[svn r20659] Fixed bug when you add a comment and add an image with the FCKeditor, the image is not displayed - partial FS#4207

main/blog/blog.php

@@ -78,8 +78,8 @@ $current_page = $_GET['action'];
 
 $safe_post_title = Security::remove_XSS($_POST['post_title']);
 $safe_post_file_comment = Security::remove_XSS($_POST['post_file_comment']);
-$safe_post_full_text = Security::remove_XSS($_POST['post_full_text']);
-$safe_comment_text = Security::remove_XSS($_POST['comment_text']);
+$safe_post_full_text = Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['post_full_text'])), COURSEMANAGER);
+$safe_comment_text = Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['comment_text'])), COURSEMANAGER);
 $safe_comment_title = Security::remove_XSS($_POST['comment_title']);  
 $safe_task_name = Security::remove_XSS($_POST['task_name']);
 $safe_task_description = Security::remove_XSS($_POST['task_description']);

main/inc/introductionSection.inc.php

@@ -63,7 +63,7 @@ if ($intro_editAllowed) {
 		if ( $form->validate()) {
 			
 			$form_values = $form->exportValues();
-			$intro_content = $form_values['intro_content'];
+			$intro_content = Security::remove_XSS(stripslashes(api_html_entity_decode($form_values['intro_content'])), COURSEMANAGER);
 			
 			if ( ! empty($intro_content) ) {
 				$sql = "REPLACE $TBL_INTRODUCTION SET id='$moduleId',intro_text='".Database::escape_string($intro_content)."'";