From f01c8ec4f1324ed8b68e912220735af96c86883c Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sun, 17 Mar 2013 14:55:55 +0400
Subject: prevent absolutely useless 'exploit' (not really) while editing
 filters (closes #572)

---
 classes/pref/filters.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'classes/pref')

diff --git a/classes/pref/filters.php b/classes/pref/filters.php
index 74a29c619..20abae1d0 100644
--- a/classes/pref/filters.php
+++ b/classes/pref/filters.php
@@ -372,7 +372,7 @@ class Pref_Filters extends Handler_Protected {
 			WHERE id = ".(int)$rule["filter_type"]);
 		$match_on = db_fetch_result($result, 0, "description");
 
-		return T_sprintf("%s on %s in %s", $rule["reg_exp"], $match_on, $feed);
+		return T_sprintf("%s on %s in %s", strip_tags($rule["reg_exp"]), $match_on, $feed);
 	}
 
 	function printRuleName() {
-- 
cgit v1.2.3