diff --git a/report_message.php b/report_message.php index 3f95a9744d216cac354abea9ab7618f5a4a091fe..9508f53a17444f37bb8da796edfcb48f0d187113 100644 --- a/report_message.php +++ b/report_message.php @@ -13,13 +13,13 @@ $message = NULL; $report_body = NULL; if (isset($_POST["reported_message_id"])) { - $reported_message_id = $_POST["reported_message_id"]; + $reported_message_id = htmlspecialchars($_POST["reported_message_id"]); } else { header("Location: index.php"); } if (isset($_POST["report_body"]) && !empty($_POST["report_body"])) { - $report_body = $_POST["report_body"]; + $report_body = htmlspecialchars($_POST["report_body"]); } else { $errors = "report body shoudn't be empty"; }