diff --git a/includes/account.php b/includes/account.php
index fab3118..fcdc4b4 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -74,7 +74,7 @@
 		sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
 
 		showheader(_("My CAcert.org Account!"));
-		printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_REQUEST['email']);
+		printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), sanitizeHTML($_REQUEST['email']));
 		showfooter();
 		exit;
 	}
@@ -274,7 +274,7 @@
 			fputs($fp, $emails);
 			fclose($fp);
 			mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
-		} else if($_REQUEST['keytype'] == "MS") {
+		} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
 			if($csr == "")
 				$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."-----END CERTIFICATE REQUEST-----\n";
 			$tmpfname = tempnam("/tmp", "CSR");
@@ -332,7 +332,7 @@
 				showfooter();
 				exit;
 			}
-			$query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='MS',
+			$query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
 						`memid`='".$_SESSION['profile']['id']."',
 						`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
 						`subject`='".mysql_real_escape_string($csrsubject)."',
@@ -1232,7 +1232,7 @@
 			fputs($fp, $emails);
 			fclose($fp);
 			mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
-		} else if($_REQUEST['keytype'] == "MS") {
+		} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
 			$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."-----END CERTIFICATE REQUEST-----\n";
 			$tmpfname = tempnam("/tmp", "CSR");
 			$fp = fopen($tmpfname, "w");
@@ -1279,7 +1279,7 @@
 				showfooter();
 				exit;
 			}
-			$query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='MS',
+			$query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
 						`orgid`='".$org['orgid']."',
 						`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
 						`subject`='$csrsubject',