diff options
| author | Mike Macgirvin <mike@macgirvin.com> | 2010-07-19 06:58:03 -0700 |
|---|---|---|
| committer | Mike Macgirvin <mike@macgirvin.com> | 2010-07-19 06:58:03 -0700 |
| commit | 6695b4a203ab03941c8b3305a3e55cc02b85a5ac (patch) | |
| tree | 47af4ee89d71b4c0584ae30da1883d5ae9e933a2 /boot.php | |
| parent | bbe53699f26bfa4e4d17da097fd8f2fc14da47dd (diff) | |
| download | volse-hubzilla-6695b4a203ab03941c8b3305a3e55cc02b85a5ac.tar.gz volse-hubzilla-6695b4a203ab03941c8b3305a3e55cc02b85a5ac.tar.bz2 volse-hubzilla-6695b4a203ab03941c8b3305a3e55cc02b85a5ac.zip | |
more bugs
Diffstat (limited to 'boot.php')
| -rw-r--r-- | boot.php | 6 |
1 files changed, 2 insertions, 4 deletions
@@ -205,12 +205,10 @@ function notags($string) { return(str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string)); }} -// The PHP built-in tag escape function has traditionally been buggy if(! function_exists('escape_tags')) { function escape_tags($string) { - return(str_replace( - array('&', '"', "'", '<', '>'), - array('&', '"', ''', '<', '>'), $string)); + + return(htmlspecialchars($string)); }} if(! function_exists('login')) { |