$this->shop->update_option('wpsg_mod_statistics_line_chart_width', $_REQUEST['wpsg_mod_statistics_line_chart_width']);
-			$this->shop->update_option('wpsg_mod_statistics_line_chart_height', $_REQUEST['wpsg_mod_statistics_line_chart_height']);
-			$this->shop->update_option('wpsg_mod_statistics_pie_chart_width', $_REQUEST['wpsg_mod_statistics_pie_chart_width']);
-			$this->shop->update_option('wpsg_mod_statistics_pie_chart_height', $_REQUEST['wpsg_mod_statistics_pie_chart_height']);
-			$this->shop->update_option('wpsg_mod_statistics_bar_chart_width', $_REQUEST['wpsg_mod_statistics_bar_chart_width']);
-			$this->shop->update_option('wpsg_mod_statistics_bar_chart_height', $_REQUEST['wpsg_mod_statistics_bar_chart_height']);
-			$this->shop->update_option('wpsg_mod_statistics_topproductcount', $_REQUEST['wpsg_mod_statistics_topproductcount']);
+
+			$this->shop->update_option('wpsg_mod_statistics_piwik_url', $_REQUEST['wpsg_mod_statistics_piwik_url'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_statistics_piwik_generel', $_REQUEST['wpsg_mod_statistics_piwik_generel'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_piwik_SiteId', $_REQUEST['wpsg_mod_statistics_piwik_SiteId'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_piwik_ecommerce', $_REQUEST['wpsg_mod_statistics_piwik_ecommerce'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_statistics_piwik_basket', $_REQUEST['wpsg_mod_statistics_piwik_basket'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_piwik_basket_target', $_REQUEST['wpsg_mod_statistics_piwik_basket_target'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_statistics_piwik_checkout', $_REQUEST['wpsg_mod_statistics_piwik_checkout'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_piwik_checkout_target', $_REQUEST['wpsg_mod_statistics_piwik_checkout_target'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_statistics_piwik_checkout2', $_REQUEST['wpsg_mod_statistics_piwik_checkout2'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_piwik_checkout2_target', $_REQUEST['wpsg_mod_statistics_piwik_checkout2_target'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_statistics_piwik_overview', $_REQUEST['wpsg_mod_statistics_piwik_overview'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_piwik_overview_target', $_REQUEST['wpsg_mod_statistics_piwik_overview_target'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_statistics_piwik_done', $_REQUEST['wpsg_mod_statistics_piwik_done'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_piwik_done_target', $_REQUEST['wpsg_mod_statistics_piwik_done_target'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_statistics_google_active', $_REQUEST['wpsg_mod_statistics_google_active'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_google_domainname', $_REQUEST['wpsg_mod_statistics_google_domainname'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_statistics_google_tracking_code', $_REQUEST['wpsg_mod_statistics_google_tracking_code'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_statistics_google_anonymise_ip_address', $_REQUEST['wpsg_mod_statistics_google_anonymise_ip_address'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_google_opt_out', $_REQUEST['wpsg_mod_statistics_google_opt_out'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_google_enhanced_tracking_code', $_REQUEST['wpsg_mod_statistics_google_enhanced_tracking_code'], false, false, "key");
+
+			$this->shop->update_option('wpsg_mod_statistics_google_track_page_load_time', $_REQUEST['wpsg_mod_statistics_google_track_page_load_time'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_google_done', $_REQUEST['wpsg_mod_statistics_google_done'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_statistics_google_basket', $_REQUEST['wpsg_mod_statistics_google_basket'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_statistics_google_checkout', $_REQUEST['wpsg_mod_statistics_google_checkout'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_statistics_google_checkout2', $_REQUEST['wpsg_mod_statistics_google_checkout2'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_statistics_google_overview', $_REQUEST['wpsg_mod_statistics_google_overview'], false, false, "text_field");
+
+			$this->shop->update_option('wpsg_mod_statistics_socialmedia_fb_px', $_REQUEST['wpsg_mod_statistics_socialmedia_fb_px'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_statistics_line_chart_width', $_REQUEST['wpsg_mod_statistics_line_chart_width'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_line_chart_height', $_REQUEST['wpsg_mod_statistics_line_chart_height'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_pie_chart_width', $_REQUEST['wpsg_mod_statistics_pie_chart_width'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_pie_chart_height', $_REQUEST['wpsg_mod_statistics_pie_chart_height'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_bar_chart_width', $_REQUEST['wpsg_mod_statistics_bar_chart_width'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_bar_chart_height', $_REQUEST['wpsg_mod_statistics_bar_chart_height'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_statistics_topproductcount', $_REQUEST['wpsg_mod_statistics_topproductcount'], false, false, "key");
 			$this->shop->update_option('wpsg_mod_statistics_status', implode(',', array_keys(array_filter((array)$_REQUEST['wpsg_mod_statistics_status'], create_function('$a','return $a != 0;')))));
-
-			$this->shop->update_option('wpsg_mod_statistics_googlekey', $_REQUEST['wpsg_mod_statistics_googlekey']);
-			$this->shop->update_option('wpsg_mod_statistics_productinterval', $_REQUEST['wpsg_mod_statistics_productinterval']);
+			// Todo: Function "create_function()" is deprecated PHP 7.2
+
+			$this->shop->update_option('wpsg_mod_statistics_googlekey', $_REQUEST['wpsg_mod_statistics_googlekey'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_statistics_productinterval', $_REQUEST['wpsg_mod_statistics_productinterval'], false, false, "key");
 				
 		}
Index: /mods/wpsg_mod_stock.class.php
===================================================================
--- /mods/wpsg_mod_stock.class.php	(revision 7397)
+++ /mods/wpsg_mod_stock.class.php	(revision 7398)
@@ -60,15 +60,15 @@
 
 			//$this->shop->update_option('wpsg_mod_stock_template', $_REQUEST['wpsg_mod_stock_template']);
-			$this->shop->update_option('wpsg_mod_stock_allow', $_REQUEST['wpsg_mod_stock_allow']);
-			$this->shop->update_option('wpsg_mod_stock_showBackendStock', $_REQUEST['wpsg_mod_stock_showBackendStock']);
-			$this->shop->update_option('wpsg_mod_stock_minstockproduct', $_REQUEST['wpsg_mod_stock_minstockproduct']);
-			$this->shop->update_option('wpsg_mod_stock_hideSoldout', $_REQUEST['wpsg_mod_stock_hideSoldout']);
+			$this->shop->update_option('wpsg_mod_stock_allow', $_REQUEST['wpsg_mod_stock_allow'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_stock_showBackendStock', $_REQUEST['wpsg_mod_stock_showBackendStock'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_stock_minstockproduct', $_REQUEST['wpsg_mod_stock_minstockproduct'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_stock_hideSoldout', $_REQUEST['wpsg_mod_stock_hideSoldout'], false, false, "key");
 
 			if ($this->shop->hasMod('wpsg_mod_productindex'))
 			{
-				$this->shop->update_option('wpsg_mod_stock_showProductindex', $_REQUEST['wpsg_mod_stock_showProductindex']);
-			}
-
-			$this->shop->update_option('wpsg_mod_stock_showProduct', $_REQUEST['wpsg_mod_stock_showProduct']);
+				$this->shop->update_option('wpsg_mod_stock_showProductindex', $_REQUEST['wpsg_mod_stock_showProductindex'], false, false, "key");
+			}
+
+			$this->shop->update_option('wpsg_mod_stock_showProduct', $_REQUEST['wpsg_mod_stock_showProduct'], false, false, "key");
 
 
@@ -100,5 +100,5 @@
 				{
 
-					$this->shop->callMod('wpsg_mod_productvariants', 'stockVarianten', array($_REQUEST['product_id']));
+					$this->shop->callMod('wpsg_mod_productvariants', 'stockVarianten', array(wpsg_sinput("key", $_REQUEST['product_id'])));
 
 				}
@@ -132,9 +132,9 @@
 
 			$this->db->UpdateQuery(WPSG_TBL_PRODUCTS, array(
-				"stock" => wpsg_q($_REQUEST['wpsg_mod_stock_stock']),
-				"stock_count" => wpsg_q($_REQUEST['wpsg_mod_stock_stock_count']),
-                "minstockproduct_count" => wpsg_q($_REQUEST['wpsg_mod_minstockproduct']),
-                "minstockproduct_mail" => wpsg_q($_REQUEST['wpsg_mod_stock_minstockproduct_mail'])
-			), "`id` = '".wpsg_q($produkt_id)."'");
+				"stock" => wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_stock_stock'])),
+				"stock_count" => wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_stock_stock_count'])),
+                "minstockproduct_count" => wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_minstockproduct'])),
+                "minstockproduct_mail" => wpsg_q(wpsg_sinput("email", $_REQUEST['wpsg_mod_stock_minstockproduct_mail']))
+			), "`id` = '".wpsg_q(wpsg_sinput("key", $produkt_id))."'");
 
