diff --git a/code/datums/datumvars.dm b/code/datums/datumvars.dm
index c5ae3b27d3..5aab3c5abc 100644
--- a/code/datums/datumvars.dm
+++ b/code/datums/datumvars.dm
@@ -389,381 +389,404 @@ client
 
 		return html
 
-	Topic(href, href_list, hsrc)
+//All BYOND links pass through client/Topic() FIRST and are then directed to [hsrc]/Topic() by the ..() call at the end.
+client/Topic(href, href_list, hsrc)
 
-		if (href_list["Vars"])
-			debug_variables(locate(href_list["Vars"]))
+	//search the href for script injection	//This is a temporary measure
+	if( findtext(href,"<script",1,0) )
+		world.log << "Attempted use of scripts within a topic call, by [src]"
+		message_admins("Attempted use of scripts within a topic call, by [src]")
+		del(usr)
+		return
 
-		//~CARN: for renaming mobs (updates their real_name and their ID/PDA if applicable).
-		else if (href_list["rename"])
-			var/new_name = input(usr,"What would you like to name this mob?","Input a name") as text|null
-			if(!new_name)	return
-			var/mob/M = locate(href_list["rename"])
-			if(!istype(M))	return
+	if(href_list["priv_msg"])
+		var/client/C = locate(href_list["priv_msg"])
+		if(ismob(C)) //Old stuff can pass in mobs instead of clients
+			var/mob/M = C
+			C = M.client
+		cmd_admin_pm(C,null)
+		return
 
-			message_admins("Admin [key_name_admin(usr)] renamed [key_name_admin(M)] to [new_name].", 1)
-			if(istype(M, /mob/living/carbon/human))
-				for(var/obj/item/weapon/card/id/ID in M.contents)
-					if(ID.registered_name == M.real_name)
-						ID.name = "[new_name]'s ID Card ([ID.assignment])"
-						ID.registered_name = new_name
-						break
-				for(var/obj/item/device/pda/PDA in M.contents)
-					if(PDA.owner == M.real_name)
-						PDA.name = "PDA-[new_name] ([PDA.ownjob])"
-						PDA.owner = new_name
-						break
-			M.real_name = new_name
-			M.name = new_name
-			M.original_name = new_name
-			href_list["datumrefresh"] = href_list["rename"]
+	else
+		//THIS **REALLY** NEEDS TO BE REWRITTEN AS obj/admin/Topic or something. As a matter of urgency.
+		if( (usr.client == src) && src.holder )
+			if (href_list["Vars"])
+				debug_variables(locate(href_list["Vars"]))
 
-		else if (href_list["varnameedit"])
-			if(!href_list["datumedit"] || !href_list["varnameedit"])
-				usr << "Varedit error: Not all information has been sent Contact a coder."
-				return
-			var/DAT = locate(href_list["datumedit"])
-			if(!DAT)
-				usr << "Item not found"
-				return
-			if(!istype(DAT,/datum) && !istype(DAT,/client))
-				usr << "Can't edit an item of this type. Type must be /datum or /client, so anything except simple variables."
-				return
-			modify_variables(DAT, href_list["varnameedit"], 1)
-		else if (href_list["varnamechange"])
-			if(!href_list["datumchange"] || !href_list["varnamechange"])
-				usr << "Varedit error: Not all information has been sent. Contact a coder."
-				return
-			var/DAT = locate(href_list["datumchange"])
-			if(!DAT)
-				usr << "Item not found"
-				return
-			if(!istype(DAT,/datum) && !istype(DAT,/client))
-				usr << "Can't edit an item of this type. Type must be /datum or /client, so anything except simple variables."
-				return
-			modify_variables(DAT, href_list["varnamechange"], 0)
-		else if (href_list["varnamemass"])
-			if(!href_list["datummass"] || !href_list["varnamemass"])
-				usr << "Varedit error: Not all information has been sent. Contact a coder."
-				return
-			var/atom/A = locate(href_list["datummass"])
-			if(!A)
-				usr << "Item not found"
-				return
-			if(!istype(A,/atom))
-				usr << "Can't mass edit an item of this type. Type must be /atom, so an object, turf, mob or area. You cannot mass edit clients!"
-				return
-			cmd_mass_modify_object_variables(A, href_list["varnamemass"])
-		else if (href_list["mob_player_panel"])
-			if(!href_list["mob_player_panel"])
-				return
-			var/mob/MOB = locate(href_list["mob_player_panel"])
-			if(!MOB)
-				return
-			if(!ismob(MOB))
-				return
-			if(!src.holder)
-				return
-			src.holder.show_player_panel(MOB)
-			href_list["datumrefresh"] = href_list["mob_player_panel"]
-		else if (href_list["give_spell"])
-			if(!href_list["give_spell"])
-				return
-			var/mob/MOB = locate(href_list["give_spell"])
-			if(!MOB)
-				return
-			if(!ismob(MOB))
-				return
-			if(!src.holder)
-				return
-			src.give_spell(MOB)
-			href_list["datumrefresh"] = href_list["give_spell"]
-		else if (href_list["ninja"])
-			if(!href_list["ninja"])
-				return
-			var/mob/MOB = locate(href_list["ninja"])
-			if(!MOB)
-				return
-			if(!ismob(MOB))
-				return
-			if(!src.holder)
-				return
-			src.cmd_admin_ninjafy(MOB)
-			href_list["datumrefresh"] = href_list["ninja"]
-		else if (href_list["godmode"])
-			if(!href_list["godmode"])
-				return
-			var/mob/MOB = locate(href_list["godmode"])
-			if(!MOB)
-				return
-			if(!ismob(MOB))
-				return
-			if(!src.holder)
-				return
-			src.cmd_admin_godmode(MOB)
-			href_list["datumrefresh"] = href_list["godmode"]
-		else if (href_list["gib"])
-			if(!href_list["gib"])
-				return
-			var/mob/MOB = locate(href_list["gib"])
-			if(!MOB)
-				return
-			if(!ismob(MOB))
-				return
-			if(!src.holder)
-				return
-			src.cmd_admin_gib(MOB)
+			//~CARN: for renaming mobs (updates their real_name and their ID/PDA if applicable).
+			else if (href_list["rename"])
+				var/new_name = input(usr,"What would you like to name this mob?","Input a name") as text|null
+				if(!new_name)	return
+				var/mob/M = locate(href_list["rename"])
+				if(!istype(M))	return
 
-		else if (href_list["build_mode"])
-			if(!href_list["build_mode"])
-				return
-			var/mob/MOB = locate(href_list["build_mode"])
-			if(!MOB)
-				return
-			if(!ismob(MOB))
-				return
-			if(!src.holder)
-				return
-			togglebuildmode(MOB)
-			href_list["datumrefresh"] = href_list["build_mode"]
+				message_admins("Admin [key_name_admin(usr)] renamed [key_name_admin(M)] to [new_name].", 1)
+				if(istype(M, /mob/living/carbon/human))
+					for(var/obj/item/weapon/card/id/ID in M.contents)
+						if(ID.registered_name == M.real_name)
+							ID.name = "[new_name]'s ID Card ([ID.assignment])"
+							ID.registered_name = new_name
+							break
+					for(var/obj/item/device/pda/PDA in M.contents)
+						if(PDA.owner == M.real_name)
+							PDA.name = "PDA-[new_name] ([PDA.ownjob])"
+							PDA.owner = new_name
+							break
+				M.real_name = new_name
+				M.name = new_name
+				M.original_name = new_name
+				href_list["datumrefresh"] = href_list["rename"]
 
