diff --git a/src/app/Controllers/MainController.php b/src/app/Controllers/MainController.php
index 694a206..0834215 100644
--- a/src/app/Controllers/MainController.php
+++ b/src/app/Controllers/MainController.php
@@ -18,7 +18,7 @@ class MainController
     public static function run() {
         $reportWrapper = new ReportWrapper(file_get_contents(TRANSACTIONS_FILE));
 
-        $year = $_GET['year'] ?? DateUtils::getCurrentYear();
+        $year = isset($_GET['year']) ? intval($_GET['year']) : DateUtils::getCurrentYear();
         $action = $_GET['action'] ?? null;
         $compensateCapitalLosses = filter_var($_GET['compensate_losses'] ?? true, FILTER_VALIDATE_BOOLEAN);
 
diff --git a/src/app/Controllers/WebAppController.php b/src/app/Controllers/WebAppController.php
index 1b1ee38..cbe3056 100644
--- a/src/app/Controllers/WebAppController.php
+++ b/src/app/Controllers/WebAppController.php
@@ -46,7 +46,7 @@ public static function run() {
     }
 
     public static function printReport() {
-        $year = $_GET['year'] ?? DateUtils::getCurrentYear();
+        $year = self::getSelectedYear();
 
         $settings = self::getSelectedReportSettings();
         $exchangeSettings = $settings['exchanges'] ?? [];
@@ -57,7 +57,7 @@ public static function printReport() {
     }
 
     public static function printModelloRedditi() {
-        $year = $_GET['year'] ?? DateUtils::getCurrentYear();
+        $year = self::getSelectedYear();
 
         $settings = self::getSelectedReportSettings();
         $compensateCapitalLosses = $settings['compensate_losses'] ?? true;
@@ -69,7 +69,7 @@ public static function printModelloRedditi() {
     }
 
     public static function printModelloF24() {
-        $year = $_GET['year'] ?? DateUtils::getCurrentYear();
+        $year = self::getSelectedYear();
 
         $settings = self::getSelectedReportSettings();
         $compensateCapitalLosses = $settings['compensate_losses'] ?? true;
@@ -100,7 +100,7 @@ public static function upload() {
 
         $reportWrapper = new ReportWrapper(AesUtils::decrypt(file_get_contents($filePath), $key));
 
-        setcookie('KEY-' . $reportId, $key, self::getCookieOptions());
+        self::setCookie('KEY-' . $reportId, $key);
 
         header('Content-type: application/json');
         echo json_encode(['report_id' => $reportId] + $reportWrapper->getSummary(true));
@@ -122,12 +122,16 @@ public static function setSettings() {
             $settings['compensate_losses'] = filter_var($_POST['compensate_losses'] ?? true, FILTER_VALIDATE_BOOLEAN);
         }
 
-        setcookie('SETTINGS-' . $reportId, base64_encode(json_encode($settings)), self::getCookieOptions());
+        self::setCookie('SETTINGS-' . $reportId, base64_encode(json_encode($settings)));
+    }
+
+    private static function getSelectedYear() {
+        return isset($_GET['year']) ? intval($_GET['year']) : DateUtils::getCurrentYear();
     }
 
     private static function getSelectedReportContent() {
         $reportId = self::getSelectedReportId();
-        $filePath = dirname(__FILE__) . '/../../tmp/' . $reportId;
+        $filePath = dirname(__FILE__) . '/../../tmp/' . basename($reportId);
 
         if (strlen($reportId) !== 32 || !file_exists($filePath)) {
             throw new NotFoundException('report');
@@ -140,7 +144,7 @@ private static function getSelectedReportContent() {
     private static function getSelectedReportSettings() {
         $reportId = self::getSelectedReportId();
 
-        $filePath = dirname(__FILE__) . '/../../tmp/' . $reportId;
+        $filePath = dirname(__FILE__) . '/../../tmp/' . basename($reportId);
 
         if (strlen($reportId) !== 32 || !file_exists($filePath)) {
             throw new NotFoundException('report');
@@ -153,11 +157,7 @@ private static function getSelectedReportId() {
         return $_GET['id'] ?? $_POST['id'] ?? null;
     }
 
-    private static function getCookieOptions() {
-        return [
-            'expires' => time() + 60 * 60 * 12,
-            'secure' => true,
-            'httponly' => true
-        ];
+    private static function setCookie($name, $value) {
+        setcookie($name, $value, time() + 60 * 60 * 12, '', '', true, true);
     }
 }
diff --git a/src/app/Utils/AesUtils.php b/src/app/Utils/AesUtils.php
index 8798d82..e6aa3ac 100644
--- a/src/app/Utils/AesUtils.php
+++ b/src/app/Utils/AesUtils.php
@@ -8,7 +8,7 @@ class AesUtils
 
     public static function encrypt($plain, $key) {
         $key = hex2bin($key);
-        $iv = hex2bin(md5(microtime() . random_int(PHP_INT_MIN, PHP_INT_MAX)));
+        $iv = random_bytes(16);
         $data = openssl_encrypt($plain, self::METHOD, $key, OPENSSL_RAW_DATA, $iv);
         return base64_encode($iv . $data);
     }
diff --git a/src/cron.php b/src/cron.php
index 4e0a659..ec3e471 100644
--- a/src/cron.php
+++ b/src/cron.php
@@ -4,6 +4,7 @@
 require_once __DIR__ . '/vendor/autoload.php';
 
 use CrypTax\Utils\CryptoInfoUtils;
+use CrypTax\Utils\DateUtils;
 use CrypTax\Utils\DbUtils;
 
 if (PHP_SAPI !== 'cli' || isset($_SERVER['HTTP_USER_AGENT'])) {
@@ -34,3 +35,10 @@
 while ($resultArray = $result->fetch_assoc()) {
     CryptoInfoUtils::getCryptoPrice($resultArray['ticker'], $resultArray['date']);
 }
+
+// get most recent prices
+$result = DbUtils::getConnection()->query('SELECT DISTINCT(ticker) FROM cache WHERE 1');
+
+while ($resultArray = $result->fetch_assoc()) {
+    CryptoInfoUtils::getCryptoPrice($resultArray['ticker'], DateUtils::getToday());
+}