From 6695b4a203ab03941c8b3305a3e55cc02b85a5ac Mon Sep 17 00:00:00 2001
From: Mike Macgirvin <mike@macgirvin.com>
Date: Mon, 19 Jul 2010 06:58:03 -0700
Subject: more bugs

---
 boot.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'boot.php')

diff --git a/boot.php b/boot.php
index 1a60ee173..56d85f638 100644
--- a/boot.php
+++ b/boot.php
@@ -205,12 +205,10 @@ function notags($string) {
 	return(str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string));
 }}
 
-// The PHP built-in tag escape function has traditionally been buggy
 if(! function_exists('escape_tags')) {
 function escape_tags($string) {
-	return(str_replace(
-		array('&', '"', "'", '<', '>'), 
-		array('&amp;', '&quot;', '&#39;', '&lt;', '&gt;'), $string));
+
+	return(htmlspecialchars($string));
 }}
 
 if(! function_exists('login')) {
-- 
cgit v1.2.3