Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixes #186, possible XSS in comments
  • Loading branch information
azett committed Jan 8, 2023
1 parent 8c79821 commit 264217f
Showing 1 changed file with 8 additions and 6 deletions.
14 changes: 8 additions & 6 deletions fp-includes/core/core.comment.php
Expand Up @@ -73,12 +73,14 @@ function comment_exists($entryid, $id) {
}

function comment_clean(&$arr) {
$arr ['name'] = apply_filters('pre_comment_author_name', stripslashes($arr ['name']));
if (isset($arr ['email']))
$arr ['email'] = apply_filters('pre_comment_author_email', $arr ['email']);
if (isset($arr ['url']))
$arr ['url'] = apply_filters('pre_comment_author_url', $arr ['url']);
$arr ['content'] = apply_filters('pre_comment_content', $arr ['content']);
$arr ['name'] = strip_tags(apply_filters('pre_comment_author_name', stripslashes($arr ['name'])));
if (isset($arr ['email'])) {
$arr ['email'] = strip_tags(apply_filters('pre_comment_author_email', $arr ['email']));
}
if (isset($arr ['url'])) {
$arr ['url'] = strip_tags(apply_filters('pre_comment_author_url', $arr ['url']));
}
$arr ['content'] = strip_tags(apply_filters('pre_comment_content', $arr ['content']));
return $arr;
}

Expand Down

0 comments on commit 264217f

Please sign in to comment.