diff --git a/user/messageselect.php b/user/messageselect.php
index 368d6c1cd21..059598e32ef 100644
--- a/user/messageselect.php
+++ b/user/messageselect.php
@@ -1,15 +1,15 @@
-<?php
-{
+<?php // $Id$
+
     require_once('../config.php');
     require_once($CFG->dirroot.'/message/lib.php');
 
     $id = required_param('id',PARAM_INT);
     $messagebody = optional_param('messagebody','',PARAM_CLEANHTML);
-    $send = optional_param('send','',PARAM_ALPHA);
+    $send = optional_param('send','',PARAM_RAW);   // Content is actually treated as boolean
+    $preview = optional_param('preview','',PARAM_RAW);   // Content is actually treated as boolean
+    $edit = optional_param('edit','',PARAM_RAW);   // Content is actually treated as boolean
     $returnto = optional_param('returnto','',PARAM_LOCALURL);
-    $preview = optional_param('preview','',PARAM_ALPHA);
     $format = optional_param('format',FORMAT_MOODLE,PARAM_INT);
-    $edit = optional_param('edit','',PARAM_ALPHA);
     $deluser = optional_param('deluser',0,PARAM_INT);
 
     if (!$course = get_record('course','id',$id)) {
@@ -88,17 +88,17 @@
 
     if (!empty($messagebody) && !$edit && !$deluser && ($preview || $send)) {
         if (count($SESSION->emailto[$id])) {
-            if ($preview) {
+            if (!empty($preview)) {
                 echo '<form method="post" action="messageselect.php" style="margin: 0 20px;">
-<input type="hidden" name="returnto" value="'.stripslashes($returnto).'" />
+<input type="hidden" name="returnto" value="'.s($returnto).'" />
 <input type="hidden" name="id" value="'.$id.'" />
 <input type="hidden" name="format" value="'.$format.'" />
 ';
                 echo "<h3>".get_string('previewhtml')."</h3><div class=\"messagepreview\">\n".format_text(stripslashes($messagebody),$format)."\n</div>\n";
                 echo '<p align="center"><input type="submit" name="send" value="'.get_string('sendmessage', 'message').'" />'."\n";
-                echo '<input type="submit" name="edit" value="'.get_string('edit').'" /></p>';
+                echo '<input type="submit" name="edit" value="'.get_string('update').'" /></p>';
                 echo "\n</form>";
-            } elseif ($send) {
+            } else if (!empty($send)) {
                 $good = 1;
                 $teachers = array();
                 foreach ($SESSION->emailto[$id] as $user) {
@@ -107,7 +107,7 @@
                         $teachers[] = $user->id;
                     }
                 }
-                if ($good) {
+                if (!empty($good)) {
                     print_heading(get_string('messagedselectedusers'));
                     unset($SESSION->emailto[$id]);
                     unset($SESSION->emailselect[$id]);
@@ -139,5 +139,5 @@
 
     print_footer();
 
-}
+
 ?>