--- userstat.pl.orig	Sat May  8 11:20:32 2004
+++ userstat.pl	Sat May  8 11:21:49 2004
@@ -52,6 +52,9 @@
 my $html=qq|<a href="_URL_" target="_blank" style="text-decoration: none">|.
          qq|<font color="_COLOR_">_TEXT_</font></a>|;
 
+# filter out dangerous characters
+$user=~s/[\/\"\'\|\<\>\\\(\)\[\]\{\}\$\s;&]//g;
+
 if ($user ne "") {
    my $status=`$ow_cgidir/openwebmail-tool.pl -m -e $user`;
    if ($status =~ /has no mail/) {