diff --git a/chant.php b/chant.php
index 2d96b84..bad400e 100644
--- a/chant.php
+++ b/chant.php
@@ -246,7 +246,7 @@ if($req1->num_rows > 0 || $c['transcriber'] > '') {
}
while ($m = $req1->fetch_assoc()) {
$user_info = get_userdata($m['user_id']);
- echo "".date("M d, Y",$m['time']).": ".$m['comment']." (".$user_info->display_name.') ?\n";
+ echo "".date("M d, Y",$m['time']).": ".htmlspecialchars($m['comment'])." (".$user_info->display_name.') ?\n";
}
if($c['transcriber'] > '') {
echo "Original transcriber: ".$c['transcriber']."\n";
diff --git a/feed.php b/feed.php
index 854a9d5..1e585fe 100644
--- a/feed.php
+++ b/feed.php
@@ -28,7 +28,7 @@ $user_info = get_userdata($m['user_id']);
echo '
'.chant_from_id($m['chant_id'])[1].'
- '.$m['comment'].'
+ '.htmlspecialchars($m['comment']).'
'.date(DATE_ATOM,$m['time']).'
'.$user_info->display_name.'
@@ -43,7 +43,7 @@ while($m = $req1->fetch_assoc()) {
echo '
'.chant_from_id($m['chant_id'])[1].'
- '.$m['comment'].'
+ '.htmlspecialchars($m['comment']).'
'.date(DATE_ATOM,$m['time']).'
'.$user_info->display_name.'
diff --git a/scores.php b/scores.php
index f079683..faef4d4 100644
--- a/scores.php
+++ b/scores.php
@@ -69,7 +69,7 @@ foreach($mod as $d => $ml) {
echo "
\n";
}
diff --git a/updates.php b/updates.php
index 3168d04..50bdb22 100644
--- a/updates.php
+++ b/updates.php
@@ -24,7 +24,7 @@ foreach($mod as $d => $ml) {
foreach($ml as $m) {
$user_info = get_userdata($m['user_id']);
echo "".' '.format_incipit(chant_from_id($m['chant_id'])[1])."
\n";
- echo "".$m['comment'].' ('.$user_info->display_name.")\n";
+ echo "".htmlspecialchars($m['comment']).' ('.$user_info->display_name.")\n";
}
echo "\n";
}