diff options
| author | Andrew Dolgov <[email protected]> | 2006-09-21 04:55:02 +0100 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2006-09-21 04:55:02 +0100 |
| commit | a262b161f99cdc5cadb6571941c324f53bb3543e (patch) | |
| tree | 593e60f98267b862a5618d27aafc6d2e246f573b /backend.php | |
| parent | 8bde41c35f8677a8680a1b183c8c780fd793dc89 (diff) | |
disable html objects in article content, breaks layout
Diffstat (limited to 'backend.php')
| -rw-r--r-- | backend.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/backend.php b/backend.php index e4329a26c..ebbf33a68 100644 --- a/backend.php +++ b/backend.php @@ -650,6 +650,8 @@ $line["content"] = preg_replace("/href=/i", "target=\"_new\" href=", $line["content"]); } + $line["content"] = sanitize_rss($line["content"]); + print $line["content"] . "</div>"; print "</div>"; @@ -1335,13 +1337,13 @@ print "</td>"; - $auth_login = db_fetch_result($result, 0, "auth_login"); + $auth_login = escape_for_form(db_fetch_result($result, 0, "auth_login")); print "<tr><td>Login:</td>"; print "<td><input class=\"iedit\" onkeypress=\"return filterCR(event)\" name=\"auth_login\" value=\"$auth_login\"></td></tr>"; - $auth_pass = db_fetch_result($result, 0, "auth_pass"); + $auth_pass = escape_for_form(db_fetch_result($result, 0, "auth_pass")); print "<tr><td>Password:</td>"; print "<td><input class=\"iedit\" type=\"password\" name=\"auth_pass\" |