From e207c139bb003d10b6ade084cfd1e9a652e1ad8b Mon Sep 17 00:00:00 2001
From: john <john>
Date: Sun, 30 Sep 2001 16:54:36 +0000
Subject: [PATCH] added calls to StringUtil.removeHTMLTags for comments and
 postings.  approveHTMLTags is in place, but commented out until problems are
 fixed

---
 .../mircoders/servlet/ServletModuleOpenIndy.java   | 29 +++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/source/mircoders/servlet/ServletModuleOpenIndy.java b/source/mircoders/servlet/ServletModuleOpenIndy.java
index abb7523e..176908a1 100755
--- a/source/mircoders/servlet/ServletModuleOpenIndy.java
+++ b/source/mircoders/servlet/ServletModuleOpenIndy.java
@@ -97,7 +97,16 @@ public class ServletModuleOpenIndy extends ServletModule
     {
       // ok, collecting data from form
       try {
-        HashMap withValues = getIntersectingValues(req, DatabaseComment.getInstance());
+	  HashMap withValues = getIntersectingValues(req, DatabaseComment.getInstance());
+	 
+	  //no html in comments(for now)
+	  for (Iterator i=withValues.keySet().iterator(); i.hasNext(); ){
+	      String k=(String)i.next();
+	      String v=(String)withValues.get(k);
+	  	  
+	      withValues.put(k,StringUtil.removeHTMLTags(v));
+	  }
+    	  
         withValues.put("is_published","1");
 
 		// Dupe detection
@@ -178,6 +187,24 @@ public class ServletModuleOpenIndy extends ServletModule
       WebdbMultipartRequest mp = new WebdbMultipartRequest(req);
           
       HashMap withValues = mp.getParameters();
+      
+      // call the routines that escape html
+
+      for (Iterator i=withValues.keySet().iterator(); i.hasNext(); ){
+	  String k=(String)i.next();
+	  String v=(String)withValues.get(k);
+	  
+	  if (k.equals("content_data")){
+	      //this doesn't quite work yet, so for now, all html goes  
+	      //	      withValues.put(k,StringUtil.approveHTMLTags(v));
+	      withValues.put(k,StringUtil.removeHTMLTags(v));
+	  }
+	  else{
+	    withValues.put(k,StringUtil.removeHTMLTags(v));
+	  }
+    	  
+      }
+
       withValues.put("date", StringUtil.date2webdbDate(new GregorianCalendar()));
       withValues.put("publish_path", StringUtil.webdbDate2path((String)withValues.get("date")));
       withValues.put("is_produced", "0");
-- 
2.11.0