In addition to to tightening these constraints, centralize the cleansing/validation logic to the top of every processor and use a unified naming scheme for cleansed $_POST and $_GET input. For instance, use an associative array named $clean. This will make it easier to scan the code and ensure no leaks.
The following fields require stronger input checks/filters:
searchForm: scope, type messageForm: names, message loginForm: uid, password enrollForm: invitation testMessageLink: testMessage
In addition to to tightening these constraints, centralize the cleansing/validation logic to the top of every processor and use a unified naming scheme for cleansed $_POST and $_GET input. For instance, use an associative array named $clean. This will make it easier to scan the code and ensure no leaks.