 		} // public function produkt_save(&$produkt_id)
Index: /mods/wpsg_mod_su.class.php
===================================================================
--- /mods/wpsg_mod_su.class.php	(revision 7397)
+++ /mods/wpsg_mod_su.class.php	(revision 7398)
@@ -107,26 +107,26 @@
 		public function settings_save()
 		{
-			
-			$this->shop->update_option('wpsg_mod_su_bezeichnung', $_REQUEST['wpsg_mod_su_bezeichnung']);
-			$this->shop->update_option('wpsg_mod_su_aktiv', $_REQUEST['wpsg_mod_su_aktiv']);
-			$this->shop->update_option('wpsg_mod_su_hint', $_REQUEST['wpsg_mod_su_hint']);
-			
-			$this->shop->update_option('wpsg_mod_su_subject1', $_REQUEST['wpsg_mod_su_subject1']);
-			$this->shop->addTranslationString('wpsg_mod_su_subject1', $_REQUEST['wpsg_mod_su_subject1']);
-			$this->shop->update_option('wpsg_mod_su_subject2', $_REQUEST['wpsg_mod_su_subject2']);
-			$this->shop->addTranslationString('wpsg_mod_su_subject2', $_REQUEST['wpsg_mod_su_subject2']);
+
+			$this->shop->update_option('wpsg_mod_su_bezeichnung', $_REQUEST['wpsg_mod_su_bezeichnung'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_su_aktiv', $_REQUEST['wpsg_mod_su_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_su_hint', $_REQUEST['wpsg_mod_su_hint'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_su_subject1', $_REQUEST['wpsg_mod_su_subject1'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_su_subject1', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_su_subject1']));
+			$this->shop->update_option('wpsg_mod_su_subject2', $_REQUEST['wpsg_mod_su_subject2'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_su_subject2', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_su_subject2']));
 						
-			$this->shop->update_option('wpsg_mod_su_gebuehr', wpsg_tf($_REQUEST['wpsg_mod_su_gebuehr'], true));
-			$this->shop->update_option('wpsg_mod_su_mwst', $_REQUEST['wpsg_mod_su_mwst']);			 
-			$this->shop->update_option('wpsg_mod_su_mwstland', $_REQUEST['wpsg_mod_su_mwstland']);
-			
-			$this->shop->update_option('wpsg_mod_su_currency', $_REQUEST['wpsg_mod_su_currency']);
-			$this->shop->update_option('wpsg_mod_su_userid', $_REQUEST['wpsg_mod_su_userid']);
-			$this->shop->update_option('wpsg_mod_su_projectid', $_REQUEST['wpsg_mod_su_projectid']);
-			$this->shop->update_option('wpsg_mod_su_projectpassword', $_REQUEST['wpsg_mod_su_projectpassword']);
-			$this->shop->update_option('wpsg_mod_su_noticepassword', $_REQUEST['wpsg_mod_su_noticepassword']);
-			$this->shop->update_option('wpsg_mod_su_language', $_REQUEST['wpsg_mod_su_language']);
-			$this->shop->update_option('wpsg_mod_su_hash', $_REQUEST['wpsg_mod_su_hash']);			
-			$this->shop->update_option('wpsg_mod_su_autostart', $_REQUEST['wpsg_mod_su_autostart']);
+			$this->shop->update_option('wpsg_mod_su_gebuehr', $_REQUEST['wpsg_mod_su_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_su_mwst', $_REQUEST['wpsg_mod_su_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_su_mwstland', $_REQUEST['wpsg_mod_su_mwstland'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_su_currency', $_REQUEST['wpsg_mod_su_currency'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_su_userid', $_REQUEST['wpsg_mod_su_userid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_su_projectid', $_REQUEST['wpsg_mod_su_projectid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_su_projectpassword', $_REQUEST['wpsg_mod_su_projectpassword'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_su_noticepassword', $_REQUEST['wpsg_mod_su_noticepassword'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_su_language', $_REQUEST['wpsg_mod_su_language'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_su_hash', $_REQUEST['wpsg_mod_su_hash'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_su_autostart', $_REQUEST['wpsg_mod_su_autostart'], false, false, "key");
 			 			
 		} // public function settings_save()
@@ -187,42 +187,42 @@
 		public function template_redirect() 
 		{ 
-			
-			if (wpsg_isSizedString($_REQUEST['wpsg_plugin'], 'wpsg_mod_su') && wpsg_isSizedString($_REQUEST['confirm'], 'su'))			
-			{
-
-				$order = $this->db->fetchRow("SELECT * FROM `".WPSG_TBL_ORDER."` WHERE `id` = '".wpsg_q($_REQUEST['user_variable_2'])."'");				
+
+			if (wpsg_isSizedString($_REQUEST['wpsg_plugin'], 'wpsg_mod_su') && wpsg_isSizedString($_REQUEST['confirm'], 'su'))
+			{
+
+				$order = $this->db->fetchRow("SELECT * FROM `".WPSG_TBL_ORDER."` WHERE `id` = '".wpsg_q(sanitize_key($_REQUEST['user_variable_2']))."'");
 				if ($order['id'] <= 0) die();
 				
 				$arHash = array(
-					'transaction' => $_REQUEST['transaction'],
-					'user_id' => $_REQUEST['user_id'],
-					'project_id' => $_REQUEST['project_id'],
-					'sender_holder' => $_REQUEST['sender_holder'],
-					'sender_account_number' => $_REQUEST['sender_account_number'],
-					'sender_bank_code' => $_REQUEST['sender_bank_code'],
-					'sender_bank_name' => $_REQUEST['sender_bank_name'],
-					'sender_bank_bic' => $_REQUEST['sender_bank_bic'],
-					'sender_iban' => $_REQUEST['sender_iban'],
-					'sender_country_id' => $_REQUEST['sender_country_id'],
-					'recipient_holder' => $_REQUEST['recipient_holder'],
-					'recipient_account_number' => $_REQUEST['recipient_account_number'],
-					'recipient_bank_code' => $_REQUEST['recipient_bank_code'],
-					'recipient_bank_name' => $_REQUEST['recipient_bank_name'],
-					'recipient_bank_bic' => $_REQUEST['recipient_bank_bic'],
-					'recipient_iban' => $_REQUEST['recipient_iban'],
-					'recipient_country_id' => $_REQUEST['recipient_country_id'],
-					'international_transaction' => $_REQUEST['international_transaction'],
+					'transaction' => sanitize_key($_REQUEST['transaction']),
+					'user_id' => sanitize_key($_REQUEST['user_id']),
+					'project_id' => sanitize_key($_REQUEST['project_id']),
+					'sender_holder' => sanitize_key($_REQUEST['sender_holder']),
+					'sender_account_number' => sanitize_key($_REQUEST['sender_account_number']),
+					'sender_bank_code' => sanitize_key($_REQUEST['sender_bank_code']),
+					'sender_bank_name' => sanitize_text_field($_REQUEST['sender_bank_name']),
+					'sender_bank_bic' => sanitize_key($_REQUEST['sender_bank_bic']),
+					'sender_iban' => sanitize_key($_REQUEST['sender_iban']),
+					'sender_country_id' => sanitize_key($_REQUEST['sender_country_id']),
+					'recipient_holder' => sanitize_key($_REQUEST['recipient_holder']),
+					'recipient_account_number' => sanitize_key($_REQUEST['recipient_account_number']),
+					'recipient_bank_code' => sanitize_key($_REQUEST['recipient_bank_code']),
+					'recipient_bank_name' => sanitize_text_field($_REQUEST['recipient_bank_name']),
+					'recipient_bank_bic' => sanitize_key($_REQUEST['recipient_bank_bic']),
+					'recipient_iban' => sanitize_key($_REQUEST['recipient_iban']),
+					'recipient_country_id' => sanitize_key($_REQUEST['recipient_country_id']),
+					'international_transaction' => sanitize_key($_REQUEST['international_transaction']),
 					'amount' => number_format(wpsg_tf($order['price_gesamt']), 2, '.', ''),
-					'currency_id' => $_REQUEST['currency_id'],
-					'reason_1' => $_REQUEST['reason_1'],
-					'reason_2' => $_REQUEST['reason_2'],
-					'security_criteria' => $_REQUEST['security_criteria'],
-					'user_variable_0' => $_REQUEST['user_variable_0'],
-					'user_variable_1' => $_REQUEST['user_variable_1'],
-					'user_variable_2' => $_REQUEST['user_variable_2'],
-					'user_variable_3' => $_REQUEST['user_variable_3'],
-					'user_variable_4' => $_REQUEST['user_variable_4'],
-					'user_variable_5' => $_REQUEST['user_variable_5'],
-					'created' => $_REQUEST['created'],
+					'currency_id' => sanitize_key($_REQUEST['currency_id']),
+					'reason_1' => sanitize_key($_REQUEST['reason_1']),
+					'reason_2' => sanitize_key($_REQUEST['reason_2']),
+					'security_criteria' => sanitize_key($_REQUEST['security_criteria']),
+					'user_variable_0' => sanitize_key($_REQUEST['user_variable_0']),
+					'user_variable_1' => sanitize_key($_REQUEST['user_variable_1']),
+					'user_variable_2' => sanitize_key($_REQUEST['user_variable_2']),
+					'user_variable_3' => sanitize_key($_REQUEST['user_variable_3']),
+					'user_variable_4' => sanitize_key($_REQUEST['user_variable_4']),
+					'user_variable_5' => sanitize_key($_REQUEST['user_variable_5']),
+					'created' => sanitize_key($_REQUEST['created']),
 					'notification_password' => $this->shop->get_option('wpsg_mod_su_noticepassword')
 				);
Index: /mods/wpsg_mod_surfaceproduct.class.php
===================================================================
--- /mods/wpsg_mod_surfaceproduct.class.php	(revision 7397)
+++ /mods/wpsg_mod_surfaceproduct.class.php	(revision 7398)
@@ -94,6 +94,6 @@
 		{
 
-			$this->shop->update_option('wpsg_mod_surfaceproduct_einheit', $_REQUEST['wpsg_mod_surfaceproduct_einheit']);
-			$this->shop->update_option('wpsg_mod_surfaceproduct_faktor', $_REQUEST['wpsg_mod_surfaceproduct_faktor']);
+			$this->shop->update_option('wpsg_mod_surfaceproduct_einheit', $_REQUEST['wpsg_mod_surfaceproduct_einheit'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_surfaceproduct_faktor', $_REQUEST['wpsg_mod_surfaceproduct_faktor'], false, false, "key");
 
 		} // public function settings_save()
@@ -103,7 +103,7 @@
 			//wpsg_debug($_REQUEST);
 			
