diff --git a/app/call_centers/call_center_queue_edit.php b/app/call_centers/call_center_queue_edit.php
index 090acb2caf..71a064ebc1 100644
--- a/app/call_centers/call_center_queue_edit.php
+++ b/app/call_centers/call_center_queue_edit.php
@@ -17,7 +17,7 @@
 
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2008-2018
+	Portions created by the Initial Developer are Copyright (C) 2008-2019
 	the Initial Developer. All Rights Reserved.
 
 	Contributor(s):
@@ -242,14 +242,14 @@
 			}
 
 		//build the xml dialplan
-			$dialplan_xml = "<extension name=\"".$queue_name."\" continue=\"\" uuid=\"".escape($dialplan_uuid)."\">\n";
+			$dialplan_xml = "<extension name=\"".$queue_name."\" continue=\"\" uuid=\"".$dialplan_uuid."\">\n";
 			$dialplan_xml .= "	<condition field=\"destination_number\" expression=\"^([^#]+#)(.*)\$\" break=\"never\">\n";
 			$dialplan_xml .= "		<action application=\"set\" data=\"caller_id_name=\$2\"/>\n";
 			$dialplan_xml .= "	</condition>\n";
-			$dialplan_xml .= "	<condition field=\"destination_number\" expression=\"^".escape($queue_extension)."$\">\n";
+			$dialplan_xml .= "	<condition field=\"destination_number\" expression=\"^".$queue_extension."$\">\n";
 			$dialplan_xml .= "		<action application=\"answer\" data=\"\"/>\n";
 			$dialplan_xml .= "		<action application=\"set\" data=\"hangup_after_bridge=true\"/>\n";
-			$dialplan_xml .= "		<action application=\"playback\" data=\"".escape($queue_greeting_path)."\"/>\n";
+			$dialplan_xml .= "		<action application=\"playback\" data=\"".$queue_greeting_path."\"/>\n";
 			if (strlen($queue_cid_prefix) > 0) {
 				$dialplan_xml .= "		<action application=\"set\" data=\"effective_caller_id_name=".$queue_cid_prefix."#\${caller_id_name}\"/>\n";
 			}
@@ -338,16 +338,22 @@
 							callcenter_config tier set position [queue_name] [agent_name] [position]
 						*/
 						//add the agent
-						$cmd = "api callcenter_config tier add ".$call_center_queue_uuid." ".$call_center_agent_uuid." ".$tier_level." ".$tier_position;
-						$response = event_socket_request($fp, $cmd);
+						if (is_uuid($call_center_queue_uuid) && is_uuid($call_center_agent_uuid) && is_numeric($tier_level) && is_numeric($tier_position)) {
+							$cmd = "api callcenter_config tier add ".$call_center_queue_uuid." ".$call_center_agent_uuid." ".$tier_level." ".$tier_position;
+							$response = event_socket_request($fp, $cmd);
+						}
 						usleep(200);
 						//agent set level
-						$cmd = "api callcenter_config tier set level ".$call_center_queue_uuid." ".$call_center_agent_uuid." ".$tier_level;
-						$response = event_socket_request($fp, $cmd);
+						if (is_uuid($call_center_queue_uuid) && is_uuid($call_center_agent_uuid) && is_numeric($tier_level)) {
+							$cmd = "api callcenter_config tier set level ".$call_center_queue_uuid." ".$call_center_agent_uuid." ".$tier_level;
+							$response = event_socket_request($fp, $cmd);
+						}
 						usleep(200);
 						//agent set position
-						$cmd = "api callcenter_config tier set position ".$call_center_queue_uuid." ".$call_center_agent_uuid." ".$tier_position;
-						$response = event_socket_request($fp, $cmd);
+						if (is_uuid($call_center_queue_uuid) && is_uuid($call_center_agent_uuid) && is_numeric($tier_position)) {
+							$cmd = "api callcenter_config tier set position ".$call_center_queue_uuid." ".$call_center_agent_uuid." ".$tier_position;
+							$response = event_socket_request($fp, $cmd);
+						}
 						usleep(200);
 					}
 			}
@@ -359,7 +365,9 @@
 			remove_config_from_cache('configuration:callcenter.conf');
 
 		//redirect the user
-			header("Location: call_center_queue_edit.php?id=".escape($call_center_queue_uuid));
+			if (is_uuid($call_center_queue_uuid)) {
+				header("Location: call_center_queue_edit.php?id=".urlencode($call_center_queue_uuid));
+			}
 			return;
 
 	} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
@@ -450,7 +458,7 @@
 	$agents = $database->select($sql, $parameters, 'all');
 	unset($sql, $parameters);
 
-	//get the sounds
+//get the sounds
 	$sounds = new sounds;
 	$sounds = $sounds->get();
 