-		else if (href_list["drop_everything"])
-			if(!href_list["drop_everything"])
-				return
-			var/mob/MOB = locate(href_list["drop_everything"])
-			if(!MOB)
-				return
-			if(!ismob(MOB))
-				return
-			if(!src.holder)
-				return
-
-			if(usr.client)
-				usr.client.cmd_admin_drop_everything(MOB)
-
-		else if (href_list["direct_control"])
-			if(!href_list["direct_control"])
-				return
-			var/mob/MOB = locate(href_list["direct_control"])
-			if(!MOB)
-				return
-			if(!ismob(MOB))
-				return
-			if(!src.holder)
-				return
-
-			if(usr.client)
-				usr.client.cmd_assume_direct_control(MOB)
-
-		else if (href_list["delall"])
-			if(!href_list["delall"])
-				return
-			var/atom/A = locate(href_list["delall"])
-			if(!A)
-				return
-			if(!isobj(A))
-				usr << "This can only be used on objects (of type /obj)"
-				return
-			if(!A.type)
-				return
-			var/action_type = alert("Strict type ([A.type]) or type and all subtypes?",,"Strict type","Type and subtypes","Cancel")
-			if(!action_type || action_type == "Cancel")
-				return
-			if(alert("Are you really sure you want to delete all objects of type [A.type]?",,"Yes","No") != "Yes")
-				return
-			if(alert("Second confirmation required. Delete?",,"Yes","No") != "Yes")
-				return
-			var/a_type = A.type
-			if(action_type == "Strict type")
-				var/i = 0
-				for(var/obj/O in world)
-					if(O.type == a_type)
-						i++
-						del(O)
-				if(!i)
-					usr << "No objects of this type exist"
+			else if (href_list["varnameedit"])
+				if(!href_list["datumedit"] || !href_list["varnameedit"])
+					usr << "Varedit error: Not all information has been sent Contact a coder."
 					return
-				log_admin("[key_name(usr)] deleted all objects of scrict type [a_type] ([i] objects deleted) ")
-				message_admins("\blue [key_name(usr)] deleted all objects of scrict type [a_type] ([i] objects deleted) ", 1)
-			else if(action_type == "Type and subtypes")
-				var/i = 0
-				for(var/obj/O in world)
-					if(istype(O,a_type))
-						i++
-						del(O)
-				if(!i)
-					usr << "No objects of this type exist"
+				var/DAT = locate(href_list["datumedit"])
+				if(!DAT)
+					usr << "Item not found"
 					return
-				log_admin("[key_name(usr)] deleted all objects of scrict type with subtypes [a_type] ([i] objects deleted) ")
-				message_admins("\blue [key_name(usr)] deleted all objects of type with subtypes [a_type] ([i] objects deleted) ", 1)
+				if(!istype(DAT,/datum) && !istype(DAT,/client))
+					usr << "Can't edit an item of this type. Type must be /datum or /client, so anything except simple variables."
+					return
+				modify_variables(DAT, href_list["varnameedit"], 1)
+			else if (href_list["varnamechange"])
+				if(!href_list["datumchange"] || !href_list["varnamechange"])
+					usr << "Varedit error: Not all information has been sent. Contact a coder."
+					return
+				var/DAT = locate(href_list["datumchange"])
+				if(!DAT)
+					usr << "Item not found"
+					return
+				if(!istype(DAT,/datum) && !istype(DAT,/client))
+					usr << "Can't edit an item of this type. Type must be /datum or /client, so anything except simple variables."
+					return
+				modify_variables(DAT, href_list["varnamechange"], 0)
+			else if (href_list["varnamemass"])
+				if(!href_list["datummass"] || !href_list["varnamemass"])
+					usr << "Varedit error: Not all information has been sent. Contact a coder."
+					return
+				var/atom/A = locate(href_list["datummass"])
+				if(!A)
+					usr << "Item not found"
+					return
+				if(!istype(A,/atom))
+					usr << "Can't mass edit an item of this type. Type must be /atom, so an object, turf, mob or area. You cannot mass edit clients!"
+					return
+				cmd_mass_modify_object_variables(A, href_list["varnamemass"])
+			else if (href_list["mob_player_panel"])
+				if(!href_list["mob_player_panel"])
+					return
+				var/mob/MOB = locate(href_list["mob_player_panel"])
+				if(!MOB)
+					return
+				if(!ismob(MOB))
+					return
+				if(!src.holder)
+					return
+				src.holder.show_player_panel(MOB)
+				href_list["datumrefresh"] = href_list["mob_player_panel"]
+			else if (href_list["give_spell"])
+				if(!href_list["give_spell"])
+					return
+				var/mob/MOB = locate(href_list["give_spell"])
+				if(!MOB)
+					return
+				if(!ismob(MOB))
+					return
+				if(!src.holder)
+					return
+				src.give_spell(MOB)
+				href_list["datumrefresh"] = href_list["give_spell"]
+			else if (href_list["ninja"])
+				if(!href_list["ninja"])
+					return
+				var/mob/MOB = locate(href_list["ninja"])
+				if(!MOB)
+					return
+				if(!ismob(MOB))
+					return
+				if(!src.holder)
+					return
+				src.cmd_admin_ninjafy(MOB)
+				href_list["datumrefresh"] = href_list["ninja"]
+			else if (href_list["godmode"])
+				if(!href_list["godmode"])
+					return
+				var/mob/MOB = locate(href_list["godmode"])
+				if(!MOB)
+					return
+				if(!ismob(MOB))
+					return
+				if(!src.holder)
+					return
+				src.cmd_admin_godmode(MOB)
+				href_list["datumrefresh"] = href_list["godmode"]
+			else if (href_list["gib"])
+				if(!href_list["gib"])
+					return
+				var/mob/MOB = locate(href_list["gib"])
+				if(!MOB)
+					return
+				if(!ismob(MOB))
+					return
+				if(!src.holder)
+					return
+				src.cmd_admin_gib(MOB)
 
