Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG	(revision 1384)
+++ branches/2.8.x/CHANGELOG	(revision 1385)
@@ -11,6 +11,8 @@
 ! = Update/Change
 
 ------------------------------------- 2.8.2 -------------------------------------
+16 Jan-2011 Build 1385 Frank Heyne (FrankH)
+# Security fix to filter out droplets from user input in news and form modules
 16 Jan-2011 Build 1384 Dietmar Woellbrink (Luisehahne)
 ! Security fix in admin/pages
 15 Jan-2011 Build 1383 Frank Heyne (FrankH)
Index: branches/2.8.x/wb/admin/interface/version.php
===================================================================
--- branches/2.8.x/wb/admin/interface/version.php	(revision 1384)
+++ branches/2.8.x/wb/admin/interface/version.php	(revision 1385)
@@ -52,6 +52,6 @@
 
 // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
 if(!defined('VERSION')) define('VERSION', '2.8.2.RC4');
-if(!defined('REVISION')) define('REVISION', '1384');
+if(!defined('REVISION')) define('REVISION', '1385');
 
 ?>
Index: branches/2.8.x/wb/modules/form/view.php
===================================================================
--- branches/2.8.x/wb/modules/form/view.php	(revision 1384)
+++ branches/2.8.x/wb/modules/form/view.php	(revision 1385)
@@ -325,10 +325,11 @@
 				// Add to message body
 				if($field['type'] != '') {
 					if(!empty($_POST['field'.$field['field_id']])) {
+						// do not allow droplets in user input!
 						if (is_array($_POST['field'.$field['field_id']])) {
-							$_SESSION['field'.$field['field_id']] = $_POST['field'.$field['field_id']];
+							$_SESSION['field'.$field['field_id']] = str_replace(array("[[", "]]"), array("[[", "]]"), $_POST['field'.$field['field_id']]);
 						} else {
-							$_SESSION['field'.$field['field_id']] = htmlspecialchars($_POST['field'.$field['field_id']]);
+							$_SESSION['field'.$field['field_id']] = str_replace(array("[[", "]]"), array("[[", "]]"), htmlspecialchars($_POST['field'.$field['field_id']]));
 						}
 						// if the output filter is active, we need to revert (dot) to . and (at) to @ (using current filter settings)
 						// otherwise the entered mail will not be accepted and the recipient would see (dot), (at) etc.
Index: branches/2.8.x/wb/modules/news/save_comment.php
===================================================================
--- branches/2.8.x/wb/modules/news/save_comment.php	(revision 1384)
+++ branches/2.8.x/wb/modules/news/save_comment.php	(revision 1385)
@@ -51,6 +51,10 @@
 	$title = strip_tags($admin->get_post_escaped('title'));
 	$comment = strip_tags($admin->get_post_escaped('comment'));
 	$post_id = $admin->getIDKEY($admin->get_post('post_id'));
+	
+	// do not allow droplets in user input!
+	$title = str_replace(array("[[", "]]"), array("[[", "]]"), $title);
+	$comment = str_replace(array("[[", "]]"), array("[[", "]]"), $comment);
 }
 
 // Update row