From d1bc63d07ad88a143358cacd2c417891eea74dcc Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Mon, 27 Nov 2023 22:56:38 +0100
Subject: [PATCH] Fix forum XSS

---
 system/pages/forum/edit_post.php  | 4 ++++
 system/pages/forum/new_thread.php | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/system/pages/forum/edit_post.php b/system/pages/forum/edit_post.php
index 6c002431..11c96287 100644
--- a/system/pages/forum/edit_post.php
+++ b/system/pages/forum/edit_post.php
@@ -37,6 +37,10 @@ if(Forum::canPost($account_logged))
 				$smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0;
 				$html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0;
 
+				if (!superAdmin()) {
+					$html = 0;
+				}
+
 				$length = strlen($post_topic);
 				if(($length < 1 || $length > 60) && $thread['id'] == $thread['first_post'])
 					$errors[] = "Too short or too long topic (Length: $length letters). Minimum 1 letter, maximum 60 letters.";
diff --git a/system/pages/forum/new_thread.php b/system/pages/forum/new_thread.php
index 75980a05..0369852a 100644
--- a/system/pages/forum/new_thread.php
+++ b/system/pages/forum/new_thread.php
@@ -26,6 +26,11 @@ if(Forum::canPost($account_logged))
 			$post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : '';
 			$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
 			$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
+
+			if (!superAdmin()) {
+				$html = 0;
+			}
+
 			$saved = false;
 			if (isset($_REQUEST['save'])) {
 				$length = strlen($post_topic);