From 6df3dc8489ac4105e2a8e41899227991537489e2 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Fri, 28 Dec 2018 22:34:30 +0100
Subject: questions: Don't strip content from messages

closes #545 ("=" removed in Questions & Answers)
---
 includes/view/Questions_view.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'includes/view')

diff --git a/includes/view/Questions_view.php b/includes/view/Questions_view.php
index 29629074..4d57edf9 100644
--- a/includes/view/Questions_view.php
+++ b/includes/view/Questions_view.php
@@ -12,12 +12,12 @@ function Questions_view($open_questions, $answered_questions, $ask_action)
         $question['actions'] = form([
             form_submit('submit', __('delete'), 'btn-default btn-xs')
         ], page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']]));
-        $question['Question'] = str_replace("\n", '<br />', $question['Question']);
+        $question['Question'] = nl2br(htmlspecialchars($question['Question']));
     }
 
     foreach ($answered_questions as &$question) {
-        $question['Question'] = str_replace("\n", '<br />', $question['Question']);
-        $question['Answer'] = str_replace("\n", '<br />', $question['Answer']);
+        $question['Question'] = nl2br(htmlspecialchars($question['Question']));
+        $question['Answer'] = nl2br(htmlspecialchars($question['Answer']));
         $question['actions'] = form([
             form_submit('submit', __('delete'), 'btn-default btn-xs')
         ], page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']]));
-- 
cgit v1.2.3-54-g00ecf