diff --git a/method.php b/method.php
index 1cd05a3..84cb126 100644
--- a/method.php
+++ b/method.php
@@ -32,12 +32,12 @@
require_login();
require_sesskey();
-$component = required_param('component', PARAM_ALPHANUMEXT);
-$paymentarea = required_param('paymentarea', PARAM_ALPHANUMEXT);
+$component = required_param('component', PARAM_COMPONENT);
+$paymentarea = required_param('paymentarea', PARAM_AREA);
$itemid = required_param('itemid', PARAM_INT);
$description = required_param('description', PARAM_TEXT);
-$description = json_decode("\"$description\"");
+$description = json_decode('"' . $description . '"');
$params = [
'component' => $component,
@@ -103,6 +103,7 @@
$templatedata->description = $description;
$templatedata->fee = $fee;
$templatedata->currency = $currency;
+$templatedata->sesskey = sesskey();
if ($config->showduration) {
$templatedata->enrolperiod = $enrolperiod;
diff --git a/pay.php b/pay.php
index 93fefc5..1c83d37 100644
--- a/pay.php
+++ b/pay.php
@@ -28,19 +28,19 @@
require_once($CFG->libdir . '/filelib.php');
require_login();
+require_sesskey();
global $CFG, $USER, $DB;
$userid = $USER->id;
-
-$component = required_param('component', PARAM_ALPHANUMEXT);
-$paymentarea = required_param('paymentarea', PARAM_ALPHANUMEXT);
+$component = required_param('component', PARAM_COMPONENT);
+$paymentarea = required_param('paymentarea', PARAM_AREA);
$itemid = required_param('itemid', PARAM_INT);
$description = required_param('description', PARAM_TEXT);
$password = optional_param('password', null, PARAM_TEXT);
-$skipmode = optional_param('skipmode', null, PARAM_TEXT);
+$skipmode = optional_param('skipmode', null, PARAM_INT);
$costself = optional_param('costself', null, PARAM_TEXT);
$description = json_decode("\"$description\"");
diff --git a/templates/method.mustache b/templates/method.mustache
index 22451b0..feb2dc4 100644
--- a/templates/method.mustache
+++ b/templates/method.mustache
@@ -104,6 +104,7 @@
+