Index: includes/common/functions.php
===================================================================
--- includes/common/functions.php	(revision 7250)
+++ includes/common/functions.php	(working copy)
@@ -46,7 +46,7 @@
 
 	// Check 'redirect_to' request parameter
 	$retval = ! empty( $_REQUEST['redirect_to'] )
-		? $_REQUEST['redirect_to']
+		? sanitize_text_field( $_REQUEST['redirect_to'] )
 		: '';
 
 	// Filter & return
@@ -590,9 +590,9 @@
 
 	// Parse arguments against default values
 	$r = bbp_parse_args( $args, array(
-		'bbp_anonymous_name'    => ! empty( $_POST['bbp_anonymous_name']    ) ? $_POST['bbp_anonymous_name']    : false,
-		'bbp_anonymous_email'   => ! empty( $_POST['bbp_anonymous_email']   ) ? $_POST['bbp_anonymous_email']   : false,
-		'bbp_anonymous_website' => ! empty( $_POST['bbp_anonymous_website'] ) ? $_POST['bbp_anonymous_website'] : false,
+		'bbp_anonymous_name'    => ! empty( $_POST['bbp_anonymous_name']    ) ? sanitize_text_field( $_POST['bbp_anonymous_name'] )    : false,
+		'bbp_anonymous_email'   => ! empty( $_POST['bbp_anonymous_email']   ) ? sanitize_text_field( $_POST['bbp_anonymous_email'] )   : false,
+		'bbp_anonymous_website' => ! empty( $_POST['bbp_anonymous_website'] ) ? sanitize_text_field( $_POST['bbp_anonymous_website'] ) : false,
 	), 'filter_anonymous_post_data' );
 
 	// Strip invalid characters
@@ -1038,7 +1038,7 @@
  * @return string
  */
 function bbp_get_do_not_reply_address() {
-	$sitename = strtolower( $_SERVER['SERVER_NAME'] );
+	$sitename = strtolower( sanitize_text_field( $_SERVER['SERVER_NAME'] ) );
 	if ( substr( $sitename, 0, 4 ) === 'www.' ) {
 		$sitename = substr( $sitename, 4 );
 	}
Index: includes/core/abstraction.php
===================================================================
--- includes/core/abstraction.php	(revision 7250)
+++ includes/core/abstraction.php	(working copy)
@@ -217,7 +217,6 @@
  *
  * @since 2.5.8 bbPress (r5814)
  *
- * @global object $wp_rewrite The WP_Rewrite object
  *
  * @return bool
  */
Index: includes/extend/akismet.php
===================================================================
--- includes/extend/akismet.php	(revision 7250)
+++ includes/extend/akismet.php	(working copy)
@@ -1025,7 +1025,7 @@
 	 *
 	 * @since 2.6.7 bbPress (r7203)
 	 *
-	 * @global wpdb $wpdb
+	 * @global wpdb $wpdb WordPress database object.
 	 */
 	public function delete_old_spam() {
 		global $wpdb;
@@ -1106,7 +1106,7 @@
 	 *
 	 * @since 2.6.7 bbPress (r7203)
 	 *
-	 * @global wpdb $wpdb
+	 * @global wpdb $wpdb WordPress database object.
 	 */
 	public function delete_old_spam_meta() {
 		global $wpdb;
@@ -1166,7 +1166,7 @@
 	 *
 	 * @since 2.6.7 bbPress (r7203)
 	 *
-	 * @global wpdb $wpdb
+	 * @global wpdb $wpdb WordPress database object.
 	 */
 	public function delete_orphaned_spam_meta() {
 		global $wpdb;
@@ -1250,7 +1250,7 @@
 	 *
 	 * @since 2.7.0 bbPress (r7203)
 	 *
-	 * @global wpdb $wpdb
+	 * @global wpdb $wpdb WordPress database object.
 	 */
 	private function maybe_optimize_postmeta() {
 		global $wpdb;
Index: includes/forums/functions.php
===================================================================
--- includes/forums/functions.php	(revision 7250)
+++ includes/forums/functions.php	(working copy)
@@ -173,7 +173,7 @@
 	/** Forum Content *********************************************************/
 
 	if ( ! empty( $_POST['bbp_forum_content'] ) ) {
-		$forum_content = $_POST['bbp_forum_content'];
+		$forum_content = sanitize_text_field( $_POST['bbp_forum_content'] );
 	}
 
