sanitize title/comments/link too

author Andrew Dolgov <fox@bah.spb.su>

Sat, 5 Aug 2006 12:07:21 +0000 (13:07 +0100)

committer Andrew Dolgov <fox@bah.spb.su>

Sat, 5 Aug 2006 12:07:21 +0000 (13:07 +0100)
author Andrew Dolgov <fox@bah.spb.su>
Sat, 5 Aug 2006 12:07:21 +0000 (13:07 +0100)
committer Andrew Dolgov <fox@bah.spb.su>
Sat, 5 Aug 2006 12:07:21 +0000 (13:07 +0100)
diff --git a/functions.php b/functions.php

index 133a8ccf9092a9039a70ebf80edc8afe6ea39734..d1212499ba5a4e461dc5341eb8d41b7f348baf1c 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -531,11 +531,11 @@
                                 }
  
                                 # sanitize content
-                               $entry_content = preg_replace('/<script.*?>/i', 
-                                       "<p class=\"scriptWarn\">", $entry_content);
-
-                               $entry_content = preg_replace('/<\/script>/i', 
-                                       "</p>", $entry_content);
+                               
+                               $entry_content = sanitize_rss($entry_content);
+                               $entry_title = sanitize_rss($entry_title);
+                               $entry_link = sanitize_rss($entry_link);
+                               $entry_comments = sanitize_rss($entry_comments);
  
                                 db_query($link, "BEGIN");
  
@@ -2309,4 +2309,15 @@
                 }
         }
  
+       function sanitize_rss($str) {
+               $res = "";
+
+               $res = preg_replace('/<script.*?>/i', 
+                                       "<p class=\"scriptWarn\">", $str);
+
+               $res = preg_replace('/<\/script>/i', 
+                       "</p>", $res);
+
+               return $res;
+       }
  ?>
author	Andrew Dolgov <fox@bah.spb.su>
	Sat, 5 Aug 2006 12:07:21 +0000 (13:07 +0100)
committer	Andrew Dolgov <fox@bah.spb.su>
	Sat, 5 Aug 2006 12:07:21 +0000 (13:07 +0100)