-			$produkt_data['wpsg_mod_surfaceproduct_productactiv'] = wpsg_q($_REQUEST['wpsg_mod_surfaceproduct']['wpsg_mod_surfaceproduct_productactiv']);
-			$produkt_data['wpsg_mod_surfaceproduct_mode'] = wpsg_q($_REQUEST['wpsg_mod_surfaceproduct']['wpsg_mod_surfaceproduct_mode']);
-			$produkt_data['wpsg_mod_surfaceproduct_mode_running'] = wpsg_q($_REQUEST['wpsg_mod_surfaceproduct']['wpsg_mod_surfaceproduct_mode_running']);
+			$produkt_data['wpsg_mod_surfaceproduct_productactiv'] = wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_surfaceproduct']['wpsg_mod_surfaceproduct_productactiv']));
+			$produkt_data['wpsg_mod_surfaceproduct_mode'] = wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_surfaceproduct']['wpsg_mod_surfaceproduct_mode']));
+			$produkt_data['wpsg_mod_surfaceproduct_mode_running'] = wpsg_q(wpsg_sinput("key", $_REQUEST['wpsg_mod_surfaceproduct']['wpsg_mod_surfaceproduct_mode_running']));
 			
 			//wpsg_debug($produkt_data);
@@ -115,7 +115,7 @@
 		{		  
 		 
-		  $order_data['wpsg_mod_surfaceproduct_running_order'] = wpsg_q($REQUEST['wpsg_mod_surfaceproduct']['wpsg_mod_surfaceproduct_running_order']);
-		  $order_data['wpsg_mod_surfaceproduct_mode_length'] = wpsg_q($REQUEST['wpsg_mod_surfaceproduct']['wpsg_mod_surfaceproduct_mode_length']);
-		  $order_data['wpsg_mod_surfaceproduct_mode_both'] = wpsg_q($REQUEST['wpsg_mod_surfaceproduct']['wpsg_mod_surfaceproduct_mode_both']);
+		  $order_data['wpsg_mod_surfaceproduct_running_order'] = wpsg_q(wpsg_xss($_REQUEST['wpsg_mod_surfaceproduct']['wpsg_mod_surfaceproduct_running_order']));
+		  $order_data['wpsg_mod_surfaceproduct_mode_length'] = wpsg_q(wpsg_xss($_REQUEST['wpsg_mod_surfaceproduct']['wpsg_mod_surfaceproduct_mode_length']));
+		  $order_data['wpsg_mod_surfaceproduct_mode_both'] = wpsg_q(wpsg_xss($_REQUEST['wpsg_mod_surfaceproduct']['wpsg_mod_surfaceproduct_mode_both']));
 		 
 		 }
Index: /mods/wpsg_mod_targo.class.php
===================================================================
--- /mods/wpsg_mod_targo.class.php	(revision 7397)
+++ /mods/wpsg_mod_targo.class.php	(revision 7398)
@@ -85,28 +85,28 @@
 		{
 			
-			$this->shop->update_option('wpsg_mod_targo_aktiv', $_REQUEST['wpsg_mod_targo_aktiv']);
-			$this->shop->update_option('wpsg_mod_targo_autostart', $_REQUEST['wpsg_mod_targo_autostart']);
-			$this->shop->update_option('wpsg_mod_targo_summe_min', $_REQUEST['wpsg_mod_targo_summe_min']);
-			$this->shop->update_option('wpsg_mod_targo_summe_max', $_REQUEST['wpsg_mod_targo_summe_max']);
-			$this->shop->update_option('wpsg_mod_targo_laufzeit_min', $_REQUEST['wpsg_mod_targo_laufzeit_min']);
-			$this->shop->update_option('wpsg_mod_targo_laufzeit_max', $_REQUEST['wpsg_mod_targo_laufzeit_max']);
-			$this->shop->update_option('wpsg_mod_targo_rate_min', $_REQUEST['wpsg_mod_targo_rate_min']);
-			$this->shop->update_option('wpsg_mod_targo_url_test', $_REQUEST['wpsg_mod_targo_url_test']);
-			$this->shop->update_option('wpsg_mod_targo_url_live', $_REQUEST['wpsg_mod_targo_url_live']);
-			$this->shop->update_option('wpsg_mod_targo_url_use', $_REQUEST['wpsg_mod_targo_url_use']);
-			$this->shop->update_option('wpsg_mod_targo_koop_id', $_REQUEST['wpsg_mod_targo_koop_id']);
-			$this->shop->update_option('wpsg_mod_targo_dealerid', $_REQUEST['wpsg_mod_targo_dealerid']);
-			$this->shop->update_option('wpsg_mod_targo_hashkey', $_REQUEST['wpsg_mod_targo_hashkey']);
-		
-			$this->shop->update_option('wpsg_mod_targo_dealerShopURL', $_REQUEST['wpsg_mod_targo_dealerShopURL']);
-			$this->shop->update_option('wpsg_mod_targo_dealerAbortURL', $_REQUEST['wpsg_mod_targo_dealerAbortURL']);
-				
-			$this->shop->update_option('wpsg_mod_targo_bezeichnung', $_REQUEST['wpsg_mod_targo_bezeichnung']);
-			$this->shop->update_option('wpsg_mod_targo_hint', $_REQUEST['wpsg_mod_targo_hint']);
+			$this->shop->update_option('wpsg_mod_targo_aktiv', $_REQUEST['wpsg_mod_targo_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_targo_autostart', $_REQUEST['wpsg_mod_targo_autostart'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_targo_summe_min', $_REQUEST['wpsg_mod_targo_summe_min'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_targo_summe_max', $_REQUEST['wpsg_mod_targo_summe_max'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_targo_laufzeit_min', $_REQUEST['wpsg_mod_targo_laufzeit_min'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_targo_laufzeit_max', $_REQUEST['wpsg_mod_targo_laufzeit_max'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_targo_rate_min', $_REQUEST['wpsg_mod_targo_rate_min'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_targo_url_test', $_REQUEST['wpsg_mod_targo_url_test'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_targo_url_live', $_REQUEST['wpsg_mod_targo_url_live'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_targo_url_use', $_REQUEST['wpsg_mod_targo_url_use'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_targo_koop_id', $_REQUEST['wpsg_mod_targo_koop_id'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_targo_dealerid', $_REQUEST['wpsg_mod_targo_dealerid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_targo_hashkey', $_REQUEST['wpsg_mod_targo_hashkey'], false, false, "key");
+		
+			$this->shop->update_option('wpsg_mod_targo_dealerShopURL', $_REQUEST['wpsg_mod_targo_dealerShopURL'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_targo_dealerAbortURL', $_REQUEST['wpsg_mod_targo_dealerAbortURL'], false, false, "text_field");
+				
+			$this->shop->update_option('wpsg_mod_targo_bezeichnung', $_REQUEST['wpsg_mod_targo_bezeichnung'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_targo_hint', $_REQUEST['wpsg_mod_targo_hint'], false, false, "text_field");
 			//$this->shop->update_option('wpsg_mod_targo_createwebhook', $_REQUEST['wpsg_mod_targo_createwebhook']);
-			$this->shop->update_option('wpsg_mod_targo_gebuehr', $_REQUEST['wpsg_mod_targo_gebuehr']);
-			$this->shop->update_option('wpsg_mod_targo_mwst', $_REQUEST['wpsg_mod_targo_mwst']);
-			$this->shop->update_option('wpsg_mod_targo_mwstland', $_REQUEST['wpsg_mod_targo_mwstland']);
-			
+			$this->shop->update_option('wpsg_mod_targo_gebuehr', $_REQUEST['wpsg_mod_targo_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_targo_mwst', $_REQUEST['wpsg_mod_targo_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_targo_mwstland', $_REQUEST['wpsg_mod_targo_mwstland'], false, false, "key");
+
 			//$this->shop->createPage(__('Erfolgreiche Targo Finanzierung', 'wpsg'), 'wpsg_mod_targo_success', $_REQUEST['wpsg_mod_targo_success']);
 			//$this->shop->createPage(__('Fehlgeschlagene Targo Finanzierung', 'wpsg'), 'wpsg_mod_targo_error', $_REQUEST['wpsg_mod_targo_error']);
@@ -203,6 +203,9 @@
 */						
 			//$url = "https://onlineapplication.uat.targobank.de/microsites/statustool/interface/request.asp" 
-			
-			$order_id = $_REQUEST['order_id'];
+
+			$_REQUEST['order_id'] = wpsg_sinput("key", $_REQUEST['order_id']);
+			$_REQUEST['paid'] = wpsg_sinput("key", $_REQUEST['paid']);
+
+			$order_id = wpsg_sinput("key", $_REQUEST['order_id']);
 			// PAID speichern zu Bestellung
 			$oOrder = wpsg_order::getInstance($order_id);
Index: /mods/wpsg_mod_topseller.class.php
===================================================================
--- /mods/wpsg_mod_topseller.class.php	(revision 7397)
+++ /mods/wpsg_mod_topseller.class.php	(revision 7398)
@@ -55,8 +55,8 @@
 		public function settings_save()
 		{
-			
-			$this->shop->update_option('wpsg_mod_topseller_auto', $_REQUEST['wpsg_mod_topseller_auto']);
-			$this->shop->update_option('wpsg_mod_topseller_limit', $_REQUEST['wpsg_mod_topseller_limit']);
-			$this->shop->update_option('wpsg_mod_topseller_template', $_REQUEST['wpsg_mod_topseller_template']);
+
+			$this->shop->update_option('wpsg_mod_topseller_auto', $_REQUEST['wpsg_mod_topseller_auto'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_topseller_limit', $_REQUEST['wpsg_mod_topseller_limit'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_topseller_template', $_REQUEST['wpsg_mod_topseller_template'], false, false, "key");
 			
