I know, this gives me a really bad feeling about the script,
I actually bought it because buddypress wasn't secure enough,
stripping the html slashes is pretty much beginner level in sense of seurity
well I hope kevin understands that html tags shouldn't be filtered but not displayed at all,
there is a php method for that.
also php tags are very dangerous,
but I know he has done a lot for the security in comparison to the older version
I tried to XSS this website and it was protected against it this time.
All this script needs now is a firewall
1. I told you to report any bugs on this site or send me a message
2. There are so many things going on in big script like this so mistakes do happen. That's why I rely on the community to report bugs to fix.
The installation file has been patched. You can just overwrite View/Elements/lists/albums_list.ctp and videos_list.ctp
I thought it was solved with 2.0 .. waiting what kevin say