--- user.php.old	Thu Jul 11 10:34:13 2002
+++ user.php	Thu Jul 11 10:44:30 2002
@@ -26,6 +26,7 @@
 # $Id: user.php,v 1.5 2002/06/22 14:18:31 pawal Exp $
 
 if(!isset($mainfile)) { include('mainfile.php'); }
+isRealUser($HTTP_COOKIE_VARS['user']);
 
 function user_nav() {
 	html_page_head();
@@ -459,6 +460,11 @@
 	} elseif (($pass != "") && (strlen($pass) < $minpass)) {
 		echo "<div align=\"center\">".translate("Sorry, your password must be at least")." <b>$minpass</b> ".translate("characters long")."</div>\n";
 	} else {
+		$name = strip_tags($name);
+		$email = strip_tags($email);
+		$femail = strip_tags($femail);
+		$url = strip_tags($url);
+
 		if ($bio) { $bio = filter_text($bio); $bio = FixQuotes($bio); }
 		if ($pass != "") {
 			dbconnect();