X-Git-Url: https://ruin.nu/git/?a=blobdiff_plain;f=forum.pl;h=fdd8f1ade58f2018841f5789e8467be0063e9af1;hb=687ed44cda4235e8271eb48b8f49a13504978185;hp=30bd3abe7e9882f25a648695426b21008fbefe02;hpb=2a0730763283fb04dd842b4011b15da8ee9206c7;p=ndwebbie.git

diff --git a/forum.pl b/forum.pl
index 30bd3ab..fdd8f1a 100644
--- a/forum.pl
+++ b/forum.pl
@@ -51,7 +51,7 @@ if (defined param('cmd') && param('cmd') eq 'submit'){
 	$DBH->begin_work;
 	if ($board && $board->{post}){
 		my $insert = $DBH->prepare(q{INSERT INTO forum_threads (fbid,subject) VALUES($1,$2)});
-		if ($insert->execute($board->{id},param('subject'))){
+		if ($insert->execute($board->{id},escapeHTML(param('subject')))){
 			$thread = $DBH->selectrow_hashref($findThread,undef,
 				$DBH->last_insert_id(undef,undef,undef,undef,"forum_threads_ftid_seq"),$ND::UID)
 				or $ERROR .= p($DBH->errstr);