From 183ad07bc2625534a7964f7ee75a7e6dd461b5c3 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sat, 5 Aug 2006 13:07:21 +0100 Subject: [PATCH] sanitize title/comments/link too --- functions.php | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/functions.php b/functions.php index 133a8ccf9..d1212499b 100644 --- a/functions.php +++ b/functions.php @@ -531,11 +531,11 @@ } # sanitize content - $entry_content = preg_replace('//i', - "

", $entry_content); - - $entry_content = preg_replace('/<\/script>/i', - "

", $entry_content); + + $entry_content = sanitize_rss($entry_content); + $entry_title = sanitize_rss($entry_title); + $entry_link = sanitize_rss($entry_link); + $entry_comments = sanitize_rss($entry_comments); db_query($link, "BEGIN"); @@ -2309,4 +2309,15 @@ } } + function sanitize_rss($str) { + $res = ""; + + $res = preg_replace('//i', + "

", $str); + + $res = preg_replace('/<\/script>/i', + "

", $res); + + return $res; + } ?>