Permalink
Browse files

More anti-hackage

  • Loading branch information...
danbeam committed May 13, 2011
1 parent 33c70e3 commit 3585c930029b52444f6bf2cdc25869942b50bb15
Showing with 2 additions and 2 deletions.
  1. +2 −2 html/pages/subtitle.php
View
@@ -111,9 +111,9 @@ function trackSubs(){
<div>
<form method="POST">
- <div>Title: <input type="text" name="title" value="<?= $sub['title'] ?>"></div>
+ <div>Title: <input type="text" name="title" value="<?php echo htmlentities($sub['title'], 'UTF-8', true); ?>"></div>
<p>Subtitles: <span style="font-size:12px;">See the '<a href="/1">Vuvuzela</a>' video for a sample of formatting.</a> </p>
- <div><textarea id="textarea-subs" name="subs"><?= $sub['subs'] ?></textarea></div>
+ <div><textarea id="textarea-subs" name="subs"><?php echo htmlentities($sub['subs'], ENT_COMPAT, 'UTF-8', true); ?></textarea></div>
<br />
<div style="text-align:center;">
<input type="submit" value="Save" style="font-size:20px;">

0 comments on commit 3585c93

Please sign in to comment.