From 570895c7bdd18fa9f5a78fa4d402db42c5dcdc03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vojt=C4=9Bch=20Sajdl?= <sajdl.vojtech@gmail.com>
Date: Wed, 3 Jun 2020 09:13:54 +0200
Subject: [PATCH] Fix  #102 - strip tags when saving incident

---
 classes/incident.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/classes/incident.php b/classes/incident.php
index 4ced1db..0385754 100644
--- a/classes/incident.php
+++ b/classes/incident.php
@@ -83,8 +83,8 @@ class Incident implements JsonSerializable
     global $mysqli, $message;
     $user_id = $_SESSION['user'];
     $type = $_POST['type'];
-    $title = $_POST['title'];
-    $text = $_POST['text'];
+    $title = strip_tags($_POST['title']);
+    $text = strip_tags($_POST['text'], '<br>');
 
     if (strlen($title)==0)
     {
@@ -217,4 +217,4 @@ class Incident implements JsonSerializable
       "username" => $this->username
     ];
   }
-}          
\ No newline at end of file
+}