From 9ed736f7cf6d7c0518d6cfdc542e623c34c01b3d Mon Sep 17 00:00:00 2001
From: rboren <rboren@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sat, 4 Sep 2004 08:03:20 +0000
Subject: [PATCH] Escape content and title before inserting into the DB. 
 http://wordpress.org/support/2/12153

git-svn-id: http://svn.automattic.com/wordpress/trunk@1590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/import-textpattern.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-admin/import-textpattern.php b/wp-admin/import-textpattern.php
index 9090b49f2..539d7294d 100644
--- a/wp-admin/import-textpattern.php
+++ b/wp-admin/import-textpattern.php
@@ -97,8 +97,8 @@ while ($post = mysql_fetch_array($posts)) {
 	$timestamp = mktime($hour, $minute, $second, $month, $day, $year);
 	$posted = date('Y-m-d H:i:s', $timestamp);
 	
-	$content = $post['Body_html'];
-	$title = $post['Title'];
+	$content = addslashes($post['Body_html']);
+	$title = addslashes($post['Title']);
 	$post_name = sanitize_title($title);
 
 	$wpdb->query("INSERT INTO $wpdb->posts