diff --git a/src/account.sh b/src/account.sh
index e57d875..cec2b31 100755
--- a/src/account.sh
+++ b/src/account.sh
@@ -4,7 +4,7 @@
 
 # register(username, password)
 function register() {
-	local username=$(echo -ne $(printf "$1" | sed -E "s/ /_/g;s/\:/\-/g;s/\%/\\x/g"))
+	local username=$(echo -ne $(sed -E "s/ /_/g;s/\:/\-/g;s/\%/\\x/g" <<< "$1"))
 
 	if [[ $(grep "$username:" secret/users.dat) != '' ]]; then
 		reason="This user already exists!"
@@ -22,13 +22,13 @@ function register() {
 
 # login(username, password) 
 function login() {
-	local username=$(echo -ne $(echo "$1" | sed -E 's/%/\\x/g'))
+	local username=$(echo -ne $(sed -E 's/%/\\x/g' <<< "$1"))
 	IFS=':'
 	local user=($(grep -P "$username:" secret/users.dat))
 	unset IFS
-	if [[ $(echo -n $2${user[2]} | sha256sum | cut -c 1-64 ) == ${user[1]} ]]; then
-		set_cookie_permanent "sh_session" ${user[3]}
-		set_cookie_permanent "username" $username
+	if [[ $(echo -n $2${user[2]} | sha256sum | cut -c 1-64 ) == "${user[1]}" ]]; then
+		set_cookie_permanent "sh_session" "${user[3]}"
+		set_cookie_permanent "username" "$username"
 		return 0
 	else
 		remove_cookie "sh_session"
@@ -40,9 +40,9 @@ function login() {
 
 # login_simple(base64)
 function login_simple() {
-	local data=$(echo $3 | base64 -d)
-	local password=$(echo $data | sed -E 's/^(.*)\://')
-	local login=$(echo $data | sed -E 's/\:(.*)$//')
+	local data=$(base64 -d <<< "$3")
+	local password=$(sed -E 's/^(.*)\://' <<< "$data")
+	local login=$(sed -E 's/\:(.*)$//' <<< "$data")
 	
 	IFS=':'
 	local user=($(grep "$login:" secret/users.dat))
diff --git a/src/mail.sh b/src/mail.sh
index 0c6616b..4994268 100755
--- a/src/mail.sh
+++ b/src/mail.sh
@@ -20,8 +20,8 @@ function mailsend() {
 	sender_name="$sender_name" mailgen "${cfg[mail]}" "$1" "$2" "$3" > "$tmp"
 
 	curl \
-		$([[ ${cfg[mail_ignore_bad_cert]} == true ]] && printf -- "-k") \
-		$([[ ${cfg[mail_ssl]} == true ]] && printf -- "--ssl") \
+		$([[ "${cfg[mail_ignore_bad_cert]}" == true ]] && printf -- "-k") \
+		$([[ "${cfg[mail_ssl]}" == true ]] && printf -- "--ssl") \
 		"smtp://${cfg[mail_server]}" \
 		--mail-from "${cfg[mail]}" \
 		--mail-rcpt "$1" \
diff --git a/src/route.sh b/src/route.sh
index 6a651c0..455256e 100755
--- a/src/route.sh
+++ b/src/route.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+# route.sh - basic router stub
 
 # router(uri, path)
 function router() {
diff --git a/src/server.sh b/src/server.sh
index c1b0c1b..8c75ba8 100755
--- a/src/server.sh
+++ b/src/server.sh
@@ -156,16 +156,16 @@ fi
 
 echo "${r[url]}" >&2
 
-if [[ ${cfg[auth_required]} == true && ${r[authorized]} != true ]]; then
+if [[ "${cfg[auth_required]}" == true && "${r[authorized]}" != true ]]; then
 	echo "Auth failed." >> ${cfg[log_misc]}
 	r[status]=401
 fi
 
-if [[ ${cfg[proxy]} == true ]]; then
+if [[ "${cfg[proxy]}" == true ]]; then
 	r[status]=211
 fi
 
-if [[ ${r[post]} == true && ${r[status]} == 200 ]]; then
+if [[ "${r[post]}" == true && "${r[status]}" == 200 ]]; then
 
 	# This whole ordeal is here to prevent passing binary data as a variable.
 	# I could have done it as an array, but this solution works, and it's