From 012d5a47227ad80753fc1178ccc85c3b15dd5c09 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Fri, 28 Dec 2018 22:32:36 +0100
Subject: Don't strip characters from direct messages

---
 includes/pages/user_messages.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'includes/pages')

diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index 0ac554b8..ce496132 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -88,7 +88,7 @@ function user_messages()
                 'timestamp' => date('Y-m-d H:i', $message['Datum']),
                 'from'      => User_Nick_render($sender_user_source),
                 'to'        => User_Nick_render($receiver_user_source),
-                'text'      => str_replace("\n", '<br />', $message['Text'])
+                'text'      => nl2br(htmlspecialchars($message['Text']))
             ];
 
             if ($message['RUID'] == $user->id) {
@@ -167,7 +167,6 @@ function user_messages()
                 break;
 
             case 'send':
-                // @TODO: Validation?
                 if (Message_send($request->input('to'), $request->input('text'))) {
                     redirect(page_link_to('user_messages'));
                 } else {
-- 
cgit v1.2.3-54-g00ecf