From 298e8d068cc7196e8eee497b3101671a73e437ce Mon Sep 17 00:00:00 2001 From: David Anderson Date: Thu, 17 Jul 2003 21:25:36 +0000 Subject: [PATCH] Now sanitizes the user response fields before displaying them in summary form. svn path=/trunk/boinc/; revision=1713 --- html/user/gallery.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/html/user/gallery.inc b/html/user/gallery.inc index 25773655f8..a3a3283a49 100755 --- a/html/user/gallery.inc +++ b/html/user/gallery.inc @@ -2,6 +2,7 @@ require_once("project_specific/project.inc"); require_once("profile.inc"); +require_once("sanitize_html.inc"); // Generates the html files which comprise the photo gallery. // $room: which gallery to generate (user, computer). @@ -301,7 +302,7 @@ function get_profile_summary($userid) { if (strlen($row['response1']) != 0) { - $description = "(\"" . substr($row['response1'], 0, MAX_DESC_LENGTH); + $description = "(\"" . sanitize_html(substr($row['response1'], 0, MAX_DESC_LENGTH)); if (strlen($row['response1']) >= MAX_DESC_LENGTH) { $description = $description . "..."; }