 		} // public function settings_save()
@@ -78,5 +78,5 @@
 		{ 
 			
-			$produkt_data['wpsg_mod_topseller'] = wpsg_tf($_REQUEST['wpsg_mod_topseller']['status']);
+			$produkt_data['wpsg_mod_topseller'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['wpsg_mod_topseller']['status'], "isFloat"));
 			
 		} // public function produkt_save_before(&$produkt_data)
Index: /mods/wpsg_mod_trustedshops.class.php
===================================================================
--- /mods/wpsg_mod_trustedshops.class.php	(revision 7397)
+++ /mods/wpsg_mod_trustedshops.class.php	(revision 7398)
@@ -233,34 +233,37 @@
 		public function settings_save()
 		{
-			
-			$this->shop->update_option('wpsg_mod_trustedshops_shopid', $_REQUEST['wpsg_mod_trustedshops_shopid']);
-			
-			$this->shop->update_option('wpsg_mod_trustedshops_siegelcache', $_REQUEST['wpsg_mod_trustedshops_siegelcache']);
-			$this->shop->update_option('wpsg_mod_trustedshops_siegeltitle', $_REQUEST['wpsg_mod_trustedshops_siegeltitle']);
-			$this->shop->addTranslationString('wpsg_mod_trustedshops_siegeltitle', $_REQUEST['wpsg_mod_trustedshops_siegeltitle']);
-			$this->shop->update_option('wpsg_mod_trustedshops_customerset', $_REQUEST['wpsg_mod_trustedshops_customerset']);
-			$this->shop->update_option('wpsg_mod_trustedshops_customerset_preset', $_REQUEST['wpsg_mod_trustedshops_customerset_preset']);			
-			$this->shop->update_option('wpsg_mod_trustedshops_warranty', $_REQUEST['wpsg_mod_trustedshops_warranty']);
-			
-			$this->shop->update_option('wpsg_mod_trustedshops_orderdone', $_REQUEST['wpsg_mod_trustedshops_orderdone']);
-			$this->shop->update_option('wpsg_mod_trustedshops_orderdonetitle', $_REQUEST['wpsg_mod_trustedshops_orderdonetitle']);
-			$this->shop->addTranslationString('wpsg_mod_trustedshops_orderdonetitle', $_REQUEST['wpsg_mod_trustedshops_orderdonetitle']);
-			$this->shop->update_option('wpsg_mod_trustedshops_orderdonelogo', $_REQUEST['wpsg_mod_trustedshops_orderdonelogo']);
-			
-			$this->shop->update_option('wpsg_mod_trustedshops_customermail', $_REQUEST['wpsg_mod_trustedshops_customermail']);
-			$this->shop->update_option('wpsg_mod_trustedshops_customermailtitle', $_REQUEST['wpsg_mod_trustedshops_customermailtitle']);
-			$this->shop->addTranslationString('wpsg_mod_trustedshops_customermailtitle', $_REQUEST['wpsg_mod_trustedshops_customermailtitle']);
+
+			foreach($_REQUEST['wpsg_mod_trustedshops_state'] as $k => $v)
+				$_REQUEST['wpsg_mod_trustedshops_state'][$k] = wpsg_sinput("key", $v);
+
+			$this->shop->update_option('wpsg_mod_trustedshops_shopid', $_REQUEST['wpsg_mod_trustedshops_shopid'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_trustedshops_siegelcache', $_REQUEST['wpsg_mod_trustedshops_siegelcache'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_trustedshops_siegeltitle', $_REQUEST['wpsg_mod_trustedshops_siegeltitle'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_trustedshops_siegeltitle', wpsg_sanitize("text_field", $_REQUEST['wpsg_mod_trustedshops_siegeltitle']) ?: $this->shop->get_option('wpsg_mod_trustedshops_siegeltitle'));
+			$this->shop->update_option('wpsg_mod_trustedshops_customerset', $_REQUEST['wpsg_mod_trustedshops_customerset'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_trustedshops_customerset_preset', $_REQUEST['wpsg_mod_trustedshops_customerset_preset'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_trustedshops_warranty', $_REQUEST['wpsg_mod_trustedshops_warranty'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_trustedshops_orderdone', $_REQUEST['wpsg_mod_trustedshops_orderdone'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_trustedshops_orderdonetitle', $_REQUEST['wpsg_mod_trustedshops_orderdonetitle'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_trustedshops_orderdonetitle', wpsg_sanitize("text_field", $_REQUEST['wpsg_mod_trustedshops_orderdonetitle']) ?: $this->shop->get_option('wpsg_mod_trustedshops_orderdonetitle'));
+			$this->shop->update_option('wpsg_mod_trustedshops_orderdonelogo', $_REQUEST['wpsg_mod_trustedshops_orderdonelogo'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_trustedshops_customermail', $_REQUEST['wpsg_mod_trustedshops_customermail'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_trustedshops_customermailtitle', $_REQUEST['wpsg_mod_trustedshops_customermailtitle'], false, false, "text_field");
+			$this->shop->addTranslationString('wpsg_mod_trustedshops_customermailtitle', wpsg_sanitize("text_field", $_REQUEST['wpsg_mod_trustedshops_customermailtitle']) ?: $this->shop->get_option('wpsg_mod_trustedshops_customermailtitle'));
 			
 			if ($this->shop->hasMod('wpsg_mod_rechnungen')) 
 			{
 				
-				$this->shop->update_option('wpsg_mod_trustedshops_invoicemail', $_REQUEST['wpsg_mod_trustedshops_invoicemail']);
-				$this->shop->update_option('wpsg_mod_trustedshops_invoicemailtitle', $_REQUEST['wpsg_mod_trustedshops_invoicemailtitle']);
-				$this->shop->addTranslationString('wpsg_mod_trustedshops_invoicemailtitle', $_REQUEST['wpsg_mod_trustedshops_invoicemailtitle']);
-				
-			}
-			
-			$this->shop->update_option('wpsg_mod_trustedshops_reminder', $_REQUEST['wpsg_mod_trustedshops_reminder']);
-			$this->shop->update_option('wpsg_mod_trustedshops_reminderDays', $_REQUEST['wpsg_mod_trustedshops_reminderDays']);
+				$this->shop->update_option('wpsg_mod_trustedshops_invoicemail', $_REQUEST['wpsg_mod_trustedshops_invoicemail'], false, false, "key");
+				$this->shop->update_option('wpsg_mod_trustedshops_invoicemailtitle', $_REQUEST['wpsg_mod_trustedshops_invoicemailtitle'], false, false, "text_field");
+				$this->shop->addTranslationString('wpsg_mod_trustedshops_invoicemailtitle', $_REQUEST['wpsg_mod_trustedshops_invoicemailtitle'], false, false, "text_field");
+				
+			}
+			
+			$this->shop->update_option('wpsg_mod_trustedshops_reminder', $_REQUEST['wpsg_mod_trustedshops_reminder'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_trustedshops_reminderDays', $_REQUEST['wpsg_mod_trustedshops_reminderDays'], false, false, "key");
 			$this->shop->update_option('wpsg_mod_trustedshops_state', $_REQUEST['wpsg_mod_trustedshops_state']);
 			
@@ -365,6 +368,8 @@
 		
 		public function order_ajax() 
-		{ 
-			
+		{
+
+			$_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+
 			if ($_REQUEST['do'] == 'mail')
 			{
Index: /mods/wpsg_mod_userpayment.class.php
===================================================================
--- /mods/wpsg_mod_userpayment.class.php	(revision 7397)
+++ /mods/wpsg_mod_userpayment.class.php	(revision 7398)
@@ -62,5 +62,7 @@
 		public function be_ajax()
 		{
-			
+
+			$_REQUEST['zv_id'] = wpsg_sinput("key", $_REQUEST['zv_id']);
+
 			if ($_REQUEST['do'] == 'add')
 			{
@@ -91,8 +93,10 @@
 			else if ($_REQUEST['do'] == 'inlinedit')
 			{
-				
+
 				if ($_REQUEST['field'] == 'name')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+
 					$this->db->UpdateQuery(WPSG_TBL_ZV, array(
 						'name' => wpsg_q($_REQUEST['value'])
@@ -106,5 +110,7 @@
 				else if ($_REQUEST['field'] == 'hint')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+
 					$this->db->UpdateQuery(WPSG_TBL_ZV, array(
 						'hint' => wpsg_q($_REQUEST['value'])
@@ -118,5 +124,7 @@
 				else if ($_REQUEST['field'] == 'mwst_key')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_sinput("key", $_REQUEST['value']);
+
 					$this->db->UpdateQuery(WPSG_TBL_ZV, array(
 						'mwst_key' => wpsg_q($_REQUEST['value'])
@@ -129,5 +137,7 @@
 				else if ($_REQUEST['field'] == 'mwst_laender')
 				{
-				
+
+					$_REQUEST['value'] = wpsg_sinput("key", $_REQUEST['value']);
+
 					$this->db->UpdateQuery(WPSG_TBL_ZV, array(
 						'mwst_laender' => wpsg_q($_REQUEST['value'])
@@ -139,5 +149,7 @@
 				else if ($_REQUEST['field'] == 'rabgeb')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['value'], "isFloat"));
+
 					$this->db->UpdateQuery(WPSG_TBL_ZV, array(
 						'rabgeb' => wpsg_q($_REQUEST['value'])
@@ -149,5 +161,7 @@
 				else if ($_REQUEST['field'] == 'aktiv')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_sinput("key", $_REQUEST['value']);
+
 					$this->db->UpdateQuery(WPSG_TBL_ZV, array(
 						'aktiv' => wpsg_q($_REQUEST['value'])
Index: /mods/wpsg_mod_versandarten.class.php
===================================================================
--- /mods/wpsg_mod_versandarten.class.php	(revision 7397)
+++ /mods/wpsg_mod_versandarten.class.php	(revision 7398)
@@ -100,5 +100,7 @@
 			else if ($_REQUEST['do'] == 'remove')
 			{
-				
+
+				$_REQUEST['va_id'] = wpsg_sinput("key", $_REQUEST['va_id']);
+
 				$this->db->UpdateQuery(WPSG_TBL_VA, array(
 					"deleted" => "1"
@@ -110,8 +112,12 @@
 			else if ($_REQUEST['do'] == 'inlinedit')
 			{
+
+				$_REQUEST['va_id'] = wpsg_sinput("key", $_REQUEST['va_id']);
 				
