From 2a6fd69192b3996a91bf0d065284c19eb3861ba7 Mon Sep 17 00:00:00 2001
From: Mark Schouten <mark@tuxis.nl>
Date: Mon, 26 May 2014 12:28:16 +0200
Subject: [PATCH] Make content safe too

---
 zones.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/zones.php b/zones.php
index 080e061..f716b95 100644
--- a/zones.php
+++ b/zones.php
@@ -216,7 +216,8 @@ if ($action == "list" or $action== "listslaves") {
     $any = array();
     foreach ($rows['records'] as $idx => $record) {
         $rows['records'][$idx]['id'] = json_encode($record);
-        $record['name'] = htmlspecialchars($record['name']);
+        $rows['records'][$idx]['name'] = htmlspecialchars($record['name']);
+        $rows['records'][$idx]['content'] = htmlspecialchars($record['content']);
         if ($record['type'] == 'SOA') { array_push($soa, $rows['records'][$idx]); }
         elseif ($record['type'] == 'NS') { array_push($ns, $rows['records'][$idx]); }
         elseif ($record['type'] == 'MX') { array_push($mx, $rows['records'][$idx]); }
@@ -240,7 +241,9 @@ if ($action == "list" or $action== "listslaves") {
     }
 
     $records =_create_record($name, $records, $_POST, $_GET['zoneurl']);
-    _jtable_respond($records[sizeof($records)-1], 'single');
+    $ret = $records[sizeof($records)-1];
+    $ret['content'] = htmlspecialchars($ret['content']);
+    _jtable_respond($ret, 'single');
 } elseif ($action == "deleterecord") {
     $todel = json_decode($_POST['id'], 1);
     $records = getrecords_by_name_type($_GET['zoneurl'], $todel['name'], $todel['type']);