diff --git a/main/chat/chat.php b/main/chat/chat.php
index b1d94ccdef..b1e10fe7bd 100755
--- a/main/chat/chat.php
+++ b/main/chat/chat.php
@@ -79,7 +79,7 @@ if (api_get_setting('show_navigation_menu') != 'false') {
 			break;
 	}
 }
-$cidreq = $_GET['cidReq'];
+$cidreq = Security::remove_XSS($_GET['cidReq']);
 
 ?>
 <!DOCTYPE html
@@ -103,7 +103,7 @@ if (api_get_setting('show_navigation_menu') == 'false' || !empty($open_chat_wind
 }
 echo '<frame src="chat_whoisonline.php?cidReq='.$cidreq.'" name="chat_whoisonline" scrolling="auto">';
 echo'<frameset rows="25,15" border="1" frameborder="1" framespacing="1">';
-echo '<frame src="chat_chat.php?origin='.$_GET["origin"].'&target='.$_GET["target"].'&amp;cidReq='.$cidreq.'" name="chat_chat" scrolling="auto">';
+echo '<frame src="chat_chat.php?origin='.Security::remove_XSS($_GET['origin']).'&target='.Security::remove_XSS($_GET['target']).'&amp;cidReq='.$cidreq.'" name="chat_chat" scrolling="auto">';
 echo '<frame src="chat_message.php?cidReq='.$cidreq.'" name="chat_message" scrolling="no">';
 echo '</frameset>';
 echo '<frame src="chat_hidden.php?cidReq='.$cidreq.'" name="chat_hidden" >';
diff --git a/main/chat/chat_banner.php b/main/chat/chat_banner.php
index 7154265c37..0a3f039030 100644
--- a/main/chat/chat_banner.php
+++ b/main/chat/chat_banner.php
@@ -5,7 +5,7 @@
  *	Chamilo banner
  *
  *	@author Olivier Brouckaert
- *	@chamilo chamilo.chat
+ *	@package chamilo.chat
  */
 
 $language_file = array ('chat');
@@ -13,11 +13,6 @@ require_once '../inc/global.inc.php';
 require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php';
 $this_section = SECTION_COURSES;
 
-//$interbreadcrumb[] = array ('url' => 'chat.php', 'name' => get_lang('Chat'));
-//$noPHP_SELF = true;
-//$shortBanner = false;
-//Display::display_header(null, 'Chat');
-
 $tool_name = get_lang('ToolChat');
 
 // If it is a group chat then the breadcrumbs.
diff --git a/main/chat/chat_chat.php b/main/chat/chat_chat.php
index 6d542542c7..8365c9473d 100644
--- a/main/chat/chat_chat.php
+++ b/main/chat/chat_chat.php
@@ -24,7 +24,7 @@ $group_id 	= intval($_SESSION['_gid']);
 if (!empty($course)) {
 	$reset = (bool)$_GET['reset'];
 	$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
-	$query = "SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
+	$query = "SELECT username FROM $tbl_user WHERE user_id='".intval($_user['user_id'])."'";
 	$result = Database::query($query);
 
 	list($pseudo_user) = Database::fetch_row($result);
@@ -70,7 +70,7 @@ if (!empty($course)) {
 	} else {
 		$filename_chat = 'messages-'.$date_now.'.log.html';
 	}
-
+	
 	if (!file_exists($chat_path.$filename_chat)) {
 		@fclose(fopen($chat_path.$filename_chat, 'w'));
 		if (!api_is_anonymous()) {
@@ -111,10 +111,14 @@ if (!empty($course)) {
 
 		update_existing_document($_course, $doc_id, 0);
 	}
-
-	$content = file($chat_path.$basename_chat.'.log.html');
-	$nbr_lines = sizeof($content);
-	$remove = $nbr_lines - 100;
+	
+	$remove = 0;
+	$content = array();
+	if (file_exists($chat_path.$basename_chat.'.log.html')) {
+		$content = file($chat_path.$basename_chat.'.log.html');
+		$nbr_lines = sizeof($content);
+		$remove = $nbr_lines - 100;
+	}
 
