![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png){kind=small}
![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] http://bugs.dwscoalition.org/show_bug.cgi?id=1646
[commit: http://hg.dwscoalition.org/dw-free/rev/fd11f5ad7f30]
http://bugs.dwscoalition.org/show_bug.cgi?id=1646
Properly escape contents of PMs in the inbox.
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
exor674.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=1646
Properly escape contents of PMs in the inbox.
Patch by
exor674.Files modified:
- htdocs/inbox/compose.bml
--------------------------------------------------------------------------------
diff -r 1ea657a66375 -r fd11f5ad7f30 htdocs/inbox/compose.bml
--- a/htdocs/inbox/compose.bml Sun Sep 13 12:21:01 2009 +0800
+++ b/htdocs/inbox/compose.bml Sun Sep 13 04:29:21 2009 +0000
@@ -252,12 +252,12 @@ body<=
name => 'msg_subject',
size => '50',
value => $POST{'msg_subject'} || $msg_subject,
- class => 'subj-t'
+ class => 'subj-t'
});
$body .= "</p>\n";
$body .= "<div class='msg_txt'>";
$body .= "<textarea name='msg_body' rows=6 cols=55 wrap=soft>";
- $body .= $POST{'msg_body'} || $msg_body;
+ $body .= LJ::ehtml( $POST{'msg_body'} || $msg_body );
$body .= "</textarea><br />";
$body .= "<span class='helper'>Up to " . LJ::commafy($msg_limit) . " characters. Plain text, no HTML.";
$body .= "</span></div>\n";
--------------------------------------------------------------------------------