--- friend.php.OLD	Tue Jun  4 16:43:12 2002
+++ friend.php	Tue Jun  4 17:28:39 2002
@@ -67,6 +67,10 @@
     list($title, $time, $hometext, $bodytext, $topic, $notes, $sid) = mysql_fetch_row($result2);
     $result3 = mysql_query("SELECT topictext FROM topics WHERE topicid='$topic'");
     list($topictext) = mysql_fetch_row($result3);
+    $yname = removecrlf($yname);
+    $ymail = removecrlf($ymail);
+    $fname = removecrlf($fname);
+    $fmail = removecrlf($fmail);
     $subject = "Intressant artikel på $sitename";
     $message = "Hallå $fname,\n\n";
     $message .= "Din kompis $yname ansåg att den här artikeln var intressant och ville skicka den till dig.\n\n";
@@ -88,7 +92,7 @@
     include('header.php');
     html_page_head();
     echo "<div align=\"center\">\n";
-    echo "<b>Artikeln <i>$title</i> har skickats till $fname.</b>\n";
+    echo "<b>Artikeln <i>$title</i> har skickats till ".htmlspecialchars($fname).".</b>\n";
     echo "</div>\n";
     html_page_foot();
     include('footer.php');
@@ -120,6 +124,10 @@
 function SendSite($yname, $ymail, $fname, $fmail) {
     global $sitename,$slogan,$nuke_url;
     dbconnect();
+    $yname = removecrlf($yname);
+    $ymail = removecrlf($ymail);
+    $fname = removecrlf($fname);
+    $fmail = removecrlf($fmail);
     $subject = "Intressant sajt: $sitename";
     $message = "Hallå $fname,\n\n";
     $message.= "Din kompis $yname tyckte vår sajt $sitename verkade intressant och rekommenderar den till dig.\n\n";
@@ -132,10 +140,14 @@
 function SiteSent($fname) {
     include('header.php');
     html_page_head();
-    echo "<div align=\"center\"><b>Ditt sajt-tips har skickats till $fname...</b><br><br>\n";
+    echo "<div align=\"center\"><b>Ditt sajt-tips har skickats till ".htmlspecialchars($fname)."...</b><br><br>\n";
     echo "Tack för att du rekommenderar oss!</div>\n";
     html_page_foot();
     include('footer.php');
+}
+
+function removecrlf($string) {
+    return strtr($string, "\015\012", '  ');
 }