CSRF issue in the plugin 'Blog'

intelliants · Jun 30, 2017 · 4abfe96 · 4abfe96
1 parent 023dffe
commit 4abfe96
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/modules/blog/index.php b/modules/blog/index.php
@@ -89,7 +89,7 @@
                     $messages[] = iaLanguage::get('title_is_empty');
                 }
 
-                $entry['body'] = $_POST['body'];
+                $entry['body'] = iaUtil::safeHTML($_POST['body']);
                 utf8_is_valid($entry['body']) || $entry['body'] = utf8_bad_replace($entry['body']);
 
                 if (empty($entry['body'])) {