From addd9f55e84f11737c75bef1ef1a36978e46402b Mon Sep 17 00:00:00 2001
From: Pierre HUBERT <pierre@mail.local>
Date: Mon, 20 Aug 2018 12:06:32 +0200
Subject: [PATCH] Escape security questions and answers

---
 RestControllers/SettingsController.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/RestControllers/SettingsController.php b/RestControllers/SettingsController.php
index ede5b69..1e36422 100644
--- a/RestControllers/SettingsController.php
+++ b/RestControllers/SettingsController.php
@@ -208,10 +208,10 @@ class SettingsController {
 		//Create a security settings object and fill it with the new information
 		$settings = new SecuritySettings();
 		$settings->set_id(userID);
-		$settings->set_security_question_1(postString("security_question_1", 0));
-		$settings->set_security_answer_1(postString("security_answer_1", 0));
-		$settings->set_security_question_2(postString("security_question_2", 0));
-		$settings->set_security_answer_2(postString("security_answer_2", 0));
+		$settings->set_security_question_1(removeHTMLnodes(postString("security_question_1", 0)));
+		$settings->set_security_answer_1(removeHTMLnodes(postString("security_answer_1", 0)));
+		$settings->set_security_question_2(removeHTMLnodes(postString("security_question_2", 0)));
+		$settings->set_security_answer_2(removeHTMLnodes(postString("security_answer_2", 0)));
 		
 		//Try to update settings
 		if(!components()->settings->save_security($settings))