--- userstat.pl.orig	Sat Jan 31 10:03:22 2004
+++ userstat.pl	Sat Jan 31 10:07:36 2004
@@ -52,6 +52,7 @@
 my $html=qq|<a href="_URL_" target="_blank" style="text-decoration: none">|.
          qq|<font color="_COLOR_">_TEXT_</font></a>|;
 
+$user=~s/[&;\`\<\>\(\)\{\}\[\]\s]//g;	# remove shell escape char
 if ($user ne "") {
    my $status=`$ow_cgidir/openwebmail-tool.pl -m -e $user`;
    if ($status =~ /has no mail/) {
@@ -79,6 +80,8 @@
          $html=~s|_TEXT_|$text{'has_mail'}|;
       }
    }
+   $html=~s|_COLOR_|#000000|;
+   $html=~s|_TEXT_|Open WebMail|;
    $html=~s/_USER_/$user/g;
    $html=~s/'/\\'/g;