diff --git a/include/filter.php b/include/filter.php
index ddf30d8..de98d47 100644
--- a/include/filter.php
+++ b/include/filter.php
@@ -1,19 +1,39 @@
 <?php
 $aClean = array();
-filter_gpc();
+filter_perform_filtering();
+
+/* perform input variable filtering */
+function filter_perform_filtering()
+{
+    // if filtering failed post the error
+    $sResult = filter_gpc();
+    if($sResult)
+    {
+        util_show_error_page_and_exit($sResult);
+    }
+}
 
 /*
  * Make all get/post/cookies variable clean based on their names.
+ * Returns an error string if failure occurs, null if successful
  */
 function filter_gpc()
 {
     global $aClean;
+
     $aKeys = array_keys($_REQUEST);
     for($i=0; $i < sizeof($aKeys); $i++)
     {
+        // NOTE: useful for debugging
+        //echo "'".$aKeys[$i]."' = '".$_REQUEST[$aKeys[$i]]."'\n";
+
         // Special cases for variables that don't fit our filtering scheme
         // don't filter the AppDB session cookie and MAX_FILE_SIZE
         // and the DialogX values that xinha uses
+
+        // NOTE: we must use === when comparing the return value of strpos
+        //       against a value, otherwise if strpos() returns false indicating that
+        //       the value wasn't found strpos(something) == 0 will still be true
         if(strpos($aKeys[$i], "Dialog") === 0) // Xinha variables
         {
             // copy the key over to the clean array
@@ -24,7 +44,7 @@ function filter_gpc()
             continue; // go to the next entry
         } else if($aKeys[$i] == "whq_appdb" || ($aKeys[$i] == "MAX_FILE_SIZE")
                   || ($aKeys[$i] == "PHPSESSID")
-                  || (strpos($aKeys[$i], "pref_")) === 0) // other variables
+                  || (strpos($aKeys[$i], "pref_") === 0)) // other variables
         {
             // copy the key over to the clean array after stripping tags and trimming
             $aClean[$aKeys[$i]] = trim(strip_tags($_REQUEST[$aKeys[$i]]));
@@ -37,16 +57,16 @@ function filter_gpc()
             case "f": // float
                 if(is_numeric($_REQUEST[$aKeys[$i]]))
                     $aClean[$aKeys[$i]] = $_REQUEST[$aKeys[$i]];
-                elseif(empty($_REQUEST[$aKeys[$i]]))
+                else if(empty($_REQUEST[$aKeys[$i]]))
                     $aClean[$aKeys[$i]] = 0;
                 else
-                    util_show_error_page_and_exit("Fatal error: ".$aKeys[$i]." should be a numeric value.");
+                    return "Fatal error: ".$aKeys[$i]." should be a numeric value.";
             break;
             case "b": // boolean
                 if($_REQUEST[$aKeys[$i]]=="true" || $_REQUEST[$aKeys[$i]]=="false")
                     $aClean[$aKeys[$i]] = $_REQUEST[$aKeys[$i]];
                 else
-                    util_show_error_page_and_exit("Fatal error: ".$aKeys[$i]." should be a boolean value.");
+                    return "Fatal error: ".$aKeys[$i]." should be a boolean value.";
             break;
             case "s": // string
                 switch($aKeys[$i][1])
@@ -64,10 +84,10 @@ function filter_gpc()
             break;
             case "a": // array
                  if(!is_array($_REQUEST[$aKeys[$i]]))
-                    util_show_error_page_and_exit("Fatal error: ".$aKeys[$i]." should be an array.");
+                     return "Fatal error: ".$aKeys[$i]." should be an array.";
             break;
             default:
-                util_show_error_page_and_exit("Fatal error: type of variable ".$aKeys[$i]." is not recognized.");
+                return "Fatal error: type of variable ".$aKeys[$i]." is not recognized.";
                 break;
         }
     }
@@ -79,5 +99,7 @@ function filter_gpc()
     $_GET = array();
     if(APPDB_DONT_CLEAR_COOKIES_VAR != "1")
         $_COOKIES = array();
+
+    return null;
 }
 ?>
diff --git a/unit_test/run_tests.php b/unit_test/run_tests.php
index 4d9a8e9..a33e830 100644
--- a/unit_test/run_tests.php
+++ b/unit_test/run_tests.php
@@ -20,4 +20,6 @@ echo "\n";
 include_once("test_application.php");
 echo "\n";
 include_once("test_error_log.php");
+echo "\n";
+include_once("test_filter.php");
 ?>
diff --git a/unit_test/test_filter.php b/unit_test/test_filter.php
new file mode 100644
index 0000000..0eaf3d5
--- /dev/null
+++ b/unit_test/test_filter.php
@@ -0,0 +1,133 @@
+<?php
+
+/* unit tests for input filtering routines */
