update readme

README.md

@@ -20,7 +20,7 @@ Anyways, let's get to the *how*.
 	if you have trouble displaying them in your database manager, let me know
 	and I might get to writing some basic setup instructions here.
  - Please create the file `docs/common/config.php` which will store database
-	credential that will then be used in `docs/common/header.php`
+	credentials that will then be used in `docs/common/header.php`
 	to connect to the db and set the global variable `$conn` to the PDO
 	connection object, you can use that in your own functions, if you add any.
  - The file should define the following constants:
@@ -34,9 +34,11 @@ Anyways, let's get to the *how*.
 		if you are going to make use of that function. Please note that it is
 		meant for admin use only and normal users shouldn't have access to it
 		as it is unprotected.
- - Also make sure that the folder /assets/uploads/ exists and php has write
+ - Also make sure that the directory /assets/uploads/ exists and php has write
 	permissions there - if you are going to use that file upload
 	functionality, that is.
+ - Php should also have write permissions in the docs/www/blog directory,
+	so it can update the atom feed.
  - If you have problems connecting to the database, you can try
  	printing the PDO exception being caught there in the function
 	`attempt_sql_connect()`, but be careful not to leave it in production, as

docs/www/blog/writearticle.php

@@ -288,7 +288,7 @@ if(isset($_GET["guid"])) {
 	$title_prefill = $result["title"];
 	$address_prefill = $result["readable_address"];
 	$abstract_prefill = $result["abstract"];
-	$content_prefill = $result["content"];
+	$content_prefill = sanitize_input($result["content"]);
 
 	// select the tags for this article from the database
 	$stmt = $conn->prepare("SELECT blogpost_tags.name FROM