From 3c669841192b5577a7c1a99e565be88dfad3be99 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Thu, 21 Mar 2013 10:06:36 -0400
Subject: [PATCH] Explicitly request stripping of tags when sanitizing thread
 entry.

---
 include/class.thread.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/class.thread.php b/include/class.thread.php
index 705ba5ec5..f45c0e518 100644
--- a/include/class.thread.php
+++ b/include/class.thread.php
@@ -542,8 +542,8 @@ Class ThreadEntry {
         $sql=' INSERT INTO '.TICKET_THREAD_TABLE.' SET created=NOW() '
             .' ,thread_type='.db_input($vars['type'])
             .' ,ticket_id='.db_input($vars['ticketId'])
-            .' ,title='.db_input(Format::sanitize($vars['title']))
-            .' ,body='.db_input(Format::sanitize($vars['body']))
+            .' ,title='.db_input(Format::sanitize($vars['title'], true))
+            .' ,body='.db_input(Format::sanitize($vars['body'], true))
             .' ,staff_id='.db_input($vars['staffId'])
             .' ,poster='.db_input($vars['poster'])
             .' ,source='.db_input($vars['source']);
-- 
GitLab