Changeset 26917


Ignore:
Timestamp:
01/23/14 12:06:56 (6 years ago)
Author:
mistic100
Message:

fix XSS on website_url field (see bug:3029)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • extensions/Comments_on_Albums/trunk/include/functions_comment.inc.php

    r26848 r26917  
    8686  if (!empty($comm['website_url'])) 
    8787  { 
     88    $comm['website_url'] = strip_tags($comm['website_url']); 
    8889    if (!preg_match('/^https?/i', $comm['website_url'])) 
    8990    { 
     
    291292  if (!empty($comment['website_url'])) 
    292293  { 
     294    $comm['website_url'] = strip_tags($comm['website_url']); 
    293295    if (!preg_match('/^https?/i', $comment['website_url'])) 
    294296    { 
Note: See TracChangeset for help on using the changeset viewer.