diff options
author | Jason Oster <parasytic@users.sourceforge.net> | 2009-02-13 20:52:28 +0000 |
---|---|---|
committer | Jason Oster <parasytic@users.sourceforge.net> | 2009-02-13 20:52:28 +0000 |
commit | f6da67d1980df72e6442f6014012a88103e100ba (patch) | |
tree | 5dce8684754d35d3081c51c07317b192bfc368dc /includes/event.php | |
parent | 665b2657ec42ddcc4bdfcc8fab24de56cab511ca (diff) | |
download | phpicalendar-f6da67d1980df72e6442f6014012a88103e100ba.tar.gz phpicalendar-f6da67d1980df72e6442f6014012a88103e100ba.tar.bz2 phpicalendar-f6da67d1980df72e6442f6014012a88103e100ba.zip |
Fix potential XSS issue
Diffstat (limited to 'includes/event.php')
-rw-r--r-- | includes/event.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/includes/event.php b/includes/event.php index 150a0e4..ae9df5c 100644 --- a/includes/event.php +++ b/includes/event.php @@ -27,9 +27,9 @@ if ($_POST['time'] == -1) { if ($start != $end) $event_times = "$start - $end"; } -$event['event_text'] = urldecode($event['event_text']); -$event['description'] = urldecode($event['description']); -$event['location'] = urldecode($event['location']); +$event['event_text'] = sanitizeForWeb(urldecode($event['event_text'])); +$event['description'] = sanitizeForWeb(urldecode($event['description'])); +$event['location'] = sanitizeForWeb(urldecode($event['location'])); $display =''; if (isset($event['description'])) $event['description'] = ereg_replace("[[:alpha:]]+://[^<>[:space:]]+[[:alnum:]/]",'<a target="_new" href="\0">\0</a>',$event['description']); |