Thanks Paul, that makes more sense and gives me more to go on. Side note: Are they REALLY just blankly accepting client side input and stuffing them into environment variables? Almost feels like a SQL injection attack but on bash. Ish.