2 files changed, 12 insertions, 10 deletions

diff --git a/includes/function.inc b/includes/function.inc
index adcb4c518..71276e780 100644
--- a/includes/function.inc
+++ b/includes/function.inc
@@ -17,8 +17,14 @@ function discussion_score($comment) {
   return (strpos($value, ".")) ? substr($value ."00", 0, 4) : $value .".00";
 }
 
-function check_field($message) {
-  return str_replace("\"", """, stripslashes($message));
+function check_textfield($message) {
+  global $allowed_html;
+  return strip_tags(str_replace("\"", """, stripslashes($message)), $allowed_html);
+}
+
+function check_textarea($message) {
+  global $allowed_html;
+  return htmlspecialchars(strip_tags(stripslashes($message), $allowed_html));
 }
 
 function check_input($message) {
diff --git a/includes/theme.inc b/includes/theme.inc
index c799a0f3c..d6a4dd3e4 100644
--- a/includes/theme.inc
+++ b/includes/theme.inc
@@ -98,17 +98,13 @@ function theme_morelink($theme, $story) {
 function theme_moderation_results($theme, $story) {
   global $user;
 
-  if ($user->id && $story->id && $vote = user_getHistory($user->history, "s$story->id")) {
-    $output .= "<P><B>You voted `$vote'.</B></P>\n";
-    $output .= "<P>\n";
-    $output .= "<B>Other people voted:</B><BR>\n";
-
-    $result = db_query("SELECT * FROM users WHERE id != $user->id AND history LIKE '%s$story->id%'");
+  if ($user->id && $story->id && ($user->id == $story->author || user_getHistory($user->history, "s$story->id"))) {
+    $result = db_query("SELECT * FROM users WHERE history LIKE '%s$story->id%'");
     while ($account = db_fetch_object($result)) {
-      $output .= "". format_username($account->userid) ." voted `". user_getHistory($account->history, "s$story->id") ."'.<BR>";
+      $output .= format_username($account->userid) ." voted `". user_getHistory($account->history, "s$story->id") ."'.<BR>";
     }
     
-    $theme->box("Moderation results", $output);
+    $theme->box("Moderation results", ($output ? $output : "This story has not been moderated yet."));
   }
 }