-		else if (href_list["explode"])
-			if(!href_list["explode"])
-				return
-			var/atom/A = locate(href_list["explode"])
-			if(!A)
-				return
-			if(!isobj(A) && !ismob(A) && !isturf(A))
-				return
-			src.cmd_admin_explosion(A)
-			href_list["datumrefresh"] = href_list["explode"]
-		else if (href_list["emp"])
-			if(!href_list["emp"])
-				return
-			var/atom/A = locate(href_list["emp"])
-			if(!A)
-				return
-			if(!isobj(A) && !ismob(A) && !isturf(A))
-				return
-			src.cmd_admin_emp(A)
-			href_list["datumrefresh"] = href_list["emp"]
-		else if (href_list["mark_object"])
-			if(!href_list["mark_object"])
-				return
-			var/datum/D = locate(href_list["mark_object"])
-			if(!D)
-				return
-			if(!src.holder)
-				return
-			src.holder.marked_datum = D
-			href_list["datumrefresh"] = href_list["mark_object"]
-		else if (href_list["rotatedatum"])
-			if(!href_list["rotatedir"])
-				return
-			var/atom/A = locate(href_list["rotatedatum"])
-			if(!A)
-				return
-			if(!istype(A,/atom))
-				usr << "This can only be done to objects of type /atom"
-				return
-			if(!src.holder)
-				return
-			switch(href_list["rotatedir"])
-				if("right")
-					A.dir = turn(A.dir, -45)
-				if("left")
-					A.dir = turn(A.dir, 45)
-			href_list["datumrefresh"] = href_list["rotatedatum"]
-		else if (href_list["makemonkey"])
-			var/mob/M = locate(href_list["makemonkey"])
-			if(!M)
-				return
-			if(!ishuman(M))
-				usr << "This can only be done to objects of type /mob/living/carbon/human"
-				return
-			if(!src.holder)
-				usr << "You are not an administrator."
-				return
-			var/action_type = alert("Confirm mob type change?",,"Transform","Cancel")
-			if(!action_type || action_type == "Cancel")
-				return
-			if(!M)
-				usr << "Mob doesn't exist anymore"
-				return
-			holder.Topic(href, list("monkeyone"=href_list["makemonkey"]))
-		else if (href_list["makerobot"])
-			var/mob/M = locate(href_list["makerobot"])
-			if(!M)
-				return
-			if(!ishuman(M))
-				usr << "This can only be done to objects of type /mob/living/carbon/human"
-				return
-			if(!src.holder)
-				usr << "You are not an administrator."
-				return
-			var/action_type = alert("Confirm mob type change?",,"Transform","Cancel")
-			if(!action_type || action_type == "Cancel")
-				return
-			if(!M)
-				usr << "Mob doesn't exist anymore"
-				return
-			holder.Topic(href, list("makerobot"=href_list["makerobot"]))
-		else if (href_list["makealien"])
-			var/mob/M = locate(href_list["makealien"])
-			if(!M)
-				return
-			if(!ishuman(M))
-				usr << "This can only be done to objects of type /mob/living/carbon/human"
-				return
-			if(!src.holder)
-				usr << "You are not an administrator."
-				return
-			var/action_type = alert("Confirm mob type change?",,"Transform","Cancel")
-			if(!action_type || action_type == "Cancel")
-				return
-			if(!M)
-				usr << "Mob doesn't exist anymore"
-				return
-			holder.Topic(href, list("makealien"=href_list["makealien"]))
-		else if (href_list["makemetroid"])
-			var/mob/M = locate(href_list["makemetroid"])
-			if(!M)
-				return
-			if(!ishuman(M))
-				usr << "This can only be done to objects of type /mob/living/carbon/human"
-				return
-			if(!src.holder)
-				usr << "You are not an administrator."
-				return
-			var/action_type = alert("Confirm mob type change?",,"Transform","Cancel")
-			if(!action_type || action_type == "Cancel")
-				return
-			if(!M)
-				usr << "Mob doesn't exist anymore"
-				return
-			holder.Topic(href, list("makemetroid"=href_list["makemetroid"]))
-		else if (href_list["makeai"])
-			var/mob/M = locate(href_list["makeai"])
-			if(!M)
-				return
-			if(!ishuman(M))
-				usr << "This can only be done to objects of type /mob/living/carbon/human"
-				return
-			if(!src.holder)
-				usr << "You are not an administrator."
-				return
-			var/action_type = alert("Confirm mob type change?",,"Transform","Cancel")
-			if(!action_type || action_type == "Cancel")
-				return
-			if(!M)
-				usr << "Mob doesn't exist anymore"
-				return
-			holder.Topic(href, list("makeai"=href_list["makeai"]))
-		else if (href_list["adjustDamage"] && href_list["mobToDamage"])
-			var/mob/M = locate(href_list["mobToDamage"])
-			var/Text = locate(href_list["adjustDamage"])
+			else if (href_list["build_mode"])
+				if(!href_list["build_mode"])
+					return
+				var/mob/MOB = locate(href_list["build_mode"])
+				if(!MOB)
+					return
+				if(!ismob(MOB))
+					return
+				if(!src.holder)
+					return
+				togglebuildmode(MOB)
+				href_list["datumrefresh"] = href_list["build_mode"]
 
-			var/amount =  input("Deal how much damage to mob? (Negative values here heal)","Adjust [Text]loss",0) as num
-			if(Text == "brute")
-				M.adjustBruteLoss(amount)
-			else if(Text == "fire")
-				M.adjustFireLoss(amount)
-			else if(Text == "toxin")
-				M.adjustToxLoss(amount)
-			else if(Text == "oxygen")
-				M.adjustOxyLoss(amount)
-			else if(Text == "brain")
-				M.adjustBrainLoss(amount)
-			else if(Text == "clone")
-				M.adjustCloneLoss(amount)
+			else if (href_list["drop_everything"])
+				if(!href_list["drop_everything"])
+					return
+				var/mob/MOB = locate(href_list["drop_everything"])
+				if(!MOB)
+					return
+				if(!ismob(MOB))
+					return
+				if(!src.holder)
+					return
+
+				if(usr.client)
+					usr.client.cmd_admin_drop_everything(MOB)
+
+			else if (href_list["direct_control"])
+				if(!href_list["direct_control"])
+					return
+				var/mob/MOB = locate(href_list["direct_control"])
+				if(!MOB)
+					return
+				if(!ismob(MOB))
+					return
+				if(!src.holder)
+					return
+
+				if(usr.client)
+					usr.client.cmd_assume_direct_control(MOB)
+
+			else if (href_list["delall"])
+				if(!href_list["delall"])
+					return
+				var/atom/A = locate(href_list["delall"])
+				if(!A)
+					return
+				if(!isobj(A))
+					usr << "This can only be used on objects (of type /obj)"
+					return
+				if(!A.type)
+					return
+				var/action_type = alert("Strict type ([A.type]) or type and all subtypes?",,"Strict type","Type and subtypes","Cancel")
+				if(!action_type || action_type == "Cancel")
+					return
+				if(alert("Are you really sure you want to delete all objects of type [A.type]?",,"Yes","No") != "Yes")
+					return
+				if(alert("Second confirmation required. Delete?",,"Yes","No") != "Yes")
+					return
+				var/a_type = A.type
+				if(action_type == "Strict type")
+					var/i = 0
+					for(var/obj/O in world)
+						if(O.type == a_type)
+							i++
+							del(O)
+					if(!i)
+						usr << "No objects of this type exist"
+						return
+					log_admin("[key_name(usr)] deleted all objects of scrict type [a_type] ([i] objects deleted) ")
+					message_admins("\blue [key_name(usr)] deleted all objects of scrict type [a_type] ([i] objects deleted) ", 1)
+				else if(action_type == "Type and subtypes")
+					var/i = 0
+					for(var/obj/O in world)
+						if(istype(O,a_type))
+							i++
+							del(O)
+					if(!i)
+						usr << "No objects of this type exist"
+						return
+					log_admin("[key_name(usr)] deleted all objects of scrict type with subtypes [a_type] ([i] objects deleted) ")
+					message_admins("\blue [key_name(usr)] deleted all objects of type with subtypes [a_type] ([i] objects deleted) ", 1)
+
+			else if (href_list["explode"])
+				if(!href_list["explode"])
+					return
+				var/atom/A = locate(href_list["explode"])
+				if(!A)
+					return
+				if(!isobj(A) && !ismob(A) && !isturf(A))
+					return
+				src.cmd_admin_explosion(A)
+				href_list["datumrefresh"] = href_list["explode"]
+			else if (href_list["emp"])
+				if(!href_list["emp"])
+					return
+				var/atom/A = locate(href_list["emp"])
+				if(!A)
+					return
+				if(!isobj(A) && !ismob(A) && !isturf(A))
+					return
+				src.cmd_admin_emp(A)
+				href_list["datumrefresh"] = href_list["emp"]
+			else if (href_list["mark_object"])
+				if(!href_list["mark_object"])
+					return
+				var/datum/D = locate(href_list["mark_object"])
+				if(!D)
+					return
+				if(!src.holder)
+					return
+				src.holder.marked_datum = D
+				href_list["datumrefresh"] = href_list["mark_object"]
+			else if (href_list["rotatedatum"])
+				if(!href_list["rotatedir"])
+					return
+				var/atom/A = locate(href_list["rotatedatum"])
+				if(!A)
+					return
+				if(!istype(A,/atom))
+					usr << "This can only be done to objects of type /atom"
+					return
+				if(!src.holder)
+					return
+				switch(href_list["rotatedir"])
+					if("right")
+						A.dir = turn(A.dir, -45)
+					if("left")
+						A.dir = turn(A.dir, 45)
+				href_list["datumrefresh"] = href_list["rotatedatum"]
+			else if (href_list["makemonkey"])
+				var/mob/M = locate(href_list["makemonkey"])
+				if(!M)
+					return
+				if(!ishuman(M))
+					usr << "This can only be done to objects of type /mob/living/carbon/human"
+					return
+				if(!src.holder)
+					usr << "You are not an administrator."
+					return
+				var/action_type = alert("Confirm mob type change?",,"Transform","Cancel")
+				if(!action_type || action_type == "Cancel")
+					return
+				if(!M)
+					usr << "Mob doesn't exist anymore"
+					return
+				holder.Topic(href, list("monkeyone"=href_list["makemonkey"]))
+			else if (href_list["makerobot"])
+				var/mob/M = locate(href_list["makerobot"])
+				if(!M)
+					return
+				if(!ishuman(M))
+					usr << "This can only be done to objects of type /mob/living/carbon/human"
+					return
+				if(!src.holder)
+					usr << "You are not an administrator."
+					return
+				var/action_type = alert("Confirm mob type change?",,"Transform","Cancel")
+				if(!action_type || action_type == "Cancel")
+					return
+				if(!M)
+					usr << "Mob doesn't exist anymore"
+					return
+				holder.Topic(href, list("makerobot"=href_list["makerobot"]))
+			else if (href_list["makealien"])
+				var/mob/M = locate(href_list["makealien"])
+				if(!M)
+					return
+				if(!ishuman(M))
+					usr << "This can only be done to objects of type /mob/living/carbon/human"
+					return
+				if(!src.holder)
+					usr << "You are not an administrator."
+					return
+				var/action_type = alert("Confirm mob type change?",,"Transform","Cancel")
+				if(!action_type || action_type == "Cancel")
+					return
+				if(!M)
+					usr << "Mob doesn't exist anymore"
+					return
+				holder.Topic(href, list("makealien"=href_list["makealien"]))
+			else if (href_list["makemetroid"])
+				var/mob/M = locate(href_list["makemetroid"])
+				if(!M)
+					return
+				if(!ishuman(M))
+					usr << "This can only be done to objects of type /mob/living/carbon/human"
+					return
+				if(!src.holder)
+					usr << "You are not an administrator."
+					return
+				var/action_type = alert("Confirm mob type change?",,"Transform","Cancel")
+				if(!action_type || action_type == "Cancel")
+					return
+				if(!M)
+					usr << "Mob doesn't exist anymore"
+					return
+				holder.Topic(href, list("makemetroid"=href_list["makemetroid"]))
+			else if (href_list["makeai"])
+				var/mob/M = locate(href_list["makeai"])
+				if(!M)
+					return
+				if(!ishuman(M))
+					usr << "This can only be done to objects of type /mob/living/carbon/human"
+					return
+				if(!src.holder)
+					usr << "You are not an administrator."
+					return
+				var/action_type = alert("Confirm mob type change?",,"Transform","Cancel")
+				if(!action_type || action_type == "Cancel")
+					return
+				if(!M)
+					usr << "Mob doesn't exist anymore"
+					return
+				holder.Topic(href, list("makeai"=href_list["makeai"]))
+			else if (href_list["adjustDamage"] && href_list["mobToDamage"])
+				var/mob/M = locate(href_list["mobToDamage"])
+				var/Text = locate(href_list["adjustDamage"])
+
+				var/amount =  input("Deal how much damage to mob? (Negative values here heal)","Adjust [Text]loss",0) as num
+				if(Text == "brute")
+					M.adjustBruteLoss(amount)
+				else if(Text == "fire")
+					M.adjustFireLoss(amount)
+				else if(Text == "toxin")
+					M.adjustToxLoss(amount)
+				else if(Text == "oxygen")
+					M.adjustOxyLoss(amount)
+				else if(Text == "brain")
+					M.adjustBrainLoss(amount)
+				else if(Text == "clone")
+					M.adjustCloneLoss(amount)
+				else
+					usr << "You caused an error. DEBUG: Text:[Text] Mob:[M]"
+					return
+
+				if(amount != 0)
+					log_admin("[key_name(usr)] dealt [amount] amount of [Text] damage to [M] ")
+					message_admins("\blue [key_name(usr)] dealt [amount] amount of [Text] damage to [M] ", 1)
+					href_list["datumrefresh"] = href_list["mobToDamage"]
 			else
-				usr << "You caused an error. DEBUG: Text:[Text] Mob:[M]"
-				return
+				..()
 
