diff --git a/mod/parse_url.php b/mod/parse_url.php index cf52011f15..66ad1e57ce 100644 --- a/mod/parse_url.php +++ b/mod/parse_url.php @@ -327,12 +327,14 @@ function parse_url_content(&$a) { if($url && $title && $text) { + $title = str_replace(array("\r","\n"),array('',''),$title); + if($textmode) $text = '[quote]' . trim($text) . '[/quote]' . $br; - else - $text = '
' . trim($text) . '

'; - - $title = str_replace(array("\r","\n"),array('',''),$title); + else { + $text = '
' . htmlspecialchars(trim($text)) . '

'; + $title = htmlspecialchars($title); + } $result = sprintf($template,$url,($title) ? $title : $url,$text) . $str_tags; @@ -381,7 +383,7 @@ function parse_url_content(&$a) { if($textmode) $text = '[quote]'.trim($text).'[/quote]'; else - $text = '
'.trim($text).'
'; + $text = '
'.htmlspecialchars(trim($text)).'
'; } if($image) {