XSS bug in php(Reactor)

Vulnerable systems: 1.2.7pl1 Exploit: forums/browse.php?fid=3&tid=46&go=scriptJavaScript:alert 'Hi';/script with out "" Solution: i thought this but i am not sure open browse.php and add this code in line 52: $go = HTMLSpecialChars$go; $go = PREGReplace"/A-Z&.;:!@$^''//i", "", $go;...