From a2f280e3590cc3b0b9d9b9abd7183160efadd43d Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Mon, 9 Nov 2015 13:47:31 +0100 Subject: [news.inc.php] fix newline not beeing escaped properly --- apis/news.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'apis') diff --git a/apis/news.inc.php b/apis/news.inc.php index ace41b21..610db289 100644 --- a/apis/news.inc.php +++ b/apis/news.inc.php @@ -9,10 +9,10 @@ if ($row !== false ) { echo '' . "\n"; echo "" . "\n"; echo "\t" . '' . "\n"; - echo "\t\t" . $row['title'] . "\n"; + echo "\t\t" . htmlspecialchars($row['title']) . "\n"; echo "\t" . '' . "\n"; echo "\t" . "" . "\n"; - echo "\t\t" . $row['content'] . "\n"; + echo "\t\t" . htmlspecialchars(nl2br($row['content'])) . "\n"; echo "\t" . '' . "\n"; echo "\t" . "" . "\n"; echo "\t\t" . $row['dateline'] . "\n"; -- cgit v1.2.3-55-g7522