From a262b161f99cdc5cadb6571941c324f53bb3543e Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.spb.ru>
Date: Thu, 21 Sep 2006 04:55:02 +0100
Subject: disable html objects in article content, breaks layout

---
 backend.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'backend.php')

diff --git a/backend.php b/backend.php
index e4329a26c..ebbf33a68 100644
--- a/backend.php
+++ b/backend.php
@@ -650,6 +650,8 @@
 				$line["content"] = preg_replace("/href=/i", "target=\"_new\" href=", $line["content"]);
 			}
 
+			$line["content"] = sanitize_rss($line["content"]);
+
 			print $line["content"] . "</div>";
 			
 			print "</div>";
@@ -1335,13 +1337,13 @@
 			
 			print "</td>";
 
-			$auth_login = db_fetch_result($result, 0, "auth_login");
+			$auth_login = escape_for_form(db_fetch_result($result, 0, "auth_login"));
 
 			print "<tr><td>Login:</td>";
 			print "<td><input class=\"iedit\" onkeypress=\"return filterCR(event)\"
 				name=\"auth_login\" value=\"$auth_login\"></td></tr>";
 
-			$auth_pass = db_fetch_result($result, 0, "auth_pass");
+			$auth_pass = escape_for_form(db_fetch_result($result, 0, "auth_pass"));
 
 			print "<tr><td>Password:</td>";
 			print "<td><input class=\"iedit\" type=\"password\" name=\"auth_pass\" 
-- 
cgit v1.2.3