@@ -477,6 +485,11 @@
 		$document['title'] = $text['title-call_center_queue_edit'];
 	}
 
+//only allow a uuid
+	if (!is_uuid($call_center_queue_uuid)) {
+		$call_center_queue_uuid = null;
+	}
+
 //show the content
 	echo "<form method='post' name='frm' action=''>\n";
 	echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
@@ -492,12 +505,12 @@
 	if ($action == "update") {
 		echo "	&nbsp;&nbsp;&nbsp;";
 		if (permission_exists('call_center_wallboard')) {
-			echo "  <input type='button' class='btn' value='".$text['button-wallboard']."' onclick=\"document.location.href='".PROJECT_PATH."/app/call_center_wallboard/call_center_wallboard.php?queue_name=".escape($call_center_queue_uuid)."';\" />\n";
+			echo "  <input type='button' class='btn' value='".$text['button-wallboard']."' onclick=\"document.location.href='".PROJECT_PATH."/app/call_center_wallboard/call_center_wallboard.php?queue_name=".urlencode($call_center_queue_uuid)."';\" />\n";
 		}
-		echo "  <input type='button' class='btn' value='".$text['button-stop']."' onclick=\"document.location.href='cmd.php?cmd=api+callcenter_config+queue+unload+".escape($call_center_queue_uuid)."';\" />\n";
-		echo "  <input type='button' class='btn' value='".$text['button-start']."' onclick=\"document.location.href='cmd.php?cmd=api+callcenter_config+queue+load+".escape($call_center_queue_uuid)."';\" />\n";
-		echo "  <input type='button' class='btn' value='".$text['button-restart']."' onclick=\"document.location.href='cmd.php?cmd=api+callcenter_config+queue+reload+".escape($call_center_queue_uuid)."';\" />\n";
-		echo "  <input type='button' class='btn' value='".$text['button-view']."' onclick=\"document.location.href='".PROJECT_PATH."/app/call_center_active/call_center_active.php?queue_name=".escape($call_center_queue_uuid)."';\" />\n";
+		echo "  <input type='button' class='btn' value='".$text['button-stop']."' onclick=\"document.location.href='cmd.php?cmd=unload&queue=".urlencode($call_center_queue_uuid)."';\" />\n";
+		echo "  <input type='button' class='btn' value='".$text['button-start']."' onclick=\"document.location.href='cmd.php?cmd=load&queue=".urlencode($call_center_queue_uuid)."';\" />\n";
+		echo "  <input type='button' class='btn' value='".$text['button-restart']."' onclick=\"document.location.href='cmd.php?cmd=reload&queue=".urlencode($call_center_queue_uuid)."';\" />\n";
+		echo "  <input type='button' class='btn' value='".$text['button-view']."' onclick=\"document.location.href='".PROJECT_PATH."/app/call_center_active/call_center_active.php?queue_name=".urlencode($call_center_queue_uuid)."';\" />\n";
 		echo "	&nbsp;&nbsp;&nbsp;";
 	}
 	echo "	<input type='submit' class='btn' value='".$text['button-save']."'>\n";
@@ -641,60 +654,62 @@
 		echo "				<td></td>\n";
 		echo "			</tr>\n";
 		$x = 0;
-		foreach($tiers as $field) {
-			echo "	<tr>\n";
-			echo "		<td class=''>";
-			if (strlen($field['call_center_tier_uuid']) > 0) {
-				echo "		<input name='call_center_tiers[".$x."][call_center_tier_uuid]' type='hidden' value=\"".escape($field['call_center_tier_uuid'])."\">\n";
-			}
-			echo "				<select name=\"call_center_tiers[$x][call_center_agent_uuid]\" class=\"formfld\">\n";
-			echo "					<option value=\"\"></option>\n";
-			foreach($agents as $row) {
-				$selected = '';
-				if ($row['call_center_agent_uuid'] == $field['call_center_agent_uuid']) {
-					$selected = "selected=\"selected\"";
+		if (is_array($tiers) {
+			foreach($tiers as $field) {
+				echo "	<tr>\n";
+				echo "		<td class=''>";
+				if (strlen($field['call_center_tier_uuid']) > 0) {
+					echo "		<input name='call_center_tiers[".$x."][call_center_tier_uuid]' type='hidden' value=\"".escape($field['call_center_tier_uuid'])."\">\n";
 				}
-				echo "				<option value=\"".escape($row['call_center_agent_uuid'])."\" $selected>".escape($row['agent_name'])."</option>\n";
-			}
-			echo "				</select>";
-			echo "		</td>\n";
-			echo "		<td class='' style='text-align: center;'>";
-			echo "				 <select name=\"call_center_tiers[$x][tier_level]\" class=\"formfld\">\n";
-			$i=0;
-			while($i<=9) {
-				$selected = ($i == $field['tier_level']) ? "selected" : null;
-				echo "				<option value=\"$i\" ".escape($selected).">$i</option>\n";
-				$i++;
-			}
-			echo "				</select>\n";
-			echo "		</td>\n";
+				echo "				<select name=\"call_center_tiers[$x][call_center_agent_uuid]\" class=\"formfld\">\n";
+				echo "					<option value=\"\"></option>\n";
+				foreach($agents as $row) {
+					$selected = '';
+					if ($row['call_center_agent_uuid'] == $field['call_center_agent_uuid']) {
+						$selected = "selected=\"selected\"";
+					}
+					echo "				<option value=\"".escape($row['call_center_agent_uuid'])."\" $selected>".escape($row['agent_name'])."</option>\n";
+				}
+				echo "				</select>";
+				echo "		</td>\n";
+				echo "		<td class='' style='text-align: center;'>";
+				echo "				 <select name=\"call_center_tiers[$x][tier_level]\" class=\"formfld\">\n";
+				$i=0;
+				while($i<=9) {
+					$selected = ($i == $field['tier_level']) ? "selected" : null;
+					echo "				<option value=\"$i\" ".escape($selected).">$i</option>\n";
+					$i++;
+				}
+				echo "				</select>\n";
+				echo "		</td>\n";
 
