case "subject":
$text = stripslashes($text);
case "subject":
$text = stripslashes($text);
+ $text = html_entities($text);
return banana_catchFormats($text);
default:
return banana_catchFormats($text);
default:
if (function_exists('hook_formatDisplayHeader')) {
list($subject, $link) = hook_formatDisplayHeader('subject', $subject, true);
} else {
if (function_exists('hook_formatDisplayHeader')) {
list($subject, $link) = hook_formatDisplayHeader('subject', $subject, true);
} else {
- $subject = banana_catchFormats(stripslashes($subject));
+ $subject = banana_catchFormats(banana_htmlentities(stripslashes($subject)));
$link = null;
}
if (empty($subject)) {
$link = null;
}
if (empty($subject)) {