 				if ($_REQUEST['field'] == 'name')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+
 					$this->db->UpdateQuery(WPSG_TBL_VA, array(
 						'name' => wpsg_q($_REQUEST['value'])
@@ -125,5 +131,7 @@
 				else if ($_REQUEST['field'] == 'typ')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_sinput("key", $_REQUEST['value']);
+
 					$this->db->UpdateQuery(WPSG_TBL_VA, array(
 						'typ' => wpsg_q($_REQUEST['value'])
@@ -135,5 +143,7 @@
 				else if ($_REQUEST['field'] == 'hint')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_sinput("text_field", $_REQUEST['value']);
+
 					$this->db->UpdateQuery(WPSG_TBL_VA, array(
 						'hint' => wpsg_q($_REQUEST['value'])
@@ -147,5 +157,7 @@
 				else if ($_REQUEST['field'] == 'vz')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_sinput("key", $_REQUEST['value']);
+
 					$this->db->UpdateQuery(WPSG_TBL_VA, array(
 						'vz' => wpsg_q($_REQUEST['value'])
@@ -160,4 +172,6 @@
 				else if ($_REQUEST['field'] == 'mwst_key')
 				{
+
+					$_REQUEST['value'] = wpsg_sinput("key", $_REQUEST['value']);
 					
 					$this->db->UpdateQuery(WPSG_TBL_VA, array(
@@ -171,5 +185,7 @@
 				else if ($_REQUEST['field'] == 'kosten')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['value'], "isFloat"));
+
 					$this->db->UpdateQuery(WPSG_TBL_VA, array(
 						'kosten' => wpsg_q($_REQUEST['value'])
@@ -181,4 +197,6 @@
 				else if ($_REQUEST['field'] == 'kosten_plz')
 				{
+
+					$_REQUEST['value'] = wpsg_sinput("key", $_REQUEST['value']);
 
 					$strKosten = $this->db->fetchOne("SELECT `kosten_plz` FROM ".WPSG_TBL_VA." WHERE `id` = '".wpsg_q($_REQUEST['va_id'])."'");
@@ -197,5 +215,7 @@
 				else if ($_REQUEST['field'] == 'mwst_laender')
 				{
-					
+
+					$_REQUEST['value'] = wpsg_sinput("key", $_REQUEST['value']);
+
 					$this->db->UpdateQuery(WPSG_TBL_VA, array(
 						'mwst_laender' => wpsg_q($_REQUEST['value'])
@@ -207,4 +227,6 @@
 				else if ($_REQUEST['field'] == 'aktiv')
 				{
+
+					$_REQUEST['value'] = wpsg_sinput("key", $_REQUEST['value']);
 					
 					$this->db->UpdateQuery(WPSG_TBL_VA, array(
Index: /mods/wpsg_mod_voucherproduct.class.php
===================================================================
--- /mods/wpsg_mod_voucherproduct.class.php	(revision 7397)
+++ /mods/wpsg_mod_voucherproduct.class.php	(revision 7398)
@@ -98,8 +98,8 @@
 		public function settings_save() 
 		{
-			
-			$this->shop->update_option('wpsg_mod_voucherproduct_texte', $_REQUEST['text']);
-			$this->shop->update_option('wpsg_voucherproduct_width', $_REQUEST['wpsg_voucherproduct_width']);
-			$this->shop->update_option('wpsg_voucherproduct_height', $_REQUEST['wpsg_voucherproduct_height']);
+
+			$this->shop->update_option('wpsg_mod_voucherproduct_texte', $_REQUEST['text'], false, false, "wpsg_txt_tbl");
+			$this->shop->update_option('wpsg_voucherproduct_width', $_REQUEST['wpsg_voucherproduct_width'], false, false, "key");
+			$this->shop->update_option('wpsg_voucherproduct_height', $_REQUEST['wpsg_voucherproduct_height'], false, false, "key");
 			
 			// Briefpapier
@@ -153,7 +153,7 @@
 		{ 
 			
-			$produkt_data['wpsg_mod_voucherproduct_gs'] = wpsg_q(wpsg_getStr($_REQUEST['wpsg_mod_voucherproduct_gs']));			
-			$produkt_data['wpsg_mod_voucherproduct_gslaenge'] = intval(wpsg_getStr($_REQUEST['wpsg_mod_voucherproduct_gslaenge']));
-			$produkt_data['wpsg_mod_voucherproduct_available'] = intval(wpsg_getStr($_REQUEST['wpsg_mod_voucherproduct_available']));
+			$produkt_data['wpsg_mod_voucherproduct_gs'] = wpsg_q(wpsg_sinput("key", wpsg_getStr($_REQUEST['wpsg_mod_voucherproduct_gs'])));
+			$produkt_data['wpsg_mod_voucherproduct_gslaenge'] = intval(wpsg_sinput("key", wpsg_getStr($_REQUEST['wpsg_mod_voucherproduct_gslaenge'])));
+			$produkt_data['wpsg_mod_voucherproduct_available'] = intval(wpsg_sinput("key", wpsg_getStr($_REQUEST['wpsg_mod_voucherproduct_available'])));
 			
 		} // public function produkt_save_before(&$produkt_data)
@@ -349,9 +349,10 @@
 		
 		public function order_ajax() 
-		{ 
-			
+		{
+
 			if ($_REQUEST['cmd'] == 'sendVoucher')
 			{
-				
+
+				$_REQUEST['order_id'] = wpsg_sinput("key", $_REQUEST['order_id']);
 				$order_id = $_REQUEST['order_id'];
 				
@@ -559,11 +560,17 @@
 			
 		} // public function getBackendDownloadURL($order_id, $gs_id)
-		
+
 		/**
 		 * Generiert das Gutscheindokument
 		 *
-		 * @param varchar $code Der Gutscheincode
-		 * @param int $order_id Die Bestell ID
-		 * @param int $product_id Die Produkt ID
+		 * @param varchar $code       Der Gutscheincode
+		 * @param int     $order_id   Die Bestell ID
+		 * @param int     $product_id Die Produkt ID
+		 *
+		 * @param         $preview
+		 * @param         $product_index
+		 *
+		 * @return
+		 * @throws \wpsg\Exception
 		 */
 		public function genGSDokument($code, $order_id, $product_id, $preview, $product_index)
Index: /mods/wpsg_mod_weight.class.php
===================================================================
--- /mods/wpsg_mod_weight.class.php	(revision 7397)
+++ /mods/wpsg_mod_weight.class.php	(revision 7398)
@@ -77,17 +77,17 @@
 		{
 
-			$this->shop->update_option('wpsg_mod_weight_unit', $_REQUEST['wpsg_mod_weight_unit']);
-			$this->shop->update_option('wpsg_mod_weight_showProduct', $_REQUEST['wpsg_mod_weight_showProduct']);
-			$this->shop->update_option('wpsg_mod_weight_showBasket', $_REQUEST['wpsg_mod_weight_showBasket']);
-			$this->shop->update_option('wpsg_mod_weight_showAjaxDialog', $_REQUEST['wpsg_mod_weight_showAjaxDialog']);
-			$this->shop->update_option('wpsg_mod_weight_showBasketProduct', $_REQUEST['wpsg_mod_weight_showBasketProduct']);
-			$this->shop->update_option('wpsg_mod_weight_showOverview', $_REQUEST['wpsg_mod_weight_showOverview']);
-			$this->shop->update_option('wpsg_mod_weight_showOverviewProduct', $_REQUEST['wpsg_mod_weight_showOverviewProduct']);
+			$this->shop->update_option('wpsg_mod_weight_unit', $_REQUEST['wpsg_mod_weight_unit'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_weight_showProduct', $_REQUEST['wpsg_mod_weight_showProduct'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_weight_showBasket', $_REQUEST['wpsg_mod_weight_showBasket'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_weight_showAjaxDialog', $_REQUEST['wpsg_mod_weight_showAjaxDialog'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_weight_showBasketProduct', $_REQUEST['wpsg_mod_weight_showBasketProduct'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_weight_showOverview', $_REQUEST['wpsg_mod_weight_showOverview'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_weight_showOverviewProduct', $_REQUEST['wpsg_mod_weight_showOverviewProduct'], false, false, "key");
 
 			if ($this->shop->hasMod('wpsg_mod_request'))
 			{
 
-				$this->shop->update_option('wpsg_mod_weight_showRequestPage', $_REQUEST['wpsg_mod_weight_showRequestPage']);
-				$this->shop->update_option('wpsg_mod_weight_showRequestPageProduct', $_REQUEST['wpsg_mod_weight_showRequestPageProduct']);
+				$this->shop->update_option('wpsg_mod_weight_showRequestPage', $_REQUEST['wpsg_mod_weight_showRequestPage'], false, false, "key");
+				$this->shop->update_option('wpsg_mod_weight_showRequestPageProduct', $_REQUEST['wpsg_mod_weight_showRequestPageProduct'], false, false, "key");
 
