diff --git a/index.php b/index.php
index ff0fdfe..4c2fbda 100644
--- a/index.php
+++ b/index.php
@@ -23,7 +23,7 @@ include_once("app/utils.php");
 include_once("app/HTML.php");
 
 function isValidEndpoint(string $pageName, string $dirPrefix) {
-	return preg_match("/[a-zA-Z0-9\.]{1,100}/", $pageName) && file_exists("./".$dirPrefix."/".$pageName.".php");
+	return preg_match('/^[a-zA-Z0-9\.]{1,100}$/', $pageName) && file_exists("./".$dirPrefix."/".$pageName.".php");
 }
 
 //TODO: add API keys and/or rate limiting
diff --git a/pages/friends.php b/pages/friends.php
index 1db1ed7..da98e0b 100644
--- a/pages/friends.php
+++ b/pages/friends.php
@@ -4,7 +4,7 @@
         if(isset($_POST['remove'])) {
             include 'app/FormValidator.php';
             $validator = new FormValidator(array(
-                'uuid' => array('required' => true, 'regex' => '/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/')
+                'uuid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
             ));
 
             if($validator->isValid($_POST)) {
diff --git a/pages/groups.php b/pages/groups.php
index 1be9789..23a6518 100644
--- a/pages/groups.php
+++ b/pages/groups.php
@@ -4,7 +4,7 @@
         if(isset($_POST['leave'])) {
             include 'app/FormValidator.php';
             $validator = new FormValidator(array(
-                'group' => array('required' => true, 'regex' => '/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/')
+                'group' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
             ));
 
             if($validator->isValid($_POST)) {
diff --git a/pages/identities.php b/pages/identities.php
index 8df562e..979c592 100644
--- a/pages/identities.php
+++ b/pages/identities.php
@@ -6,7 +6,7 @@
         include 'app/FormValidator.php';
         if(isset($_POST['enableIdent'])) {
             $validator = new FormValidator(array(
-                'newuuid' => array('required' => true, 'regex' => '/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/')
+                'newuuid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
             ));
 
             if($validator->isValid($_POST)) {
@@ -57,7 +57,7 @@
         }
         else if(isset($_POST['createIdent'])) {
             $validator = new FormValidator(array(
-                'newName' => array('required' => true, 'regex' => '/[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}/')
+                'newName' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/')
             ));
 
             if($validator->isValid($_POST)) {
diff --git a/pages/login.php b/pages/login.php
index 704515c..8ec6011 100644
--- a/pages/login.php
+++ b/pages/login.php
@@ -7,8 +7,8 @@
 	{
 		include_once 'app/FormValidator.php';
 		$validator = new FormValidator(array(
-			'username' => array('required' => true, 'regex' => '/[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}/'),
-			'password' => array('required' => true, 'regex' => '/.{1,1000}/')
+			'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'),
+			'password' => array('required' => true, 'regex' => '/^.{1,1000}$/')
 		));
 		
 		if(!$validator->isValid($_POST)) {
@@ -70,7 +70,7 @@
 		}
 	}
 
-	if(isset($_REQUEST['page']) && preg_match('/[0-9a-zA-Z]{1-100}/', $_REQUEST['page']) && file_exists("./pages/".$_REQUEST['page'].".php"))
+	if(isset($_REQUEST['page']) && preg_match('/^[0-9a-zA-Z]{1-100}$/', $_REQUEST['page']) && file_exists("./pages/".$_REQUEST['page'].".php"))
 		$HTML->ReplaceLayoutInhalt("%%PAGENAME%%", urlencode($_REQUEST['page']));
 
 	$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", ""); 
diff --git a/pages/profile.php b/pages/profile.php
index 3c81ab7..5c2e149 100644
--- a/pages/profile.php
+++ b/pages/profile.php
@@ -124,16 +124,16 @@
         }
         else if(isset($_POST['savePassword'])) {
             $validator = new FormValidator(array(
-                'oldPassword' => array('required' => true, 'regex' => '/.{1,1000}/'),
-                'newPassword' => array('required' => true, 'regex' => '/.{1,1000}/'),
-                'newPasswordRepeat' => array('required' => true, 'regex' => '/.{1,1000}/')
+                'oldPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
+                'newPassword' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
+                'newPasswordRepeat' => array('required' => true, 'regex' => '/^.{1,1000}$/')
             ));
-    
+
             if($validator->isValid($_POST)) {
                 if($_POST['newPasswordRepeat'] == $_POST['newPassword']) {
                     if(strlen(trim($_POST['newPassword']))  >= $RUNTIME['PASSWORD_MIN_LENGTH']) {
                         if(password_verify($_POST['oldPassword'], $_SESSION['PASSWORD'])) {
-                            $hash = password_hash($NewPassword, PASSWORD_ARGON2ID);
+                            $hash = password_hash($_POST['newPassword'], PASSWORD_ARGON2ID);
                             $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID'); 
                             $statement->execute(['PasswordHash' => $hash, 'PrincipalID' => $_SESSION['UUID']]);
                             $_SESSION['PASSWORD'] = $hash;
diff --git a/pages/register.php b/pages/register.php
index 4d4a019..2d377b4 100644
--- a/pages/register.php
+++ b/pages/register.php
@@ -18,7 +18,7 @@
 	if(!isset($_REQUEST['code']))
 		die("MISSING INVITE CODE!");
 
-	if(strlen($_REQUEST['code']) != 32 || !preg_match('/[a-f0-9]+/', $_REQUEST['code'])) {
+	if(strlen($_REQUEST['code']) != 32 || !preg_match('/^[a-f0-9]+$/', $_REQUEST['code'])) {
 		die("INVALID INVITE CODE!");
 	}
 
@@ -37,9 +37,9 @@
 
 	$validator = new FormValidator(array(
 		'tos' => array('required' => true, 'equals' => 'on'),
-		'username' => array('required' => true, 'regex' => '/[^\\/<>\s]{1,64}( [^\\/<>\s]{1,64})?/'),
-		'password' => array('required' => true, 'regex' => '/.{1,1000}/'),
-		'email' => array('required' => true, 'regex' => '/\S{1,64}@\S{1,250}.\S{2,64}/'),
+		'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64}( [^\\/<>\s]{1,64})?$/'),
+		'password' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
+		'email' => array('required' => true, 'regex' => '/^\S{1,64}@\S{1,250}.\S{2,64}$/'),
 		'avatar' => array('required' => true)
 	));
 
diff --git a/pages/users.php b/pages/users.php
index 1c26e7d..2ae7366 100644
--- a/pages/users.php
+++ b/pages/users.php
@@ -18,7 +18,7 @@
         include 'app/FormValidator.php';
         if(isset($_POST['genpw'])) {
             $validator = new FormValidator(array(
-                'userid' => array('required' => true, 'regex' => '/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/')
+                'userid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
             ));
 
             if($validator->isValid($_POST)) {