Browse files

Escaped variables in generated output.

  • Loading branch information...
1 parent b737d11 commit 123c4e6b58c1a5358b09a45b6583a6b355ba1cb3 @Rarst Rarst committed Feb 11, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 stackad.php
View
2 stackad.php
@@ -137,7 +137,7 @@ function GenerateHTML($site_domain)
if(!preg_match('/a href="(.*?)".*?img src="(.*?)"/', $random_item['body'], $matches))
throw new Exception(__('post body did not contain an image.', 'stackad'));
- echo "<a href='{$matches[1]}' class='aligncenter stackad' data-score='{$random_item['score']}' data-link='{$random_item['link']}'><img src='{$matches[2]}' /></a>";
+ echo "<a href='" . esc_attr( $matches[1] ) . "' class='aligncenter stackad' data-score='" . esc_attr( $random_item['score'] ) . "' data-link='" . esc_attr( $random_item['link'] ) . "'><img src='" . esc_attr( $matches[2] ) . "' /></a>";
}
}

0 comments on commit 123c4e6

Please sign in to comment.