[pLog-svn] r2466 - plog/branches/plog-1.0.2/class/action
mark at devel.plogworld.net
mark at devel.plogworld.net
Wed Sep 14 14:17:44 GMT 2005
Author: mark
Date: 2005-09-14 14:17:43 +0000 (Wed, 14 Sep 2005)
New Revision: 2466
Modified:
plog/branches/plog-1.0.2/class/action/addcommentaction.class.php
Log:
We are not allow html tag in comment topic to avoid XSS attack.
Modified: plog/branches/plog-1.0.2/class/action/addcommentaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/addcommentaction.class.php 2005-09-14 13:58:29 UTC (rev 2465)
+++ plog/branches/plog-1.0.2/class/action/addcommentaction.class.php 2005-09-14 14:17:43 UTC (rev 2466)
@@ -82,11 +82,9 @@
}
$this->_userName = Textfilter::filterAllHTML($this->_request->getValue( "userName" ));
$this->_commentText = trim($this->_request->getValue( "commentText" ));
- $this->_commentTopic = trim($this->_request->getValue( "commentTopic" ));
- // remove all weird stuff from the text and topic
+ $this->_commentTopic = trim(Textfilter::filterAllHTML($this->_request->getValue( "commentTopic" )));
+ // remove all weird stuff from the comment text
$tf = new TextFilter();
- $this->_commentTopic = $tf->xhtmlize($tf->filterHTML( $this->_commentTopic ));
- // and also from the text
$this->_commentText = $tf->xhtmlize($tf->filterHTML( $this->_commentText ));
// now, if the option is set, we 'beautify' the text typed by users
if( $this->_config->getValue( "beautify_comments_text" )) {
More information about the pLog-svn
mailing list