From be2b7b3375c7e938c2b40a38fc13c968128a0860 Mon Sep 17 00:00:00 2001
From: falkTX <falktx@gmail.com>
Date: Mon, 11 Nov 2013 15:01:44 +0000
Subject: [PATCH] Fix paste names (titles) using quotes or other special chars

---
 paste/index.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/paste/index.php b/paste/index.php
index cc12063..6f4ca30 100644
--- a/paste/index.php
+++ b/paste/index.php
@@ -21,7 +21,7 @@ if (! empty($_GET["id"]))
     $paste_file = $base_dir . "repo/" . $paste_id;
 
     if (! file_exists($paste_file)) {
-      $is_error = TRUE;
+        $is_error = TRUE;
     }
 
     $paste_info = $base_dir . "repo/" . $paste_id . ".inc";
@@ -32,7 +32,7 @@ if (! empty($_GET["id"]))
     $paste_numbers = "";
 
     if (file_exists($paste_info)) {
-      include_once($paste_info);
+        include_once($paste_info);
     }
 
     $show_numbers = ($paste_numbers == "Yes");
@@ -43,9 +43,9 @@ else if (! empty($_POST["paste_text"]))
         die("Spam bot detected, get out of here!");
     }
 
-    $paste_code    = $_POST["paste_text"];
-    $paste_format  = $_POST["paste_format"];
-    $paste_name    = $_POST["paste_title"];
+    $paste_code   = $_POST["paste_text"];
+    $paste_format = $_POST["paste_format"];
+    $paste_name   = htmlspecialchars($_POST["paste_title"]);
 
     if (array_key_exists("paste_numbers", $_POST)) {
         $paste_numbers = $_POST["paste_numbers"];