-			echo "		<td class='' style='text-align: center;'>\n";
-			echo "				<select name=\"call_center_tiers[$x][tier_position]\" class=\"formfld\">\n";
-			$i=0;
-			while($i<=9) {
-				$selected = ($i == $field['tier_position']) ? "selected" : null;
-				echo "				<option value=\"$i\" ".escape($selected).">$i</option>\n";
-				$i++;
+				echo "		<td class='' style='text-align: center;'>\n";
+				echo "				<select name=\"call_center_tiers[$x][tier_position]\" class=\"formfld\">\n";
+				$i=0;
+				while($i<=9) {
+					$selected = ($i == $field['tier_position']) ? "selected" : null;
+					echo "				<option value=\"$i\" ".escape($selected).">$i</option>\n";
+					$i++;
+				}
+				echo "				</select>\n";
+				echo "		</td>\n";
+				echo "		<td class=''>";
+				if (permission_exists('call_center_tier_delete')) {
+					echo "			<a href=\"call_center_queue_edit.php?id=".escape($call_center_queue_uuid)."&call_center_tier_uuid=".escape($field['call_center_tier_uuid'])."&a=delete\" alt=\"".$text['button-delete']."\" onclick=\"return confirm('".$text['confirm-delete']."');\">$v_link_label_delete</a>";
+				}
+				echo "		</td>\n";
+				echo "	</tr>\n";
+				$assigned_agents[] = $field['agent_name'];
+				$x++;
 			}
-			echo "				</select>\n";
-			echo "		</td>\n";
-			echo "		<td class=''>";
-			if (permission_exists('call_center_tier_delete')) {
-				echo "			<a href=\"call_center_queue_edit.php?id=".escape($call_center_queue_uuid)."&call_center_tier_uuid=".escape($field['call_center_tier_uuid'])."&a=delete\" alt=\"".$text['button-delete']."\" onclick=\"return confirm('".$text['confirm-delete']."');\">$v_link_label_delete</a>";
-			}
-			echo "		</td>\n";
-			echo "	</tr>\n";
-			$assigned_agents[] = $field['agent_name'];
-			$x++;
+			unset ($tiers);
+			echo "		</table>\n";
+			echo "		<br>\n";
+			echo "		".$text['description-tiers']."\n";
+			echo "		<br />\n";
+			echo "	</td>";
+			echo "</tr>";
 		}
-		unset ($tiers);
-		echo "		</table>\n";
-		echo "		<br>\n";
-		echo "		".$text['description-tiers']."\n";
-		echo "		<br />\n";
-		echo "	</td>";
-		echo "</tr>";
 	}
 
 	echo "<tr>\n";


"; - if (strlen($field['call_center_tier_uuid']) > 0) { - echo " \n"; - } - echo "
"; + if (strlen($field['call_center_tier_uuid']) > 0) { + echo " \n"; } - echo " \n"; - } - echo " "; - echo "	"; - echo " \n"; - echo "	"; + echo " \n"; + echo "	\n"; - echo "	\n"; + echo " \n"; + echo "	"; + if (permission_exists('call_center_tier_delete')) { + echo " $v_link_label_delete"; + } + echo "
"; - if (permission_exists('call_center_tier_delete')) { - echo " $v_link_label_delete"; - } - echo "