--- a/decir/posting.php	Wed Nov 14 19:26:21 2007 -0500
+++ b/decir/posting.php	Thu Nov 29 21:48:02 2007 -0500
@@ -90,11 +90,13 @@
     if ( sizeof($errors) < 1 )
     {
       // Collect other options
+      $post_text = trim(htmlspecialchars($_POST['post_text']));
+      $post_subject = trim(htmlspecialchars($_POST['subject']));
       
       // Submit post
       if ( $parms['mode'] == 'reply' || $parms['mode'] == 'quote' )
       {
-        $result = decir_submit_post($parms['topic_in'], $_POST['subject'], $_POST['post_text'], $post_id);
+        $result = decir_submit_post($parms['topic_in'], $post_subject, $post_text, $post_id);
         if ( $result )
         {
           // update forum stats
@@ -110,7 +112,7 @@
       }
       else if ( $parms['mode'] == 'topic' )
       {
-        $result = decir_submit_topic($parms['forum_id'], $_POST['subject'], $_POST['post_text'], $topic_id, $post_id);
+        $result = decir_submit_topic($parms['forum_id'], $post_subject, $post_text, $topic_id, $post_id);
         if ( $result )
         {
           // update forum stats