 	// Filter and sanitize
@@ -188,7 +188,7 @@
 
 	// Forum parent was passed (the norm)
 	if ( ! empty( $_POST['bbp_forum_parent_id'] ) ) {
-		$forum_parent_id = bbp_get_forum_id( $_POST['bbp_forum_parent_id'] );
+		$forum_parent_id = bbp_get_forum_id( sanitize_text_field( $_POST['bbp_forum_parent_id'] ) );
 	}
 
 	// Filter and sanitize
@@ -426,7 +426,7 @@
 
 	// Forum parent id was passed
 	if ( ! empty( $_POST['bbp_forum_parent_id'] ) ) {
-		$forum_parent_id = bbp_get_forum_id( $_POST['bbp_forum_parent_id'] );
+		$forum_parent_id = bbp_get_forum_id( sanitize_text_field( $_POST['bbp_forum_parent_id'] ) );
 	}
 
 	// Current forum this forum is in
@@ -473,7 +473,7 @@
 	/** Forum Content *********************************************************/
 
 	if ( ! empty( $_POST['bbp_forum_content'] ) ) {
-		$forum_content = $_POST['bbp_forum_content'];
+		$forum_content = sanitize_text_field( $_POST['bbp_forum_content'] );
 	}
 
 	// Filter and sanitize
Index: includes/forums/template.php
===================================================================
--- includes/forums/template.php	(revision 7250)
+++ includes/forums/template.php	(working copy)
@@ -2110,7 +2110,7 @@
 
 		// Get _POST data
 		if ( bbp_is_forum_form_post_request() && isset( $_POST['bbp_forum_content'] ) ) {
-			$forum_content = wp_unslash( $_POST['bbp_forum_content'] );
+			$forum_content = wp_unslash( sanitize_text_field( $_POST['bbp_forum_content'] ) );
 
 		// Get edit data
 		} elseif ( bbp_is_forum_edit() ) {
Index: includes/topics/functions.php
===================================================================
--- includes/topics/functions.php	(revision 7250)
+++ includes/topics/functions.php	(working copy)
@@ -166,7 +166,7 @@
 	/** Topic Content *********************************************************/
 
 	if ( ! empty( $_POST['bbp_topic_content'] ) ) {
-		$topic_content = $_POST['bbp_topic_content'];
+		$topic_content = sanitize_text_field( $_POST['bbp_topic_content'] );
 	}
 
 	// Filter and sanitize
@@ -553,7 +553,7 @@
 	/** Topic Content *********************************************************/
 
 	if ( ! empty( $_POST['bbp_topic_content'] ) ) {
-		$topic_content = $_POST['bbp_topic_content'];
+		$topic_content = sanitize_text_field( $_POST['bbp_topic_content'] );
 	}
 
 	// Filter and sanitize
@@ -1742,8 +1742,8 @@
 			}
 
 			// Attempt to update the tag
-			$slug        = ! empty( $_POST['tag-slug']        ) ? $_POST['tag-slug']        : '';
-			$description = ! empty( $_POST['tag-description'] ) ? $_POST['tag-description'] : '';
+			$slug        = ! empty( $_POST['tag-slug']        ) ? sanitize_text_field( $_POST['tag-slug'] )        : '';
+			$description = ! empty( $_POST['tag-description'] ) ? sanitize_text_field( $_POST['tag-description'] ) : '';
 			$tag         = wp_update_term( $tag_id, bbp_get_topic_tag_tax_id(), array(
 				'name'        => $name,
 				'slug'        => $slug,
Index: includes/users/engagements.php
===================================================================
--- includes/users/engagements.php	(revision 7250)
+++ includes/users/engagements.php	(working copy)
@@ -600,7 +600,7 @@
 	}
 
 	// What action is taking place?
-	$topic_id = bbp_get_topic_id( $_GET['object_id'] );
+	$topic_id = bbp_get_topic_id( sanitize_text_field( $_GET['object_id'] ) );
 	$user_id  = bbp_get_user_id( 0, true, true );
 
 	// Check for empty topic
@@ -637,7 +637,7 @@
 
 		// Redirect back from whence we came
 		if ( ! empty( $_REQUEST['redirect_to'] ) ) {
-			$redirect = $_REQUEST['redirect_to']; // Validated later
+			$redirect = sanitize_text_field( $_REQUEST['redirect_to'] ); // Validated later
 		} elseif ( bbp_is_favorites() ) {
 			$redirect = bbp_get_favorites_permalink( $user_id, true );
 		} elseif ( bbp_is_single_user() ) {