mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 11:09:18 +02:00
b0632b4772
HTML-escaping at write time stores &, < etc. in the DB, corrupting full-text search, tag matching, exports, and any non-HTML consumer. PDO parameterised queries already prevent SQL injection; templates call htmlspecialchars() on output. sanitize_string() now does strip_tags(trim()) only — matching the pattern already used by edit.php which never had this bug. Also deleted the dead $problematique variable (read from POST[problématique] but never passed to any INSERT or used anywhere in the codebase).