Changeset 26919


Ignore:
Timestamp:
01/23/14 12:08:22 (6 years ago)
Author:
mistic100
Message:

Merged revision(s) 26916 from trunk:
bug 3029: XSS on website_url comment form

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.6/include/functions_comment.inc.php

    r26461 r26919  
    148148  if (!empty($comm['website_url'])) 
    149149  { 
     150    $comm['website_url'] = strip_tags($comm['website_url']); 
    150151    if (!preg_match('/^https?/i', $comm['website_url'])) 
    151152    { 
     
    352353  if (!empty($comment['website_url'])) 
    353354  { 
     355    $comm['website_url'] = strip_tags($comm['website_url']); 
    354356    if (!preg_match('/^https?/i', $comment['website_url'])) 
    355357    { 
Note: See TracChangeset for help on using the changeset viewer.