From d8abe105ec04b7750fcd119bf79edb2b01808cd7 Mon Sep 17 00:00:00 2001
From: JediKev <kevin@enhancesoft.com>
Date: Fri, 20 Jul 2018 11:06:30 -0500
Subject: [PATCH] issue: TextThreadEntryBody Sanitize

This addresses an issue introduced with a3d896c where TextThreadEntryBodies
are not keeping their new line characters causing the email format to appear
wonky. This balances the entry and then htmlchars it to ensure no XSS.
---
 include/class.thread.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/class.thread.php b/include/class.thread.php
index 082e2536a..bcc3deb6a 100644
--- a/include/class.thread.php
+++ b/include/class.thread.php
@@ -2191,7 +2191,7 @@ class TextThreadEntryBody extends ThreadEntryBody {
     }
 
     function getClean() {
-        return  Format::htmlchars(Format::stripEmptyLines(parent::getClean()), true);
+        return Format::htmlchars(Format::html_balance(Format::stripEmptyLines(parent::getClean())));
     }
 
     function prepend($what) {
-- 
GitLab