This will prevent an xss attack on these pages. These 2 pages that are almost the exact same.
This is included in the SDR 3, 8-1-11 Update.
Members/composeMsg.php, go to line 84 to 86 and you will see this set of codes:
<tr>
<td colspan=2><textarea name=\"message\" style=\"width: 100%; height: 200px\">$messages</textarea></td>
</tr>
Change the middle line to look like this:
<tr>
<td colspan=2><textarea name=\"message\" style=\"width: 100%; height: 200px\">". htmlspecialchars($message, ENT_QUOTES)."</textarea></td>
</tr>
Now lets do the other page, go to your members/contact.php and go to lines 84 to 86 were you see this set of codes:
<tr>
<td colspan=2><textarea name=\"message\" style=\"width: 100%; height: 200px\">$messages</textarea></td>
</tr>
Change the middle line to look like this:
<tr>
<td colspan=2><textarea name=\"message\" style=\"width: 100%; height: 200px\">". htmlspecialchars($message, ENT_QUOTES)."</textarea></td>
</tr>
Also on both pages add the following:
after $includes[title]="Compose Message";
ADD:
$error = '';
