Changeset 26920 for branches


Ignore:
Timestamp:
Jan 23, 2014, 12:08:56 PM (10 years ago)
Author:
mistic100
Message:

Merged revision(s) 26916 from trunk:
bug 3029: XSS on website_url comment form

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.5/include/functions_comment.inc.php

    r19703 r26920  
    136136  if (!empty($comm['website_url']))
    137137  {
     138    $comm['website_url'] = strip_tags($comm['website_url']);
    138139    if (!preg_match('/^https?/i', $comm['website_url']))
    139140    {
     
    339340  if (!empty($comment['website_url']))
    340341  {
     342    $comm['website_url'] = strip_tags($comm['website_url']);
    341343    if (!preg_match('/^https?/i', $comment['website_url']))
    342344    {
Note: See TracChangeset for help on using the changeset viewer.