diff --git a/www/api/cemails.php b/www/api/cemails.php
index a2dd4eb..0d067ea 100644
--- a/www/api/cemails.php
+++ b/www/api/cemails.php
@@ -28,17 +28,17 @@
 	$query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
 	$row = mysql_fetch_assoc(mysql_query($query));
 	$points = $row['points'];
-	echo "CS=".$user['codesign']."\n";
+	echo "CS=".intval($user['codesign'])."\n";
 	echo "NAME=CAcert WoT User\n";
 	if($points >= 50)
 	{
-		echo "NAME=".$user['fname']." ".$user['lname']."\n";
+		echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])."\n";
 		if($user['mname'] != "")
-			echo "NAME=".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
+			echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])."\n";
 		if($user['suffix'] != "")
-			echo "NAME=".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
+			echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
 		if($user['mname'] != "" && $user['suffix'] != "")
-			echo "NAME=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
+			echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
 	}
 	$query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0";
 	$res = mysql_query($query);