$cid = !empty($_POST['cid']) ? intval($_POST['cid']) : 0;
$uid = local_user();
- $start_text = Strings::escapeTags(defaults($_REQUEST, 'start_text', ''));
- $finish_text = Strings::escapeTags(defaults($_REQUEST, 'finish_text', ''));
+ $start_text = Strings::escapeHtml(defaults($_REQUEST, 'start_text', ''));
+ $finish_text = Strings::escapeHtml(defaults($_REQUEST, 'finish_text', ''));
$adjust = intval(defaults($_POST, 'adjust', 0));
$nofinish = intval(defaults($_POST, 'nofinish', 0));
// and we'll waste a bunch of time responding to it. Time that
// could've been spent doing something else.
- $summary = Strings::escapeTags(trim(defaults($_POST, 'summary', '')));
- $desc = Strings::escapeTags(trim(defaults($_POST, 'desc', '')));
- $location = Strings::escapeTags(trim(defaults($_POST, 'location', '')));
+ $summary = Strings::escapeHtml(trim(defaults($_POST, 'summary', '')));
+ $desc = Strings::escapeHtml(trim(defaults($_POST, 'desc', '')));
+ $location = Strings::escapeHtml(trim(defaults($_POST, 'location', '')));
$type = 'event';
$action = ($event_id == '') ? 'new' : "event/" . $event_id;