From 79e227e5e523a6b5a417c2f8d2010d2a6d401401 Mon Sep 17 00:00:00 2001
From: David Anderson <davea@ssl.berkeley.edu>
Date: Sun, 27 Jul 2008 02:08:35 +0000
Subject: [PATCH] - web: escape text on edit thread title

svn path=/trunk/boinc/; revision=15687
---
 checkin_notes                              | 6 ++++++
 html/user/forum_moderate_thread_action.php | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/checkin_notes b/checkin_notes
index 507d50aa93..61895bb9f3 100644
--- a/checkin_notes
+++ b/checkin_notes
@@ -5978,3 +5978,9 @@ David  25 July 2008
         assimilator.C
     tools/
         pymw_setup
+
+David  25 July 2008
+    - web: escape text on edit thread title
+
+    html/user/
+        forum_moderate_thread_action.php
diff --git a/html/user/forum_moderate_thread_action.php b/html/user/forum_moderate_thread_action.php
index b32f306ccf..502f45a7c1 100644
--- a/html/user/forum_moderate_thread_action.php
+++ b/html/user/forum_moderate_thread_action.php
@@ -71,7 +71,7 @@ case "move":
     $action_name = "moved from $forum->title to $new_forum->title";
     break;
 case "title":
-    $title = post_str('newtitle');
+    $title = process_user_text(post_str('newtitle'));
     $result = $thread->update("title='$title'");
     $action_name = "renamed from '$thread->title' to '$title'";
     break;