@ -66,7 +66,7 @@
$row = mysql_fetch_assoc($res);
$_REQUEST['userid'] = $row['id'];
} else {
printf(_("No users found matching %s"), $email);
printf(_("No users found matching %s"), sanitizeHTML($email));
}