diff options
| author | Andrew Dolgov <[email protected]> | 2006-08-05 13:07:21 +0100 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2006-08-05 13:07:21 +0100 |
| commit | 183ad07bc2625534a7964f7ee75a7e6dd461b5c3 (patch) | |
| tree | 0f56fd85e90fb80329478d257543e46568e28117 | |
| parent | b1524dc6055cbcf93df5bcd9fbfdb4f506f0efc4 (diff) | |
sanitize title/comments/link too
| -rw-r--r-- | functions.php | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/functions.php b/functions.php index 133a8ccf9..d1212499b 100644 --- a/functions.php +++ b/functions.php @@ -531,11 +531,11 @@ } # sanitize content - $entry_content = preg_replace('/<script.*?>/i', - "<p class=\"scriptWarn\">", $entry_content); - - $entry_content = preg_replace('/<\/script>/i', - "</p>", $entry_content); + + $entry_content = sanitize_rss($entry_content); + $entry_title = sanitize_rss($entry_title); + $entry_link = sanitize_rss($entry_link); + $entry_comments = sanitize_rss($entry_comments); db_query($link, "BEGIN"); @@ -2309,4 +2309,15 @@ } } + function sanitize_rss($str) { + $res = ""; + + $res = preg_replace('/<script.*?>/i', + "<p class=\"scriptWarn\">", $str); + + $res = preg_replace('/<\/script>/i', + "</p>", $res); + + return $res; + } ?> |