From 40515c74815ace394ab23c6c19cbb33fd49059cb Mon Sep 17 00:00:00 2001
From: Thorsten Rinne <thorsten@phpmyfaq.de>
Date: Wed, 25 Jan 2023 08:27:10 +0100
Subject: [PATCH] fix: strip tags for questions and answers

---
 phpmyfaq/ajaxservice.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/phpmyfaq/ajaxservice.php b/phpmyfaq/ajaxservice.php
index 00ba955a4a..0e29ac8401 100644
--- a/phpmyfaq/ajaxservice.php
+++ b/phpmyfaq/ajaxservice.php
@@ -322,11 +322,13 @@
         $faqId = Filter::filterInput(INPUT_POST, 'faqid', FILTER_VALIDATE_INT);
         $faqLanguage = Filter::filterInput(INPUT_POST, 'lang', FILTER_UNSAFE_RAW);
         $question = Filter::filterInput(INPUT_POST, 'question', FILTER_UNSAFE_RAW);
+        $question = strip_tags($question);
         if ($faqConfig->get('main.enableWysiwygEditorFrontend')) {
             $answer = Filter::filterInput(INPUT_POST, 'answer', FILTER_SANITIZE_SPECIAL_CHARS);
             $answer = html_entity_decode($answer);
         } else {
             $answer = Filter::filterInput(INPUT_POST, 'answer', FILTER_UNSAFE_RAW);
+            $answer = strip_tags($answer);
             $answer = nl2br($answer);
         }
         $translatedAnswer = Filter::filterInput(INPUT_POST, 'translated_answer', FILTER_UNSAFE_RAW);