 			}
@@ -95,7 +95,7 @@
 			if ($this->shop->hasMod('wpsg_mod_productindex'))
 			{
-				$this->shop->update_option('wpsg_mod_weight_showProductindex', $_REQUEST['wpsg_mod_weight_showProductindex']);
-			}
-			$this->shop->update_option('wpsg_mod_weight_showProductindexBackend', $_REQUEST['wpsg_mod_weight_showProductindexBackend']);
+				$this->shop->update_option('wpsg_mod_weight_showProductindex', $_REQUEST['wpsg_mod_weight_showProductindex'], false, false, "key");
+			}
+			$this->shop->update_option('wpsg_mod_weight_showProductindexBackend', $_REQUEST['wpsg_mod_weight_showProductindexBackend'], false, false, "key");
 			
 		} // public function settings_save()
@@ -169,5 +169,5 @@
 		{
 
-			$produkt_data['weight'] = wpsg_tf($_REQUEST['wpsg_mod_weight']['weight']);
+			$produkt_data['weight'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['wpsg_mod_weight']['weight']));
 
 		} // public function produkt_save_before(&$produkt_data)
Index: /mods/wpsg_mod_willcollect.class.php
===================================================================
--- /mods/wpsg_mod_willcollect.class.php	(revision 7397)
+++ /mods/wpsg_mod_willcollect.class.php	(revision 7398)
@@ -57,23 +57,24 @@
 		public function settings_save()
 		{
-		
-			$this->shop->update_option('wpsg_mod_willcollect_bezeichnung', $_REQUEST['wpsg_mod_willcollect_bezeichnung']);
-			$this->shop->update_option('wpsg_mod_willcollect_aktiv', $_REQUEST['wpsg_mod_willcollect_aktiv']);
-			$this->shop->update_option('wpsg_mod_willcollect_hint', $_REQUEST['wpsg_mod_willcollect_hint']);
-			$this->shop->update_option('wpsg_mod_willcollect_paymentneed', $_REQUEST['wpsg_mod_willcollect_paymentneed']);
-			$this->shop->update_option('wpsg_mod_willcollect_dontMerge', $_REQUEST['wpsg_mod_willcollect_dontMerge']);
-			
-			$this->shop->update_option('wpsg_mod_willcollect_adress', $_REQUEST['wpsg_mod_willcollect_adress']);
-			$this->shop->update_option('wpsg_mod_willcollect_street', $_REQUEST['wpsg_mod_willcollect_street']);
-			$this->shop->update_option('wpsg_mod_willcollect_plzort', $_REQUEST['wpsg_mod_willcollect_plzort']);
-			
-			$this->shop->update_option('wpsg_mod_willcollect_payment', $_REQUEST['wpsg_mod_willcollect_payment']);
-			$this->shop->update_option('wpsg_mod_willcollect_payment_bezeichnung', $_REQUEST['wpsg_mod_willcollect_payment_bezeichnung']);
-			$this->shop->update_option('wpsg_mod_willcollect_payment_hint', $_REQUEST['wpsg_mod_willcollect_payment_hint']);
-			
-			$this->shop->update_option('wpsg_mod_willcollect_gebuehr', $_REQUEST['wpsg_mod_willcollect_gebuehr']);
-			$this->shop->update_option('wpsg_mod_willcollect_payment_gebuehr', $_REQUEST['wpsg_mod_willcollect_payment_gebuehr']);
-			$this->shop->update_option('wpsg_mod_willcollect_mwst', $_REQUEST['wpsg_mod_willcollect_mwst']);
-			$this->shop->update_option('wpsg_mod_willcollect_mwstland', $_REQUEST['wpsg_mod_willcollect_mwstland']);
+
+			$this->shop->update_option('wpsg_mod_willcollect_bezeichnung', $_REQUEST['wpsg_mod_willcollect_bezeichnung'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_willcollect_aktiv', $_REQUEST['wpsg_mod_willcollect_aktiv'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_willcollect_hint', $_REQUEST['wpsg_mod_willcollect_hint'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_willcollect_paymentneed', $_REQUEST['wpsg_mod_willcollect_paymentneed'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_willcollect_dontMerge', $_REQUEST['wpsg_mod_willcollect_dontMerge'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_willcollect_adress', $_REQUEST['wpsg_mod_willcollect_adress'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_willcollect_street', $_REQUEST['wpsg_mod_willcollect_street'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_willcollect_plzort', $_REQUEST['wpsg_mod_willcollect_plzort'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_willcollect_payment', $_REQUEST['wpsg_mod_willcollect_payment'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_willcollect_payment_bezeichnung', $_REQUEST['wpsg_mod_willcollect_payment_bezeichnung'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_willcollect_payment_hint', $_REQUEST['wpsg_mod_willcollect_payment_hint'], false, false, "text_field");
+			
+			$this->shop->update_option('wpsg_mod_willcollect_gebuehr', $_REQUEST['wpsg_mod_willcollect_gebuehr'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_willcollect_payment_gebuehr', $_REQUEST['wpsg_mod_willcollect_payment_gebuehr'], false, false, "key", ["isFloat"]);
+
+			$this->shop->update_option('wpsg_mod_willcollect_mwst', $_REQUEST['wpsg_mod_willcollect_mwst'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_willcollect_mwstland', $_REQUEST['wpsg_mod_willcollect_mwstland'], false, false, "key");
 			
 		} // public function settings_save()
Index: /mods/wpsg_mod_wirecard.class.php
===================================================================
--- /mods/wpsg_mod_wirecard.class.php	(revision 7397)
+++ /mods/wpsg_mod_wirecard.class.php	(revision 7398)
@@ -80,18 +80,18 @@
 		public function settings_save()
 		{
-			
-			$this->shop->update_option('wpsg_mod_wirecard_name', $_REQUEST['wpsg_mod_wirecard_name']);
+
+			$this->shop->update_option('wpsg_mod_wirecard_name', $_REQUEST['wpsg_mod_wirecard_name'], false, false, "text_field");
 			$this->shop->update_option('wpsg_mod_wirecard_activ', $_REQUEST['wpsg_mod_wirecard_activ']);
-			$this->shop->update_option('wpsg_mod_wirecard_hint', $_REQUEST['wpsg_mod_wirecard_hint']);
-			$this->shop->update_option('wpsg_mod_wirecard_logo', $_REQUEST['wpsg_mod_wirecard_logo']);
-			
-			$this->shop->addTranslationString('wpsg_mod_wirecard_name', $_REQUEST['wpsg_mod_wirecard_name']);
-			$this->shop->addTranslationString('wpsg_mod_wirecard_hint', $_REQUEST['wpsg_mod_wirecard_hint']);
-			
-			$this->shop->update_option('wpsg_mod_wirecard_customerid', $_REQUEST['wpsg_mod_wirecard_customerid']);
-			$this->shop->update_option('wpsg_mod_wirecard_secret', $_REQUEST['wpsg_mod_wirecard_secret']);
-			$this->shop->update_option('wpsg_mod_wirecard_shopid', $_REQUEST['wpsg_mod_wirecard_shopid']);
-			
-			$this->shop->update_option('wpsg_mod_wirecard_gebuehr', $_REQUEST['wpsg_mod_wirecard_gebuehr']);
+			$this->shop->update_option('wpsg_mod_wirecard_hint', $_REQUEST['wpsg_mod_wirecard_hint'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_wirecard_logo', $_REQUEST['wpsg_mod_wirecard_logo'], false, false, "text_field");
+
+			$this->shop->addTranslationString('wpsg_mod_wirecard_name', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_wirecard_name']));
+			$this->shop->addTranslationString('wpsg_mod_wirecard_hint', wpsg_sinput("text_field", $_REQUEST['wpsg_mod_wirecard_hint']));
+			
+			$this->shop->update_option('wpsg_mod_wirecard_customerid', $_REQUEST['wpsg_mod_wirecard_customerid'], false, false, "key");
+			$this->shop->update_option('wpsg_mod_wirecard_secret', $_REQUEST['wpsg_mod_wirecard_secret'], false, false, "text_field");
+			$this->shop->update_option('wpsg_mod_wirecard_shopid', $_REQUEST['wpsg_mod_wirecard_shopid'], false, false, "key");
+			
+			$this->shop->update_option('wpsg_mod_wirecard_gebuehr', $_REQUEST['wpsg_mod_wirecard_gebuehr'], false, false, "key", ["isFloat"]);
 			$this->shop->update_option('wpsg_mod_wirecard_mwst', $_REQUEST['wpsg_mod_wirecard_mwst']);
 			$this->shop->update_option('wpsg_mod_wirecard_mwstland', $_REQUEST['wpsg_mod_wirecard_mwstland']);
@@ -100,8 +100,8 @@
 			$this->shop->update_option('wpsg_mod_wirecard_language', $_REQUEST['wpsg_mod_wirecard_language']);
 			$this->shop->update_option('wpsg_mod_wirecard_autostart', $_REQUEST['wpsg_mod_wirecard_autostart']);
-			$this->shop->update_option('wpsg_mod_wirecard_subject', $_REQUEST['wpsg_mod_wirecard_subject']);
+			$this->shop->update_option('wpsg_mod_wirecard_subject', $_REQUEST['wpsg_mod_wirecard_subject'], false, false, "text_field");
 			$this->shop->update_option('wpsg_mod_wirecard_submitadress', $_REQUEST['wpsg_mod_wirecard_submitadress']);
-			$this->shop->update_option('wpsg_mod_wirecard_minValue', $_REQUEST['wpsg_mod_wirecard_minValue']);
-			$this->shop->update_option('wpsg_mod_wirecard_maxValue', $_REQUEST['wpsg_mod_wirecard_maxValue']);
+			$this->shop->update_option('wpsg_mod_wirecard_minValue', $_REQUEST['wpsg_mod_wirecard_minValue'], false, false, "key", ["isFloat"]);
+			$this->shop->update_option('wpsg_mod_wirecard_maxValue', $_REQUEST['wpsg_mod_wirecard_maxValue'], false, false, "key", ["isFloat"]);
 			
