allow html in body of posts

diff --git a/cx/cx.php b/cx/cx.php
index cbe76468bab4432e471107ddafcdb75c08b96be2..a47714b63cfe2929e0a80bb602d2789b1e01d05d 100644 (file)
--- a/cx/cx.php
+++ b/cx/cx.php
@@ -125,7 +125,7 @@ function cx_route($path) {
                                        $date = cx_form_input_sanitized_date_time('post_date');
                                        if (isset($date) == false) $date = null;
                                        $draft = cx_form_input_sanitized('post_is_draft') == 'draft';
-                                       $data = cx_form_input_sanitized('post_data');
+                                       $data = cx_form_input_sanitized_allowing_html('post_data');
                                        
                                        if (isset($_GET['id']) == false or $_GET['id'] == 0) {
                                                cx_posts_add_post(1, $title, $slug, $date, $draft, $data);

diff --git a/cx/lib/form.php b/cx/lib/form.php
index d5e4e5612adb698c522e26e05ddfa81b455ad6ad..dd7b60cd18f1a9bcf9d8ebe9a85911383f23a0d5 100644 (file)
--- a/cx/lib/form.php
+++ b/cx/lib/form.php
@@ -1,10 +1,19 @@
 <?php
 
 function cx_form_input_sanitized($name) {
+       $input = cx_form_input_sanitized_allowing_html($name);
+
+       if ($input != null) {
+               $input = strip_tags($input);
+       }
+       
+       return $input;
+}
+
+function cx_form_input_sanitized_allowing_html($name) {
        if (array_key_exists($name, $_POST)) {
                $insecure_input = $_POST[$name];
-               $tagless_input = strip_tags($insecure_input);
-               return $tagless_input;
+               return $insecure_input;
        } else {
                return null;
        }