From f6da67d1980df72e6442f6014012a88103e100ba Mon Sep 17 00:00:00 2001
From: Jason Oster <parasytic@users.sourceforge.net>
Date: Fri, 13 Feb 2009 20:52:28 +0000
Subject: Fix potential XSS issue

---
 includes/event.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'includes')

diff --git a/includes/event.php b/includes/event.php
index 150a0e4..ae9df5c 100644
--- a/includes/event.php
+++ b/includes/event.php
@@ -27,9 +27,9 @@ if ($_POST['time'] == -1) {
 	if ($start != $end) $event_times = "$start - $end";
 }
 
-$event['event_text']  = urldecode($event['event_text']);
-$event['description'] = urldecode($event['description']);
-$event['location']    = urldecode($event['location']);
+$event['event_text']  = sanitizeForWeb(urldecode($event['event_text']));
+$event['description'] = sanitizeForWeb(urldecode($event['description']));
+$event['location']    = sanitizeForWeb(urldecode($event['location']));
 $display ='';
 if (isset($event['description'])) $event['description'] = ereg_replace("[[:alpha:]]+://[^<>[:space:]]+[[:alnum:]/]",'<a target="_new" href="\0">\0</a>',$event['description']);
 
-- 
cgit v1.2.3