 			$this->shop->createPage(__('Erfolgreiche wirecard Zahlung', 'wpsg'), 'wpsg_page_mod_wirecard_success', $_REQUEST['wpsg_page_mod_wirecard_success']);
Index: /system/intern/mods/wpsg_mod_cab.class.php
===================================================================
--- /system/intern/mods/wpsg_mod_cab.class.php	(revision 7397)
+++ /system/intern/mods/wpsg_mod_cab.class.php	(revision 7398)
@@ -186,5 +186,7 @@
 		public function order_ajax()
 		{
-			
+
+			if(isset($_REQUEST['edit_id'])) $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+
 			 if ($_REQUEST['cmd'] == 'refresh')
 			 {
@@ -235,5 +237,5 @@
 			 {
 			 	
-			 	$repay = wpsg_tf($_REQUEST['value']);
+			 	$repay = wpsg_tf(wpsg_sinput("key", $_REQUEST['value'], "isFloat"));
 				
 			 	$order_data = $this->shop->cache->loadOrder($_REQUEST['edit_id']);
Index: /system/intern/mods/wpsg_mod_orderupload.class.php
===================================================================
--- /system/intern/mods/wpsg_mod_orderupload.class.php	(revision 7397)
+++ /system/intern/mods/wpsg_mod_orderupload.class.php	(revision 7398)
@@ -167,5 +167,5 @@
 				header('Pragma: public');
 				
-				die(file_get_contents($this->getSavePath($_REQUEST['edit_id']).'/'.rawurldecode($_REQUEST['wpsg_mod_orderupload_download'])));
+				die(file_get_contents($this->getSavePath(wpsg_sinput("key", $_REQUEST['edit_id'])).'/'.rawurldecode($_REQUEST['wpsg_mod_orderupload_download'])));
 				
 			}
Index: /system/intern/mods/wpsg_mod_varianten.class.php
===================================================================
--- /system/intern/mods/wpsg_mod_varianten.class.php	(revision 7397)
+++ /system/intern/mods/wpsg_mod_varianten.class.php	(revision 7398)
@@ -284,6 +284,7 @@
 		public function produkt_ajax()
 		{
-			
+
 			//error_reporting(E_ALL);
+			$_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
 			
 			if (isset($_REQUEST['cmd']) && $_REQUEST['cmd'] == 'wpsg_vp_add')
@@ -428,6 +429,6 @@
 				
 				$vp_data[$_REQUEST['var_id']]['vari'][] = array(
-					"name" => $_REQUEST['vari_name'],
-					"preis" => wpsg_tf($_REQUEST['vari_preis']),
+					"name" => wpsg_sinput("text_field", $_REQUEST['vari_name']),
+					"preis" => wpsg_tf(wpsg_sinput("key", $_REQUEST['vari_preis'], "isFloat")),
 					"aktiv" => "1"
 				);
Index: /system/intern/mods/wpsg_mod_videodownload.class.php
===================================================================
--- /system/intern/mods/wpsg_mod_videodownload.class.php	(revision 7397)
+++ /system/intern/mods/wpsg_mod_videodownload.class.php	(revision 7398)
@@ -215,5 +215,7 @@
 		public function produkt_ajax() 
 		{
-			
+
+			$_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+
 			if ($_REQUEST['cmd'] == 'upload_file')
 			{
@@ -246,6 +248,9 @@
 		} // public function produkt_ajax()
 		 
-		public function order_ajax() { 
-			
+		public function order_ajax() {
+
+			if(isset($_REQUEST['edit_id'])) $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+			if(isset($_REQUEST['file'])) $_REQUEST['file'] = wpsg_sinput("text_field", $_REQUEST['file']);
+
 			if ($_REQUEST['cmd'] == 'schedule_file')
 			{
Index: /system/intern/views/produkttemplates/standard_alt.phtml
===================================================================
--- /system/intern/views/produkttemplates/standard_alt.phtml	(revision 7397)
+++ /system/intern/views/produkttemplates/standard_alt.phtml	(revision 7398)
@@ -124,5 +124,5 @@
 					<?php if ($this->hasMod('wpsg_mod_stock') && $this->get_option('wpsg_mod_stock_showProduct') == '1') { ?>
 					<div class="wpsg_mod_produktindex_stock">
-						<img src="<?php echo WPSG_URL_WP;?>wp-content/plugins/wpshopgermany/views/gfx/stock_pos.png" />
+						<img src="<?php echo WPSG_URL_WP.WPSG_CONTENTDIR_WP;?>/plugins/wpshopgermany/views/gfx/stock_pos.png" />
 						<label><?php echo wpsg_translate(__('#1#','wpsg'), $this->view['data']['stock']);  ?></label><?php echo wpsg_translate(__(' Artikel auf Lager', 'wpsg')); ?>	
 					</div>
@@ -161,5 +161,5 @@
 						<?php } else {?>
 							<div class="wpsg_mod_deliverytime">
-								<img src="<?php echo WPSG_URL_WP;?>wp-content/plugins/wpshopgermany/views/gfx/deliverytime.png" />
+								<img src="<?php echo WPSG_URL_WP.WPSG_CONTENTDIR_WP;?>/plugins/wpshopgermany/views/gfx/deliverytime.png" />
 								<label><?php echo wpsg_translate(__('Lieferzeit:', 'wpsg')); ?></label>
 								<?php echo $this->callMod('wpsg_mod_deliverytime', 'displayDeliveryTime', array($this->view['data']['product_key'])); ?>
@@ -170,5 +170,5 @@
 							<?php if (wpsg_isSizedString($strDelayNote)) { ?>
 							<div class="wpsg_mod_deliverytime_offline">
-								<img src="<?php echo WPSG_URL_WP;?>wp-content/plugins/wpshopgermany/views/gfx/deliverytime-offline.png" />
+								<img src="<?php echo WPSG_URL_WP.WPSG_CONTENTDIR_WP;?>/plugins/wpshopgermany/views/gfx/deliverytime-offline.png" />
 								<div class="wpsg_mod_deliverytime_delay"><?php echo wpsg_hspc($strDelayNote); ?></div>
 							</div>
Index: /system/intern/views/produkttemplates/standard_mt.phtml
===================================================================
--- /system/intern/views/produkttemplates/standard_mt.phtml	(revision 7397)
+++ /system/intern/views/produkttemplates/standard_mt.phtml	(revision 7398)
@@ -138,5 +138,5 @@
 					<?php if ($this->hasMod('wpsg_mod_stock') && $this->get_option('wpsg_mod_stock_showProduct') == '1') { ?>
 					<div class="wpsg_mod_produktindex_stock">
-						<img src="<?php echo WPSG_URL_WP;?>wp-content/plugins/wpshopgermany/views/gfx/stock_pos.png" />
+						<img src="<?php echo WPSG_URL_WP.WPSG_CONTENTDIR_WP;?>/plugins/wpshopgermany/views/gfx/stock_pos.png" />
 						<label><?php echo wpsg_translate(__('#1#','wpsg'), $this->view['data']['stock']);  ?></label><?php echo wpsg_translate(__(' Artikel auf Lager', 'wpsg')); ?>	
 					</div>
@@ -175,5 +175,5 @@
 						<?php } else {?>
 							<div class="wpsg_mod_deliverytime">
-								<img src="<?php echo WPSG_URL_WP;?>wp-content/plugins/wpshopgermany/views/gfx/deliverytime.png" />
+								<img src="<?php echo WPSG_URL_WP.WPSG_CONTENTDIR_WP;?>/plugins/wpshopgermany/views/gfx/deliverytime.png" />
 								<label><?php echo wpsg_translate(__('Lieferzeit:', 'wpsg')); ?></label>
 								<?php echo $this->callMod('wpsg_mod_deliverytime', 'displayDeliveryTime', array($this->view['data']['product_key'])); ?>
@@ -184,5 +184,5 @@
 							<?php if (wpsg_isSizedString($strDelayNote)) { ?>
 							<div class="wpsg_mod_deliverytime_offline">
-								<img src="<?php echo WPSG_URL_WP;?>wp-content/plugins/wpshopgermany/views/gfx/deliverytime-offline.png" />
+								<img src="<?php echo WPSG_URL_WP.WPSG_CONTENTDIR_WP;?>/plugins/wpshopgermany/views/gfx/deliverytime-offline.png" />
 								<div class="wpsg_mod_deliverytime_delay"><?php echo wpsg_hspc($strDelayNote); ?></div>
 							</div>
Index: /system/tests/wpsg_calculation_autoload.php
===================================================================
--- /system/tests/wpsg_calculation_autoload.php	(revision 7397)
+++ /system/tests/wpsg_calculation_autoload.php	(revision 7398)
@@ -11,6 +11,9 @@
 	error_reporting(E_ERROR);
 	ini_set("display_errors", "1");
-	
-	require_once(dirname(__FILE__).'/../../../../../wp-load.php');
-	require_once(dirname(__FILE__).'/../../wpshopgermany.php');
+
+	require_once(ABSPATH.'/wp-load.php');
+	require_once(plugin_dir_path(__FILE__).'wpshopgermany.php');
+
+	#require_once(dirname(__FILE__).'/../../../../../wp-load.php');
+	#require_once(dirname(__FILE__).'/../../wpshopgermany.php');
             
Index: /views/admin/licence.phtml
===================================================================
--- /views/admin/licence.phtml	(revision 7397)
+++ /views/admin/licence.phtml	(revision 7398)
@@ -184,5 +184,4 @@
                         