-			if(amount != 0)
-				log_admin("[key_name(usr)] dealt [amount] amount of [Text] damage to [M] ")
-				message_admins("\blue [key_name(usr)] dealt [amount] amount of [Text] damage to [M] ", 1)
-				href_list["datumrefresh"] = href_list["mobToDamage"]
-		else
-			..()
+			if (href_list["datumrefresh"])
+				if(!href_list["datumrefresh"])
+					return
+				var/datum/DAT = locate(href_list["datumrefresh"])
+				if(!DAT)
+					return
+				if(!istype(DAT,/datum))
+					return
+				src.debug_variables(DAT)
+			return
 
 
-		if (href_list["datumrefresh"])
-			if(!href_list["datumrefresh"])
-				return
-			var/datum/DAT = locate(href_list["datumrefresh"])
-			if(!DAT)
-				return
-			if(!istype(DAT,/datum))
-				return
-			src.debug_variables(DAT)
\ No newline at end of file
+		//Ok, all done with that admin crap. redirect it to the Topic for hsrc
+		..()
diff --git a/code/defines/procs/helpers.dm b/code/defines/procs/helpers.dm
index 8bd5dc4121..62528d674a 100644
--- a/code/defines/procs/helpers.dm
+++ b/code/defines/procs/helpers.dm
@@ -125,6 +125,19 @@
 			index = findtext(t, char)
 	return t
 
+//For sanitizing user inputs
+/proc/reject_bad_text(var/text)
+	if(length(text) > 512)	return			//message too long
+	var/non_whitespace = 0
+	for(var/i=1, i<=length(text), i++)
+		switch(text2ascii(text,i))
+			if(62,60,92,47)	return			//rejects the text if it contains these bad characters: <, >, \ or /
+			if(127 to 255)	return			//rejects weird letters like ÿ
+			if(0 to 31)		return			//more weird stuff
+			if(32)							//whitespace
+			else			non_whitespace = 1
+	if(non_whitespace)		return text		//only accepts the text if it has some non-spaces
+
 /proc/strip_html_simple(var/t,var/limit=MAX_MESSAGE_LEN)
 	var/list/strip_chars = list("<",">")
 	t = copytext(t,1,limit)
diff --git a/code/defines/world.dm b/code/defines/world.dm
index f3fac8f12b..9a5cf1c6d9 100644
--- a/code/defines/world.dm
+++ b/code/defines/world.dm
@@ -6,12 +6,12 @@ world
 
 
 	Topic(href, href_list[])
-		world << "Received a Topic() call!"
-		world << "[href]"
-		for(var/a in href_list)
-			world << "[a]"
-		if(href_list["hello"])
-			world << "Hello world!"
-			return "Hello world!"
-		world << "End of Topic() call."
-		..()
\ No newline at end of file
+//		world << "Received a Topic() call!"
+//		world << "[href]"
+//		for(var/a in href_list)
+//			world << "[a]"
+//		if(href_list["hello"])
+//			world << "Hello world!"
+//			return "Hello world!"
+//		world << "End of Topic() call."
+//		..()
diff --git a/code/game/machinery/computer/HolodeckControl.dm b/code/game/machinery/computer/HolodeckControl.dm
index 8601b60d50..f00e864cdc 100644
--- a/code/game/machinery/computer/HolodeckControl.dm
+++ b/code/game/machinery/computer/HolodeckControl.dm
@@ -34,9 +34,6 @@
 
 		dat += "Please ensure that only holographic weapons are used in the holodeck if a combat simulation has been loaded.<BR>"
 
-		if(issilicon(user) && !emagged)
-			dat += "<A href='?src=\ref[src];AIoverride=1'>(<font color=red>Override Safety Protocols?</font>)</A><BR>"
-
 		if(emagged)
 			dat += "<A href='?src=\ref[src];burntest=1'>(<font color=red>Begin Atmospheric Burn Simulation</font>)</A><BR>"
 			dat += "Ensure the holodeck is empty before testing.<BR>"
@@ -46,6 +43,8 @@
 			dat += "<BR>"
 			dat += "Safety Protocols are <font color=red> DISABLED </font><BR>"
 		else
+			if(issilicon(user))
+				dat += "<A href='?src=\ref[src];AIoverride=1'>(<font color=red>Override Safety Protocols?</font>)</A><BR>"
 			dat += "<BR>"
 			dat += "Safety Protocols are <font color=green> ENABLED </font><BR>"
 