 	if ($remove < 0) {
 		$remove = 0;
@@ -128,7 +132,7 @@ if (!empty($course)) {
 	}
 	if ($_GET['origin'] == 'whoisonlinejoin') {   //the joiner (we have to delete the chat request to him when he joins the chat)
 		$track_user_table = Database::get_main_table(TABLE_MAIN_USER);
-		$sql = "update $track_user_table set chatcall_user_id = '', chatcall_date = '', chatcall_text='' where (user_id = ".$_user['user_id'].")";
+		$sql = "UPDATE $track_user_table set chatcall_user_id = '', chatcall_date = '', chatcall_text='' where (user_id = ".$_user['user_id'].")";
 		$result = Database::query($sql);
 	}
 
diff --git a/main/chat/chat_functions.lib.php b/main/chat/chat_functions.lib.php
index ceb3283fc1..cc2c979b11 100755
--- a/main/chat/chat_functions.lib.php
+++ b/main/chat/chat_functions.lib.php
@@ -1,17 +1,21 @@
 <?php
 /* For licensing terms, see /license.txt */
-
 /**
- * @author isaac flores paz
+ *	@package chamilo.chat
+ */
+ 
+/**
  * @param integer
  * @return void
  */
 function exit_of_chat($user_id) {
+	$user_id = intval($user_id);
 	$list_course = array();
  	$list_course = CourseManager::get_courses_list_by_user_id($user_id);
 
 	$group_id = intval($_SESSION['id_group']);
 	$session_id = intval($_SESSION['id_session']);
+	
 	$extra_condition = '';
 	if (!empty($group_id)) {
 		$extra_condition = " AND to_group_id = '$group_id'";
@@ -38,9 +42,11 @@ function exit_of_chat($user_id) {
 function user_connected_in_chat ($user_id, $database_name) {
  	$tbl_chat_connected = Database::get_course_chat_connected_table($database_name);
 
- 	$group_id = intval($_SESSION['id_group']);
+ 	$group_id 	= intval($_SESSION['id_group']);
 	$session_id = intval($_SESSION['id_session']);
+	$user_id 	= intval($user_id);
 	$extra_condition = '';
+	
 	if (!empty($group_id)) {
 		$extra_condition = " AND to_group_id = '$group_id'";
 	} else {
diff --git a/main/chat/chat_message.php b/main/chat/chat_message.php
index e9e5d83904..ae6abde8e0 100644
--- a/main/chat/chat_message.php
+++ b/main/chat/chat_message.php
@@ -16,6 +16,7 @@ $language_file = array('chat');
 
 require_once '../inc/global.inc.php';
 require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php';
+
 $course = api_get_course_id();
 $session_id = intval($_SESSION['id_session']);
 $group_id 	= intval($_SESSION['_gid']);
@@ -66,11 +67,11 @@ if (!empty($course) && !empty($_user['user_id'])) {
 	/*	Constants and variables */
 
 	$tbl_user	= Database::get_main_table(TABLE_MAIN_USER);
-	$sent = $_REQUEST['sent'];
+	$sent 		= $_REQUEST['sent'];
 
 	/*	MAIN CODE */
 
-	$query = "SELECT lastname, firstname, username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
+	$query = "SELECT lastname, firstname, username FROM $tbl_user WHERE user_id='".intval($_user['user_id'])."'";
 	$result = Database::query($query);
 
 	list($pseudo_user) = Database::fetch_row($result);
@@ -79,7 +80,7 @@ if (!empty($course) && !empty($_user['user_id'])) {
 	$isMaster = (bool)$is_courseAdmin;
 
 	$firstname = Database::result($result, 0, 'firstname');
-	$lastname = Database::result($result, 0, 'lastname');
+	$lastname  = Database::result($result, 0, 'lastname');
 
 	$date_now = date('Y-m-d');
 
@@ -243,7 +244,7 @@ if (!empty($course) && !empty($_user['user_id'])) {
 	<table border="0" cellpadding="5" cellspacing="0" width="100%">
 	<tr>
         <td width="320" valign="middle">
-        <textarea name="message" style="width: 320px; height: 35px" onkeydown="send_message(event);" onclick="javascript: insert_smile(this);"></textarea>
+        <textarea name="message" style="width: 500px; height: 35px" onkeydown="send_message(event);" onclick="javascript: insert_smile(this);"></textarea>
         </td>
         <td>
         <button type="submit" value="<?php echo get_lang('Send'); ?>" class="background_submit"><?php echo get_lang('Send'); ?></button>
@@ -287,5 +288,4 @@ if (!empty($course) && !empty($_user['user_id'])) {
     </form>
 <?php
 }
-
-require 'footer_frame.inc.php';
+require 'footer_frame.inc.php';
\ No newline at end of file