Don't escape CSS (fixes use of html entities)

2016-09-02 10:35:18 +02:00
parent 1753606b8a
commit 8e75c36572
2 changed files with 1 additions and 1 deletions
--- a/1
+++ b/1
@ -1,5 +1,6 @@
 Add logout button to session view and allow unbanning kicked sessions
 Allow changing message sort direction
+Don't escape CSS (fixes use of html entities)

 Version 1.21 - Aug. 29, 2016
 Don't display empty option for system messages in delete messages by name
--- a/chat.php
+++ b/chat.php
@ -3181,7 +3181,6 @@ function save_setup($C){
 	$_REQUEST['rulestxt']=preg_replace("/(\r?\n|\r\n?)/", '<br>', $_REQUEST['rulestxt']);
 	$_REQUEST['chatname']=htmlspecialchars($_REQUEST['chatname']);
 	$_REQUEST['redirect']=htmlspecialchars($_REQUEST['redirect']);
-	$_REQUEST['css']=htmlspecialchars($_REQUEST['css']);
 	if(!preg_match('/^[a-f0-9]{6}$/i', $_REQUEST['colbg'])){
 		unset($_REQUEST['colbg']);
 	}