@@ -88,16 +87,19 @@
 					loadProgram(target)
 
 			else if(href_list["burntest"])
+				if(!emagged)	return
 				target = locate(/area/holodeck/source_burntest)
 				if(target)
 					loadProgram(target)
 
 			else if(href_list["wildlifecarp"])
+				if(!emagged)	return
 				target = locate(/area/holodeck/source_wildlife)
 				if(target)
 					loadProgram(target)
 
 			else if(href_list["AIoverride"])
+				if(!issilicon(usr))	return
 				emagged = 1
 
 			src.add_fingerprint(usr)
diff --git a/code/game/machinery/requests_console.dm b/code/game/machinery/requests_console.dm
index 9c9d6c675a..9a02fe6025 100644
--- a/code/game/machinery/requests_console.dm
+++ b/code/game/machinery/requests_console.dm
@@ -1,5 +1,5 @@
 /******************** Requests Console ********************/
-/** Originally written by errorage, updated by: <sign your updates here> **/
+/** Originally written by errorage, updated by: Carn, needs more work though. I just added some security fixes */
 
 var/req_console_assistance = list()
 var/req_console_supplies = list()
@@ -41,7 +41,7 @@ var/list/obj/machinery/requests_console/allConsoles = list()
 		// 9 = authentication before sending
 		// 10 = send announcement
 	var/silent = 0 // set to 1 for it not to beep all the time
-	var/hackState = 0
+//	var/hackState = 0
 		// 0 = not hacked
 		// 1 = hacked
 	var/announcementConsole = 0
@@ -57,270 +57,319 @@ var/list/obj/machinery/requests_console/allConsoles = list()
 	luminosity = 0
 
 /obj/machinery/requests_console/New()
-	src.name = "[src.department] Requests Console"
+	name = "[department] Requests Console"
 	allConsoles += src
 	//req_console_departments += department
-	switch(src.departmentType)
+	switch(departmentType)
 		if(1)
-			if(!("[src.department]" in req_console_assistance))
+			if(!("[department]" in req_console_assistance))
 				req_console_assistance += department
 		if(2)
-			if(!("[src.department]" in req_console_supplies))
+			if(!("[department]" in req_console_supplies))
 				req_console_supplies += department
 		if(3)
-			if(!("[src.department]" in req_console_information))
+			if(!("[department]" in req_console_information))
 				req_console_information += department
 		if(4)
-			if(!("[src.department]" in req_console_assistance))
+			if(!("[department]" in req_console_assistance))
 				req_console_assistance += department
-			if(!("[src.department]" in req_console_supplies))
+			if(!("[department]" in req_console_supplies))
 				req_console_supplies += department
 		if(5)
-			if(!("[src.department]" in req_console_assistance))
+			if(!("[department]" in req_console_assistance))
 				req_console_assistance += department
-			if(!("[src.department]" in req_console_information))
+			if(!("[department]" in req_console_information))
 				req_console_information += department
 		if(6)
-			if(!("[src.department]" in req_console_supplies))
+			if(!("[department]" in req_console_supplies))
 				req_console_supplies += department
-			if(!("[src.department]" in req_console_information))
+			if(!("[department]" in req_console_information))
 				req_console_information += department
 		if(7)
-			if(!("[src.department]" in req_console_assistance))
+			if(!("[department]" in req_console_assistance))
 				req_console_assistance += department
-			if(!("[src.department]" in req_console_supplies))
+			if(!("[department]" in req_console_supplies))
 				req_console_supplies += department
-			if(!("[src.department]" in req_console_information))
+			if(!("[department]" in req_console_information))
 				req_console_information += department
 
 
 /obj/machinery/requests_console/attack_hand(user as mob)
 	var/dat
-	dat = text("<HEAD><TITLE>Requests Console</TITLE></HEAD><H3>[src.department] Requests Console</H3>")
-	if(!src.open)
-		if (src.screen == 0)
-			announceAuth = 0
-			if (src.newmessagepriority == 1)
-				dat += text("<FONT COLOR='RED'>There are new messages</FONT><BR>")
-			if (src.newmessagepriority == 2)
-				dat += text("<FONT COLOR='RED'><B>NEW PRIORITY MESSAGES</B></FONT><BR>")
-			dat += text("<A href='?src=\ref[src];setScreen=[8]'>View Messages</A><BR><BR>")
+	dat = text("<HEAD><TITLE>Requests Console</TITLE></HEAD><H3>[department] Requests Console</H3>")
+	if(!open)
+		switch(screen)
+			if(1)	//req. assistance
+				dat += text("Which department do you need assistance from?<BR><BR>")
+				for(var/dpt in req_console_assistance)
+					if (dpt != department)
+						dat += text("[dpt] (<A href='?src=\ref[src];write=[ckey(dpt)]'>Message</A> or ")
+						dat += text("<A href='?src=\ref[src];write=[ckey(dpt)];priority=2'>High Priority</A>")
+//						if (hackState == 1)
+//							dat += text(" or <A href='?src=\ref[src];write=[ckey(dpt)];priority=3'>EXTREME</A>)")
+						dat += text(")<BR>")
+				dat += text("<BR><A href='?src=\ref[src];setScreen=0'>Back</A><BR>")
+
+			if(2)	//req. supplies
+				dat += text("Which department do you need supplies from?<BR><BR>")
+				for(var/dpt in req_console_supplies)
+					if (dpt != department)
+						dat += text("[dpt] (<A href='?src=\ref[src];write=[ckey(dpt)]'>Message</A> or ")
+						dat += text("<A href='?src=\ref[src];write=[ckey(dpt)];priority=2'>High Priority</A>")
+//						if (hackState == 1)
+//							dat += text(" or <A href='?src=\ref[src];write=[ckey(dpt)];priority=3'>EXTREME</A>)")
+						dat += text(")<BR>")
+				dat += text("<BR><A href='?src=\ref[src];setScreen=0'>Back</A><BR>")
+
+			if(3)	//relay information
+				dat += text("Which department would you like to send information to?<BR><BR>")
+				for(var/dpt in req_console_information)
+					if (dpt != department)
+						dat += text("[dpt] (<A href='?src=\ref[src];write=[ckey(dpt)]'>Message</A> or ")
+						dat += text("<A href='?src=\ref[src];write=[ckey(dpt)];priority=2'>High Priority</A>")
+//						if (hackState == 1)
+//							dat += text(" or <A href='?src=\ref[src];write=[ckey(dpt)];priority=3'>EXTREME</A>)")
+						dat += text(")<BR>")
+				dat += text("<BR><A href='?src=\ref[src];setScreen=0'>Back</A><BR>")
+
+			if(6)	//sent successfully
+				dat += text("<FONT COLOR='GREEN'>Message sent</FONT><BR><BR>")
+				dat += text("<A href='?src=\ref[src];setScreen=0'>Continue</A><BR>")
+
+			if(7)	//unsuccessful; not sent
+				dat += text("<FONT COLOR='RED'>An error occurred. </FONT><BR><BR>")
+				dat += text("<A href='?src=\ref[src];setScreen=0'>Continue</A><BR>")
+
+			if(8)	//view messages
+				for (var/obj/machinery/requests_console/Console in allConsoles)
+					if (Console.department == department)
+						Console.newmessagepriority = 0
+						Console.icon_state = "req_comp0"
+						Console.luminosity = 1
+				newmessagepriority = 0
+				icon_state = "req_comp0"
+				for(var/msg in messages)
+					dat += text("[msg]<BR>")
+				dat += text("<A href='?src=\ref[src];setScreen=0'>Back to main menu</A><BR>")
+
+			if(9)	//authentication before sending
+				dat += text("<B>Message Authentication</B><BR><BR>")
+				dat += text("<b>Message for [dpt]: </b>[message]<BR><BR>")
+				dat += text("You may authenticate your message now by scanning your ID or your stamp<BR><BR>")
+				dat += text("Validated by: [msgVerified]<br>");
+				dat += text("Stamped by: [msgStamped]<br>");
+				dat += text("<A href='?src=\ref[src];department=[dpt]'>Send</A><BR>");
+				dat += text("<BR><A href='?src=\ref[src];setScreen=0'>Back</A><BR>")
+
+			if(10)	//send announcement
+				dat += text("<B>Station wide announcement</B><BR><BR>")
+				if(announceAuth)
+					dat += text("<b>Authentication accepted</b><BR><BR>")
+				else
+					dat += text("Swipe your card to authenticate yourself.<BR><BR>")
+				dat += text("<b>Message: </b>[message] <A href='?src=\ref[src];writeAnnouncement=1'>Write</A><BR><BR>")
+				if (announceAuth && message)
+					dat += text("<A href='?src=\ref[src];sendAnnouncement=1'>Announce</A><BR>");
+				dat += text("<BR><A href='?src=\ref[src];setScreen=0'>Back</A><BR>")
+
+			else	//main menu
+				screen = 0
+				announceAuth = 0
+				if (newmessagepriority == 1)
+					dat += text("<FONT COLOR='RED'>There are new messages</FONT><BR>")
+				if (newmessagepriority == 2)
+					dat += text("<FONT COLOR='RED'><B>NEW PRIORITY MESSAGES</B></FONT><BR>")
+				dat += text("<A href='?src=\ref[src];setScreen=8'>View Messages</A><BR><BR>")
+
+				dat += text("<A href='?src=\ref[src];setScreen=1'>Request Assistance</A><BR>")
+				dat += text("<A href='?src=\ref[src];setScreen=2'>Request Supplies</A><BR>")
+				dat += text("<A href='?src=\ref[src];setScreen=3'>Relay Anonymous Information</A><BR><BR>")
+				if(announcementConsole)
+					dat += text("<A href='?src=\ref[src];setScreen=10'>Send station-wide announcement</A><BR><BR>")
+				if (silent)
+					dat += text("Speaker <A href='?src=\ref[src];setSilent=0'>OFF</A>")
+				else
+					dat += text("Speaker <A href='?src=\ref[src];setSilent=1'>ON</A>")
 
