From 3c4bef0f5ae67647fa94a14b03beaca688d1b779 Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Sat, 26 Sep 2015 23:13:02 +0200 Subject: [PATCH] Properly remove bad characters from subject --- wcfsetup/install/files/lib/form/MessageForm.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wcfsetup/install/files/lib/form/MessageForm.class.php b/wcfsetup/install/files/lib/form/MessageForm.class.php index 9da2da41d1..2c84625a35 100644 --- a/wcfsetup/install/files/lib/form/MessageForm.class.php +++ b/wcfsetup/install/files/lib/form/MessageForm.class.php @@ -197,7 +197,7 @@ abstract class MessageForm extends AbstractCaptchaForm { public function readFormParameters() { parent::readFormParameters(); - if (isset($_POST['subject'])) $this->subject = StringUtil::trim($_POST['subject']); + if (isset($_POST['subject'])) $this->subject = StringUtil::trim(MessageUtil::stripCrap($_POST['subject'])); if (isset($_POST['text'])) $this->text = StringUtil::trim(MessageUtil::stripCrap($_POST['text'])); // settings -- 2.20.1