Changeset 26917

Timestamp:

Jan 23, 2014, 12:06:56 PM (10 years ago)

Author:

mistic100

Message:

fix XSS on website_url field (see bug:3029)

File:

• extensions/Comments_on_Albums/trunk/include/functions_comment.inc.php (modified) (2 diffs)

extensions/Comments_on_Albums/trunk/include/functions_comment.inc.php

@@ -86 +86 @@
   if (!empty($comm['website_url']))
   {
+    $comm['website_url'] = strip_tags($comm['website_url']);
     if (!preg_match('/^https?/i', $comm['website_url']))
     {
@@ -291 +292 @@
   if (!empty($comment['website_url']))
   {
+    $comm['website_url'] = strip_tags($comm['website_url']);
     if (!preg_match('/^https?/i', $comment['website_url']))
     {