-			dat += text("<A href='?src=\ref[src];setScreen=[1]'>Request Assistance</A><BR>")
-			dat += text("<A href='?src=\ref[src];setScreen=[2]'>Request Supplies</A><BR>")
-			dat += text("<A href='?src=\ref[src];setScreen=[3]'>Relay Anonymous Information</A><BR><BR>")
-			if(announcementConsole)
-				dat += text("<A href='?src=\ref[src];setScreen=[10]'>Send station-wide announcement</A><BR><BR>")
-			//dat += text("<BR><A href='?src=\ref[src];callMailman=[1];location=[src.department]'>Call Mailman</A><BR><BR>")   // This is the line to call the mailman, it's intended for it to message him on his PDA
-			if (src.silent)
-				dat += text("Speaker <A href='?src=\ref[src];setSilent=[0]'>OFF</A>")
-			else
-				dat += text("Speaker <A href='?src=\ref[src];setSilent=[1]'>ON</A>")
-		if (src.screen == 1)
-			dat += text("Which department do you need assistance from?<BR><BR>")
-			for(var/dpt in req_console_assistance)
-				if (dpt != src.department)
-					dat += text("[dpt] (<A href='?src=\ref[src];write=[ckey(dpt)]'>Message</A> or ")
-					dat += text("<A href='?src=\ref[src];write=[ckey(dpt)];priority=[2]'>High Priority</A>")
-					if (src.hackState == 1)
-						dat += text(" or <A href='?src=\ref[src];write=[ckey(dpt)];priority=[3]'>EXTREME</A>)")
-					dat += text(")<BR>")
-			dat += text("<BR><A href='?src=\ref[src];setScreen=[0]'>Back</A><BR>")
-		if (src.screen == 2)
-			dat += text("Which department do you need supplies from?<BR><BR>")
-			for(var/dpt in req_console_supplies)
-				if (dpt != src.department)
-					dat += text("[dpt] (<A href='?src=\ref[src];write=[ckey(dpt)]'>Message</A> or ")
-					dat += text("<A href='?src=\ref[src];write=[ckey(dpt)];priority=[2]'>High Priority</A>")
-					if (src.hackState == 1)
-						dat += text(" or <A href='?src=\ref[src];write=[ckey(dpt)];priority=[3]'>EXTREME</A>)")
-					dat += text(")<BR>")
-			dat += text("<BR><A href='?src=\ref[src];setScreen=[0]'>Back</A><BR>")
-		if (src.screen == 3)
-			dat += text("Which department would you like to send information to?<BR><BR>")
-			for(var/dpt in req_console_information)
-				if (dpt != src.department)
-					dat += text("[dpt] (<A href='?src=\ref[src];write=[ckey(dpt)]'>Message</A> or ")
-					dat += text("<A href='?src=\ref[src];write=[ckey(dpt)];priority=[2]'>High Priority</A>")
-					if (src.hackState == 1)
-						dat += text(" or <A href='?src=\ref[src];write=[ckey(dpt)];priority=[3]'>EXTREME</A>)")
-					dat += text(")<BR>")
-			dat += text("<BR><A href='?src=\ref[src];setScreen=[0]'>Back</A><BR>")
-		if (src.screen == 6)
-			dat += text("<FONT COLOR='GREEN'>Message sent</FONT><BR><BR>")
-			dat += text("<A href='?src=\ref[src];setScreen=[0]'>Continue</A><BR>")
-		if (src.screen == 7)
-			dat += text("<FONT COLOR='RED'>An error occurred. </FONT><BR><BR>")
-			dat += text("<A href='?src=\ref[src];setScreen=[0]'>Continue</A><BR>")
-		if (src.screen == 8)
-			for (var/obj/machinery/requests_console/CONSOLE in allConsoles)
-				if (CONSOLE.department == src.department)
-					CONSOLE.newmessagepriority = 0
-					CONSOLE.icon_state = "req_comp0"
-					CONSOLE.luminosity = 1
-			src.newmessagepriority = 0
-			icon_state = "req_comp0"
-			for(var/msg in src.messages)
-				dat += text("[msg]<BR>")
-			dat += text("<A href='?src=\ref[src];setScreen=[0]'>Back to main menu</A><BR>")
-		if (src.screen == 9)
-			dat += text("<B>Message Authentication</B><BR><BR>")
-			dat += text("<b>Message for [src.dpt]: </b>[message]<BR><BR>")
-			dat += text("You may authenticate your message now by scanning your ID or your stamp<BR><BR>")
-			dat += text("Validated by: [msgVerified]<br>");
-			dat += text("Stamped by: [msgStamped]<br>");
-			dat += text("<A href='?src=\ref[src];department=[src.dpt]'>Send</A><BR>");
-			dat += text("<BR><A href='?src=\ref[src];setScreen=[0]'>Back</A><BR>")
-		if (src.screen == 10)
-			dat += text("<B>Station wide announcement</B><BR><BR>")
-			if(announceAuth)
-				dat += text("<b>Authentication accepted</b><BR><BR>")
-			else
-				dat += text("Swipe your card to authenticate yourself.<BR><BR>")
-			dat += text("<b>Message: </b>[message] <A href='?src=\ref[src];writeAnnouncement=[1]'>Write</A><BR><BR>")
-			if (announceAuth && message)
-				dat += text("<A href='?src=\ref[src];sendAnnouncement=[1]'>Announce</A><BR>");
-			dat += text("<BR><A href='?src=\ref[src];setScreen=[0]'>Back</A><BR>")
 		user << browse("[dat]", "")
 		onclose(user, "req_console")
 	return
 
