Index: trunk/wb/modules/form/save_field.php
===================================================================
--- trunk/wb/modules/form/save_field.php	(revision 363)
+++ trunk/wb/modules/form/save_field.php	(revision 364)
@@ -69,11 +69,11 @@
 
 // Get extra fields for field-type-specific settings
 if($admin->get_post('type') == 'textfield') {
-	$length = $admin->get_post('length');
-	$value = $admin->get_post('value');
+	$length = $admin->get_post_escaped('length');
+	$value = $admin->get_post_escaped('value');
 	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '$length' WHERE field_id = '$field_id'");
 } elseif($admin->get_post('type') == 'textarea') {
-	$value = $admin->get_post('value');
+	$value = $admin->get_post_escaped('value'));
 	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '' WHERE field_id = '$field_id'");
 } elseif($admin->get_post('type') == 'heading') {
 	$extra = $admin->get_post('template');
@@ -81,13 +81,13 @@
 	$extra = $admin->add_slashes($extra);
 	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '', extra = '$extra' WHERE field_id = '$field_id'");
 } elseif($admin->get_post('type') == 'select') {
-	$extra = $admin->get_post('size').','.$admin->get_post('multiselect');
+	$extra = $admin->get_post_escaped('size').','.$admin->get_post_escaped('multiselect');
 	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '$extra' WHERE field_id = '$field_id'");
 } elseif($admin->get_post('type') == 'checkbox') {
-	$extra = $admin->get_post('seperator');
+	$extra = $admin->get_post_escaped('seperator');
 	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '$extra' WHERE field_id = '$field_id'");
 } elseif($admin->get_post('type') == 'radio') {
-	$extra = $admin->get_post('seperator');
+	$extra = $admin->get_post_escaped('seperator');
 	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '$extra' WHERE field_id = '$field_id'");
 }
 
Index: trunk/wb/framework/class.wb.php
===================================================================
--- trunk/wb/framework/class.wb.php	(revision 363)
+++ trunk/wb/framework/class.wb.php	(revision 364)
@@ -116,6 +116,12 @@
 		}
 	}
 
+	// Get POST data and escape it
+	function get_post_escaped($field) {
+		$result = $this->get_post($field);
+		return (is_null($result)) ? null : $this->add_slashes($result);
+	}
+	
 	// Get GET data
 	function get_get($field) {
 		if(isset($_GET[$field])) {