+
+require_once("path.php");
+require_once("test_common.php");
+require_once(BASE."include/incl.php");
+
+
+// Test that we can filter properly, that filtering errors result in error output
+// and that we properly preserve html tags in html strings and strip html tags from
+// normal strings
+function test_filter()
+{
+    global $aClean; // the array where filtered variables will be stored
+
+    //*********************************************************
+    // test that filtering properly fails when given an integer
+    // that doesn't contain an integer value
+    $_REQUEST = array(); // clear out the array
+    $_REQUEST['iInteger'] = 100;
+    $_REQUEST['iNotAnInteger'] = "asfasdflskjf"; // this value should cause filtering to
+                                                 // fail since it isn't an integer bug has
+                                                 // the integer prefix of 'i'
+
+    $sResult = filter_gpc();
+    if(!$sResult)
+    {
+        echo "filter_gpc() succeeded when it should have failed due to invalid input!\n";
+        return false;
+    }
+
+
+    //***************************************************************
+    // test that filtering succeeds when given valid values to filter
+    $sString = "some string";
+    $iInteger = 12345;
+    $_REQUEST = array(); // clear out the array
+    $_REQUEST['sString'] = $sString;
+    $_REQUEST['iInteger'] = $iInteger;
+
+    // filter the variables and make sure that we don't have a return value
+    // ie, that filtering succeeded
+    $sResult = filter_gpc();
+    if($sResult)
+    {
+        echo "sResult is '$sResult' but we expected success and no return value\n";
+        return false;
+    }
+
+    // make sure the values match what we expect
+    if($aClean['sString'] != $sString)
+    {
+        echo "Expected aClean['sString'] to be '".$sString."' but instead it was '".$aClean['sString']."'\n";
+        return false;
+    }
+
+    if($aClean['iInteger'] != $iInteger)
+    {
+        echo "Expected aClean['iInteger'] to be '".$iInteger."' but instead it was '".$aClean['iInteger']."'\n";
+        return false;
+    }
+
+
+    //*************************************************************
+    // test that filtering html works properly, preserving the tags
+    $_REQUEST = array(); // clear out the array
+    $shHtml = "<pre>This is some html</pre>";
+    $_REQUEST['shHtml'] = $shHtml;
+
+    // filter the variables and make sure that we don't have a return value
+    // ie, that filtering succeeded
+    $sResult = filter_gpc();
+    if($sResult)
+    {
+        echo "sResult is '$sResult' but we expected success and no return value\n";
+        return false;
+    }
+
+    // expect that the filtered value will be equal
+    if($aClean['shHtml'] != $shHtml)
+    {
+        echo "Expected aClean['shHtml'] to be '".$shHtml."' but instead it was '".$aClean['shHtml']."'\n";
+        return false;
+    }
+
+
+    //*****************************************************************************
+    // test that filtering strings with html results in the tags being stripped out 
+    $_REQUEST = array(); // clear out the array
+    $sHtml = "<pre>This is some html</pre>";
+    $_REQUEST['sHtml'] = $sHtml;
+
+    // filter the variables and make sure that we don't have a return value
+    // ie, that filtering succeeded
+    $sResult = filter_gpc();
+    if($sResult)
+    {
+        echo "sResult is '$sResult' but we expected success and no return value\n";
+        return false;
+    }
+
+    // expect that $aClean value has been modified during filtering so these
+    // shouldn't be equal unless something has failed
+    if($aClean['sHtml'] == $sHtml)
+    {
+        echo "Expected aClean['shHtml'] to be '".$sHtml."' but instead it was '".$aClean['sHtml']."'\n";
+        return false;
+    }
+
+    // make sure all html has been stripped
+    if(strip_tags($aClean['sHtml']) != $aClean['sHtml'])
+    {
+        echo "Expected all html to be stripped already but we were able to strip this '".$aClean['sHtml']
+            ."' into '".strip_tags($aClean['sHtml'])."'\n";
+        return false;
+    }
+    
+
+    return true;
+}
+
+
+/*************************/
+/* Main test routines */
+
+if(!test_filter())
+    echo "test_filter() failed!\n";
+else
+    echo "test_filter() passed\n";
+
+
+?>