 /obj/machinery/requests_console/Topic(href, href_list)
-	if(..())
-		return
+	if(..())	return
 	usr.machine = src
-	src.add_fingerprint(usr)
-	if(href_list["write"])
-		src.dpt = href_list["write"] //write contains the string of the receiving department's name
-		src.message = strip_html(input(usr, "Write your message", "Messanger", ""))
-		src.priority = href_list["priority"]
-		while (findtext(src.message," ") == 1)
-			src.message = copytext(src.message,2,lentext(src.message)+1)
-		if (findtext(src.message," ") == 1)
-			src.message = "";
-		if (src.message != "")
+	add_fingerprint(usr)
+
+	if(reject_bad_text(href_list["write"]))
+		dpt = ckey(href_list["write"]) //write contains the string of the receiving department's name
+
+		var/new_message = reject_bad_text(input(usr, "Write your message:", "Awaiting Input", ""))
+		if(new_message)
+			message = new_message
 			screen = 9
+			switch(href_list["priority"])
+				if("2")	priority = 2
+				else	priority = -1
 		else
 			dpt = "";
-			msgVerified = "";
-			msgStamped = "";
+			msgVerified = ""
+			msgStamped = ""
 			screen = 0
 			priority = -1
+
 	if(href_list["writeAnnouncement"])
-		src.message = input(usr, "Write your message", "Messanger", "")
-		src.priority = href_list["priority"]
-		while (findtext(src.message," ") == 1)
-			src.message = copytext(src.message,2,lentext(src.message)+1)
-		if (findtext(src.message," ") == 1)
-			src.message = "";
-		if (src.message == "")
-			announceAuth = 0;
+		var/new_message = reject_bad_text(input(usr, "Write your message:", "Awaiting Input", ""))
+		if(new_message)
+			message = new_message
+			switch(href_list["priority"])
+				if("2")	priority = 2
+				else	priority = -1
+		else
+			message = ""
+			announceAuth = 0
 			screen = 0
+
 	if(href_list["sendAnnouncement"])
-		world << "<b><font size = 3><font color = red>[department] announcement:</font color> [html_encode(message)]</font size></b>"
+		if(!announcementConsole)	return
+		world << "<b><font size = 3><font color = red>[department] announcement:</font color> [message]</font size></b>"
 		announceAuth = 0
 		message = ""
 		screen = 0
-	if(href_list["department"] && src.message)
-		var/log_msg = src.message
-		var/message = src.message;
-		message += "<br>"
-		if (src.msgVerified)
-			message += src.msgVerified
-			message += "<br>"
-		if (src.msgStamped)
-			message += src.msgStamped
-			message += "<br>"
-		src.screen = 7 //if it's successful, this will get overrwritten (7 = unsufccessfull, 6 = successfull)
-		if (message)
+
+	if( href_list["department"] && message )
+		var/log_msg = message
+		var/sending = message
+		sending += "<br>"
+		if (msgVerified)
+			sending += msgVerified
+			sending += "<br>"
+		if (msgStamped)
+			sending += msgStamped
+			sending += "<br>"
+		screen = 7 //if it's successful, this will get overrwritten (7 = unsufccessfull, 6 = successfull)
+		if (sending)
 			for (var/obj/machinery/message_server/MS in world)
-				MS.send_rc_message(href_list["department"],src.department,log_msg,msgStamped,msgVerified,priority)
-			for (var/obj/machinery/requests_console/CONSOLE in allConsoles)
-				if (ckey(CONSOLE.department) == ckey(href_list["department"]))
-					if(src.priority == "2") //High priority
-						if(CONSOLE.newmessagepriority < 2)
-							CONSOLE.newmessagepriority = 2
-							CONSOLE.icon_state = "req_comp2"
-						if(!CONSOLE.silent)
-							playsound(CONSOLE.loc, 'twobeep.ogg', 50, 1)
-							for (var/mob/O in hearers(5, CONSOLE.loc))
-								O.show_message(text("\icon[CONSOLE] *The Requests Console beeps: 'PRIORITY Alert in [src.department]'"))
-						CONSOLE.messages += "<B><FONT color='red'>High Priority message from <A href='?src=\ref[CONSOLE];write=[ckey(src.department)]'>[src.department]</A></FONT></B><BR>[message]"
-					else if(src.priority == "3"
-					) //Not implemanted, but will be
-						if(CONSOLE.newmessagepriority < 3)
-							CONSOLE.newmessagepriority = 3
-							CONSOLE.icon_state = "req_comp3"
-						if(!CONSOLE.silent)
-							playsound(CONSOLE.loc, 'twobeep.ogg', 50, 1)
-							for (var/mob/O in hearers(7, CONSOLE.loc))
-								O.show_message(text("\icon[CONSOLE] *The Requests Console yells: 'EXTREME PRIORITY alert in [src.department]'"))
-						CONSOLE.messages += "<B><FONT color='red'>Extreme Priority message from [ckey(src.department)]</FONT></B><BR>[message]"
-					else							// Normal priority
-						if(CONSOLE.newmessagepriority < 1)
-							CONSOLE.newmessagepriority = 1
-							CONSOLE.icon_state = "req_comp1"
-						if(!CONSOLE.silent)
-							playsound(CONSOLE.loc, 'twobeep.ogg', 50, 1)
-							for (var/mob/O in hearers(4, CONSOLE.loc))
-								O.show_message(text("\icon[CONSOLE] *The Requests Console beeps: 'Message from [src.department]'"))
-						CONSOLE.messages += "<B>Message from <A href='?src=\ref[CONSOLE];write=[ckey(src.department)]'>[src.department]</A></FONT></B><BR>[message]"
-					src.screen = 6
-					CONSOLE.luminosity = 2
-			src.messages += "<B>Message sent to [src.dpt]</B><BR>[message]"
-	if(href_list["setScreen"])
-		src.screen = text2num(href_list["setScreen"])
-		if (src.screen == 0)
-			dpt = "";
-			msgVerified = "";
-			msgStamped = "";
-			message = "";
-			priority = -1;
-	if(href_list["setSilent"])
-		src.silent = text2num(href_list["setSilent"])
-	src.updateUsrDialog()
+				MS.send_rc_message(href_list["department"],department,log_msg,msgStamped,msgVerified,priority)
+
+			for (var/obj/machinery/requests_console/Console in allConsoles)
+				if (ckey(Console.department) == ckey(href_list["department"]))
+
+					switch(priority)
+						if("2")		//High priority
+							if(Console.newmessagepriority < 2)
+								Console.newmessagepriority = 2
+								Console.icon_state = "req_comp2"
+							if(!Console.silent)
+								playsound(Console.loc, 'twobeep.ogg', 50, 1)
+								for (var/mob/O in hearers(5, Console.loc))
+									O.show_message(text("\icon[Console] *The Requests Console beeps: 'PRIORITY Alert in [department]'"))
+							Console.messages += "<B><FONT color='red'>High Priority message from <A href='?src=\ref[Console];write=[ckey(department)]'>[department]</A></FONT></B><BR>[sending]"
+
+	//					if("3")		//Not implemanted, but will be 		//Removed as it doesn't look like anybody intends on implimenting it ~Carn
+	//						if(Console.newmessagepriority < 3)
+	//							Console.newmessagepriority = 3
+	//							Console.icon_state = "req_comp3"
+	//						if(!Console.silent)
+	//							playsound(Console.loc, 'twobeep.ogg', 50, 1)
+	//							for (var/mob/O in hearers(7, Console.loc))
+	//								O.show_message(text("\icon[Console] *The Requests Console yells: 'EXTREME PRIORITY alert in [department]'"))
+	//						Console.messages += "<B><FONT color='red'>Extreme Priority message from [ckey(department)]</FONT></B><BR>[message]"
+
+						else		// Normal priority
+							if(Console.newmessagepriority < 1)
+								Console.newmessagepriority = 1
+								Console.icon_state = "req_comp1"
+							if(!Console.silent)
+								playsound(Console.loc, 'twobeep.ogg', 50, 1)
+								for (var/mob/O in hearers(4, Console.loc))
+									O.show_message(text("\icon[Console] *The Requests Console beeps: 'Message from [department]'"))
+							Console.messages += "<B>Message from <A href='?src=\ref[Console];write=[ckey(department)]'>[department]</A></FONT></B><BR>[message]"
+
+					screen = 6
+					Console.luminosity = 2
+			messages += "<B>Message sent to [dpt]</B><BR>[message]"
+
+	//Handle screen switching
+	switch(text2num(href_list["setScreen"]))
+		if(null)	//skip
+		if(1)		//req. assistance
+			screen = 1
+		if(2)		//req. supplies
+			screen = 2
+		if(3)		//relay information
+			screen = 3
+//		if(4)		//write message
+//			screen = 4
+		if(5)		//choose priority
+			screen = 5
+		if(6)		//sent successfully
+			screen = 6
+		if(7)		//unsuccessfull; not sent
+			screen = 7
+		if(8)		//view messages
+			screen = 8
+		if(9)		//authentication
+			screen = 9
+		if(10)		//send announcement
+			if(!announcementConsole)	return
+			screen = 10
+		else		//main menu
+			dpt = ""
+			msgVerified = ""
+			msgStamped = ""
+			message = ""
+			priority = -1
+			screen = 0
+
+	//Handle silencing the console
+	switch( href_list["setSilent"] )
+		if(null)	//skip
+		if("1")	silent = 1
+		else	silent = 0
+
+	updateUsrDialog()
 	return
 
