Changeset 26920


Ignore:
Timestamp:
01/23/14 12:08:56 (5 years ago)
Author:
mistic100
Message:

Merged revision(s) 26916 from trunk:
bug 3029: XSS on website_url comment form

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.5/include/functions_comment.inc.php

    r19703 r26920  
    136136  if (!empty($comm['website_url'])) 
    137137  { 
     138    $comm['website_url'] = strip_tags($comm['website_url']); 
    138139    if (!preg_match('/^https?/i', $comm['website_url'])) 
    139140    { 
     
    339340  if (!empty($comment['website_url'])) 
    340341  { 
     342    $comm['website_url'] = strip_tags($comm['website_url']); 
    341343    if (!preg_match('/^https?/i', $comment['website_url'])) 
    342344    { 
Note: See TracChangeset for help on using the changeset viewer.