diff --exclude='*~' --exclude='.*' -I '$Id:' -urN phprojekt-4.2.3.orig/chat/chat.php phprojekt-4.2.3/chat/chat.php
--- phprojekt-4.2.3.orig/chat/chat.php	2005-05-29 16:35:28.000000000 -0400
+++ phprojekt-4.2.3/chat/chat.php	2005-05-29 16:37:16.000000000 -0400
@@ -37,6 +37,7 @@
 function writetext () {
   global $chatfile, $user_name, $user_firstname, $content, $max_lines, $chat_time, $chat_names, $chat_direction;
   // small irc hack - replace /me with the username 
+  $content = htmlentities(strip_tags($content));
   $content = ereg_replace('/me',$user_firstname,$content);    
    
   // add time to new line       
@@ -211,4 +212,4 @@
 elseif ($mode == "alive") { alive(); }
 elseif ($mode == 'check') { check(); }
 
-?>
\ No newline at end of file
+?>