From a470daf9f5f3436f05b1af8a44a2c28af8d74162 Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Sat, 3 May 2014 14:13:48 +0100
Subject: [PATCH] No need for other chars to be replaced

Impossible to output an XSS without < or > alone
---
 lib/settings-common.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/settings-common.php b/lib/settings-common.php
index c279953..0bf78b0 100644
--- a/lib/settings-common.php
+++ b/lib/settings-common.php
@@ -65,8 +65,8 @@ function xssClean($data,$type) {
 
 	// === html ===
 	if ($type == "html") {
-		$bad  = array("<",    ">",    "=",        "&",     "(",       ")",     "\"",     "'");
-		$good = array("&lt;", "&gt;", "&equals;", "&amp;", "&lpar;", "&rpar;", "&quot;", "&apos;");
+		$bad  = array("<",    ">");
+		$good = array("&lt;", "&gt;");
 	}
 
 	// === style ===