From d48d160c64f104785a6a52372271100e1a9803c6 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@bah.spb.su>
Date: Sat, 5 Aug 2006 13:00:01 +0100
Subject: disable scripts in rss entry content

---
 functions.php | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'functions.php')

diff --git a/functions.php b/functions.php
index 2e65f7a35..133a8ccf9 100644
--- a/functions.php
+++ b/functions.php
@@ -530,6 +530,13 @@
 
 				}
 
+				# sanitize content
+				$entry_content = preg_replace('/<script.*?>/i', 
+					"<p class=\"scriptWarn\">", $entry_content);
+
+				$entry_content = preg_replace('/<\/script>/i', 
+					"</p>", $entry_content);
+
 				db_query($link, "BEGIN");
 
 				if (db_num_rows($result) == 0) {
-- 
cgit v1.2.3