diff --git a/html/user/gallery.inc b/html/user/gallery.inc index 25773655f8..a3a3283a49 100755 --- a/html/user/gallery.inc +++ b/html/user/gallery.inc @@ -2,6 +2,7 @@ require_once("project_specific/project.inc"); require_once("profile.inc"); +require_once("sanitize_html.inc"); // Generates the html files which comprise the photo gallery. // $room: which gallery to generate (user, computer). @@ -301,7 +302,7 @@ function get_profile_summary($userid) { if (strlen($row['response1']) != 0) { - $description = "(\"" . substr($row['response1'], 0, MAX_DESC_LENGTH); + $description = "(\"" . sanitize_html(substr($row['response1'], 0, MAX_DESC_LENGTH)); if (strlen($row['response1']) >= MAX_DESC_LENGTH) { $description = $description . "..."; }