                         <?php if (wpsg_isSizedArray($wpsg_update_data)) { ?>
-                        
                             <?php // Ich zeige hier nur die Aktiven Module an ?>
                             <?php foreach ($wpsg_update_data['modulinfo'] as $modul_key => $modul_info) { if ($modul_info['active'] !== true) unset($wpsg_update_data['modulinfo'][$modul_key]); } ?>
Index: /views/mods/mod_statistics/settings_edit.phtml
===================================================================
--- /views/mods/mod_statistics/settings_edit.phtml	(revision 7397)
+++ /views/mods/mod_statistics/settings_edit.phtml	(revision 7398)
@@ -6,5 +6,6 @@
         <li role="presentation"><a href="#tab2" aria-controls="profile" role="tab" data-toggle="tab"><?php echo __('Piwik', 'wpsg'); ?></a></li>
         <li role="presentation"><a href="#tab3" aria-controls="profile" role="tab" data-toggle="tab"><?php echo __('Google', 'wpsg'); ?></a></li>
-        <li role="presentation"><a href="#tab4" aria-controls="messages" role="tab" data-toggle="tab"><?php echo __('Sonstiges', 'wpsg'); ?></a></li>
+        <li role="presentation"><a href="#tab4" aria-controls="profile" role="tab" data-toggle="tab"><?php echo __('Social Media', 'wpsg'); ?></a></li>
+        <li role="presentation"><a href="#tab5" aria-controls="messages" role="tab" data-toggle="tab"><?php echo __('Sonstiges', 'wpsg'); ?></a></li>
     </ul>
 
@@ -87,5 +88,9 @@
 			 
 			echo wpsg_drawForm_Checkbox('wpsg_mod_statistics_google_track_page_load_time', __('Ladegeschwindigkeit der Website erfassen', 'wpsg'), $this->get_option('wpsg_mod_statistics_google_track_page_load_time'), array('help' => 'wpsg_mod_statistics_google_track_page_load_time'));
-		?>	
+
+			echo wpsg_drawForm_Checkbox('wpsg_mod_statistics_google_opt_out', __('Google Opt Out', 'wpsg'), $this->get_option('wpsg_mod_statistics_google_opt_out'), array('help' => 'wpsg_mod_statistics_google_opt_out'));
+
+			echo wpsg_drawForm_Checkbox('wpsg_mod_statistics_google_enhanced_tracking_code', __('Enhanced Tacking Code', 'wpsg'), $this->get_option('wpsg_mod_statistics_google_enhanced_tracking_code'), array('help' => 'wpsg_mod_statistics_google_enhanced_tracking_code'));
+		?>
 			<h3><?php echo __('Zieleinrichtung in Google Analytics', 'wpsg'); ?></h3>
 			
@@ -120,6 +125,13 @@
 			<div class="wpsg_clearer"></div>
 		</div>
-		
-		<div role="tabpanel" class="tab-pane" id="tab4">
+
+		<div role="tabpanel" id="tab4" class="tab-pane">
+		<?php
+			echo wpsg_drawForm_input('wpsg_mod_statistics_socialmedia_fb_px', __('Facebook Pixel', 'wpsg'), $this->get_option('wpsg_mod_statistics_socialmedia_fb_px'), array('help' => 'wpsg_mod_statistics_socialmedia_fb_px'));
+		?>
+			<div class="wpsg_clearer"></div>
+		</div>
+
+		<div role="tabpanel" class="tab-pane" id="tab5">
 		<?php 
 			echo wpsg_drawForm_Input('wpsg_mod_statistics_line_chart_width', __('Liniendiagramm (Breite in px)', 'wpsg'), $this->get_option('wpsg_mod_statistics_line_chart_width'), array('help' => 'wpsg_mod_statistics_line_chart_width'));
Index: /views/order/product_table.phtml
===================================================================
--- /views/order/product_table.phtml	(revision 7397)
+++ /views/order/product_table.phtml	(revision 7398)
@@ -319,4 +319,4 @@
 </table>
 
-<?php wpsg_debug($arCalculation);  ?>
+<?php //wpsg_debug($arCalculation);  ?>
 	
Index: /views/order/view.phtml
===================================================================
--- /views/order/view.phtml	(revision 7397)
+++ /views/order/view.phtml	(revision 7398)
@@ -47,5 +47,5 @@
 
             <?php $i = 0; foreach ($this->view['arSubAction'] as $k => $v) { $i ++; ?>
-            
+
             	<a class="list-group-item <?php echo ((wpsg_getStr($_COOKIE['wpsg_order_view_tab'], 'general') == $k)?'active':''); ?>" wpsg-data-target="<?php echo $k; ?>" href="#"><?php echo $v['title']; ?></a>
             
Index: /views/order/view_alternativeDesign.phtml
===================================================================
--- /views/order/view_alternativeDesign.phtml	(revision 7397)
+++ /views/order/view_alternativeDesign.phtml	(revision 7398)
@@ -6,6 +6,4 @@
 
 ?>
-
-<?php //wpsg_debug(print_r($this->view['arSubAction'])); ?>
 
 <style>.orderdetail-alternative-left:active, .orderdetail-alternative-right:active { cursor: move; }</style>
Index: /views/produkt/addedit.phtml
===================================================================
--- /views/produkt/addedit.phtml	(revision 7397)
+++ /views/produkt/addedit.phtml	(revision 7398)
@@ -73,5 +73,5 @@
 		
 		<div class="wpsg_admin_content form-horizontal">
-		
+
 			<?php $i = 0; foreach ($this->view['arSubAction'] as $k => $v) { $i ++; ?>
 			<div id="<?php echo $k; ?>" style="display:<?php echo ((wpsg_getStr($_COOKIE['wpsg_product_addedit_tab'], 'general') === $k)?'block':'none'); ?>;" class="wpsg_product_tab_content">
Index: /views/produkt/select.phtml
===================================================================
--- /views/produkt/select.phtml	(revision 7397)
+++ /views/produkt/select.phtml	(revision 7398)
@@ -15,8 +15,8 @@
 	 
 		<script language="javascript" type="text/javascript" src="<?php echo get_option('siteurl'); ?>/wp-admin/load-scripts.php?c=1&load[]=jquery-core"></script>
-		<script language="javascript" type="text/javascript" src="<?php echo get_option('siteurl'); ?>/wp-content/plugins/".WPSG_FOLDERNAME."/views/js/bootstrap-3.3.6-dist/js/bootstrap.min.js"></script>		
-		
-		<link rel='stylesheet' id='wpsg-bscss-css'  href='<?php echo get_option('siteurl'); ?>/wp-content/plugins/'.WPSG_FOLDERNAME.'/views/js/bootstrap-3.3.6-dist/css/bootstrap.css?ver=4.7.5' type='text/css' media='all' />
-		<link rel='stylesheet' id='wpsg-bs-theme-css-css'  href='<?php echo get_option('siteurl'); ?>/wp-content/plugins/'.WPSG_FOLDERNAME.'/views/js/bootstrap-3.3.6-dist/css/bootstrap-theme.css?ver=4.7.5' type='text/css' media='all' />
+		<script language="javascript" type="text/javascript" src="<?php echo get_option('siteurl'); ?>/<?php echo WPSG_CONTENTDIR_WP; ?>/plugins/".WPSG_FOLDERNAME."/views/js/bootstrap-3.3.6-dist/js/bootstrap.min.js"></script>
+		
+		<link rel='stylesheet' id='wpsg-bscss-css'  href='<?php echo get_option('siteurl'); ?>/<?php echo WPSG_CONTENTDIR_WP; ?>/plugins/'.WPSG_FOLDERNAME.'/views/js/bootstrap-3.3.6-dist/css/bootstrap.css?ver=4.7.5' type='text/css' media='all' />
+		<link rel='stylesheet' id='wpsg-bs-theme-css-css'  href='<?php echo get_option('siteurl'); ?>/<?php echo WPSG_CONTENTDIR_WP; ?>/plugins/'.WPSG_FOLDERNAME.'/views/js/bootstrap-3.3.6-dist/css/bootstrap-theme.css?ver=4.7.5' type='text/css' media='all' />
 		
 		<link rel="stylesheet" href="<?php echo $this->getRessourceURL('css/admin.css'); ?>" type="text/css" media="all" />
Index: /views/produkttemplates/standard_redirect.phtml
===================================================================
--- /views/produkttemplates/standard_redirect.phtml	(revision 7397)
+++ /views/produkttemplates/standard_redirect.phtml	(revision 7398)
@@ -14,5 +14,5 @@
 
 <div class="wpsg_produkt_wrapper">
-	
+
 	<input type="hidden" name="wpsg_post_id" value="<?php echo get_the_ID(); ?>" />
 	<input type="hidden" name="titleDisplayed" value="<?php echo $this->titleDisplayed; ?>" />
@@ -262,5 +262,5 @@
 		
 		<?php $this->callMods('product_bottom', array(&$this->view['data']['id'], $this->getTemplateIndex())); ?>
-		
+
 		<div class="wpsg_product_buttonarea">
 			<div class="wpsg_product_buttons_add_basket">
Index: /wpshopgermany.php
===================================================================
--- /wpshopgermany.php	(revision 7397)
+++ /wpshopgermany.php	(revision 7398)
@@ -110,6 +110,9 @@
 	define('WPSG_URL_USERVIEW', $wp_upload_dir['baseurl'].'/wpsg/user_views/');
 	define('WPSG_PLUGIN_URL', plugins_url().'/');
-	define('WPSG_PATH_TRANSLATION', dirname(__FILE__).'/lib/translation.phtml');	
-	          
+	define('WPSG_PATH_TRANSLATION', dirname(__FILE__).'/lib/translation.phtml');
+
+	# "WordPress allows users to change the name of wp-content" --> "wp-content" oder mögliche, andere Formen
+	define('WPSG_CONTENTDIR_WP', substr(content_url(), -(strlen(content_url()) - strrpos(content_url(), "/")) + 1));
+
 	// Konstanten
 	define('WPSG_BRUTTO', '0');
@@ -215,5 +218,5 @@
 	if (is_admin())
 	{
-				
+
 		add_filter('plugins_api', 'wpsg_info', 10, 3);
 		add_filter('site_transient_update_plugins', 'wpsg_update');