From 87916cf8bba9ffcc24d4c532d621f97b9f797611 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Thu, 8 Mar 2001 17:30:41 +0000
Subject: - small bugfix

---
 includes/comment.inc | 3 +++
 submit.php           | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/includes/comment.inc b/includes/comment.inc
index 9cc66fa3f..9dc3f5570 100644
--- a/includes/comment.inc
+++ b/includes/comment.inc
@@ -93,6 +93,9 @@ function comment_reply($pid, $id) {
 function comment_preview($pid, $id, $subject, $comment) {
   global $allowed_html, $link, $REQUEST_URI, $theme, $user;
 
+  $subject = check_output($subject);
+  $comment = check_output($comment);
+
   // Preview comment:
   comment_view(new Comment($user->userid, $subject, $comment, time(), $user->url, $user->fake_email, 0, 0, 0, 0), t("reply to this comment"));
 
diff --git a/submit.php b/submit.php
index a8d3b0bde..ce86014d4 100644
--- a/submit.php
+++ b/submit.php
@@ -46,6 +46,10 @@ function submit_preview($subject, $abstract, $article, $section) {
 
   include "includes/story.inc";
 
+  $subject = check_output($subject);
+  $article = check_output($article);
+  $abstract = check_output($abstract);
+
   $output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n";
 
   $output .= "<B>". t("Your name") .":</B><BR>\n";
-- 
cgit v1.2.3