 					//err... hacking code, which has no reason for existing... but anyway... it's supposed to unlock priority 3 messanging on that console (EXTREME priority...) the code for that actually exists.
 /obj/machinery/requests_console/attackby(var/obj/item/weapon/O as obj, var/mob/user as mob)
 	/*
 	if (istype(O, /obj/item/weapon/crowbar))
-		if(src.open)
-			src.open = 0
-			src.icon_state="req_comp0"
+		if(open)
+			open = 0
+			icon_state="req_comp0"
 		else
-			src.open = 1
-			if(src.hackState == 0)
-				src.icon_state="req_comp_open"
-			else if(src.hackState == 1)
-				src.icon_state="req_comp_rewired"
+			open = 1
+			if(hackState == 0)
+				icon_state="req_comp_open"
+			else if(hackState == 1)
+				icon_state="req_comp_rewired"
 	if (istype(O, /obj/item/weapon/screwdriver))
-		if(src.open)
-			if(src.hackState == 0)
-				src.hackState = 1
-				src.icon_state="req_comp_rewired"
-			else if(src.hackState == 1)
-				src.hackState = 0
-				src.icon_state="req_comp_open"
+		if(open)
+			if(hackState == 0)
+				hackState = 1
+				icon_state="req_comp_rewired"
+			else if(hackState == 1)
+				hackState = 0
+				icon_state="req_comp_open"
 		else
 			user << "You can't do much with that."*/
 
 	if (istype(O, /obj/item/weapon/card/id))
-		if(src.screen == 9)
+		if(screen == 9)
 			var/obj/item/weapon/card/id/T = O
-			src.msgVerified = text("<font color='green'><b>Verified by [T.registered_name] ([T.assignment])</b></font>")
-			src.updateUsrDialog()
-		if(src.screen == 10)
+			msgVerified = text("<font color='green'><b>Verified by [T.registered_name] ([T.assignment])</b></font>")
+			updateUsrDialog()
+		if(screen == 10)
 			var/obj/item/weapon/card/id/ID = O
 			if (access_RC_announce in ID.access)
 				announceAuth = 1
 			else
 				announceAuth = 0
 				user << "\red You are not authorized to send announcements."
-			src.updateUsrDialog()
+			updateUsrDialog()
 	if (istype(O, /obj/item/weapon/stamp))
-		if(src.screen == 9)
+		if(screen == 9)
 			var/obj/item/weapon/stamp/T = O
-			src.msgStamped = text("<font color='blue'><b>Stamped with the [T.name]</b></font>")
-			src.updateUsrDialog()
-	return
\ No newline at end of file
+			msgStamped = text("<font color='blue'><b>Stamped with the [T.name]</b></font>")
+			updateUsrDialog()
+	return
diff --git a/code/modules/chemical/Chemistry-Machinery.dm b/code/modules/chemical/Chemistry-Machinery.dm
index 809ce4300d..81eb661af7 100644
--- a/code/modules/chemical/Chemistry-Machinery.dm
+++ b/code/modules/chemical/Chemistry-Machinery.dm
@@ -206,6 +206,7 @@
 		if(usr.stat || usr.restrained()) return
 		if(!in_range(src, usr)) return
 
+		src.add_fingerprint(usr)
 		usr.machine = src
 		if(!beaker) return
 		var/datum/reagents/R = beaker:reagents
@@ -259,18 +260,18 @@
 			reagents.clear_reagents()
 			icon_state = "mixer0"
 		else if (href_list["createpill"])
-			var/name = input(usr,"Name:","Name your pill!",reagents.get_master_reagent_name())
+			var/name = reject_bad_text(input(usr,"Name:","Name your pill!",reagents.get_master_reagent_name()))
 			var/obj/item/weapon/reagent_containers/pill/P = new/obj/item/weapon/reagent_containers/pill(src.loc)
-			if(!name || name == " ") name = reagents.get_master_reagent_name()
+			if(!name) name = reagents.get_master_reagent_name()
 			P.name = "[name] pill"
 			P.pixel_x = rand(-7, 7) //random position
 			P.pixel_y = rand(-7, 7)
 			reagents.trans_to(P,50)
 		else if (href_list["createbottle"])
 			if(!condi)
-				var/name = input(usr,"Name:","Name your bottle!",reagents.get_master_reagent_name())
+				var/name = reject_bad_text(input(usr,"Name:","Name your bottle!",reagents.get_master_reagent_name()))
 				var/obj/item/weapon/reagent_containers/glass/bottle/P = new/obj/item/weapon/reagent_containers/glass/bottle(src.loc)
-				if(!name || name == " ") name = reagents.get_master_reagent_name()
+				if(!name) name = reagents.get_master_reagent_name()
 				P.name = "[name] bottle"
 				P.pixel_x = rand(-7, 7) //random position
 				P.pixel_y = rand(-7, 7)
@@ -281,7 +282,6 @@
 		else
 			usr << browse(null, "window=chem_master")
 		src.updateUsrDialog()
-		src.add_fingerprint(usr)
 		return
 
 	attack_ai(mob/user as mob)
diff --git a/code/modules/mob/mob.dm b/code/modules/mob/mob.dm
index 867c85c263..437e3d0eb0 100644
--- a/code/modules/mob/mob.dm
+++ b/code/modules/mob/mob.dm
@@ -582,27 +582,12 @@
 		if(src:cameraFollow)
 			src:cameraFollow = null
 
-
-/client/Topic(href, href_list)
-	if(href_list["priv_msg"])
-		var/client/C = locate(href_list["priv_msg"])
-		if(ismob(C)) //Old stuff can pass in mobs instead of clients
-			var/mob/M = C
-			C = M.client
-		cmd_admin_pm(C,null)
-	else
-		..()
-
 /mob/Topic(href, href_list)
-	if(href_list["priv_msg"])	//for priv_msg references that have yet to be updated to target clients. Forwards it to client/Topic()
-		if(client)
-			client.Topic(href, href_list)
-
 	if(href_list["mach_close"])
 		var/t1 = text("window=[href_list["mach_close"]]")
 		machine = null
 		src << browse(null, t1)
-	..()
+//	..()
 	return
 
 /mob/proc/get_damage()
diff --git a/code/modules/paperwork/handlabeler.dm b/code/modules/paperwork/handlabeler.dm
index c3170b36ef..7aa68d683e 100644
--- a/code/modules/paperwork/handlabeler.dm
+++ b/code/modules/paperwork/handlabeler.dm
@@ -40,7 +40,7 @@
 	if(mode)
 		usr << "\blue You turn on the hand labeler."
 		//Now let them chose the text.
-		var/str = input(usr,"Label text?","Set label","")
+		var/str = reject_bad_text(input(usr,"Label text?","Set label",""))	//sanitize stuff! GOD DAMN THIS IS A SECURITY HOLE
 		if(!str || !length(str))
 			usr << "\red Invalid text."
 			return