Run p::clean() on any variables that contain data entered by users.

2026-06-06 03:29:28 -04:00 · 2009-05-31 00:11:48 -07:00
parent ad81861c33
commit 708f27f483
18 changed files with 65 additions and 55 deletions
--- a/modules/comment/views/admin_block_recent_comments.html.php
+++ b/modules/comment/views/admin_block_recent_comments.html.php
@@ -4,13 +4,13 @@
  <li class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>">
    <img src="<?= $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) ?>"
         class="gAvatar"
-         alt="<?= $comment->author_name() ?>"
+         alt="<?= p::clean($comment->author_name()) ?>"
         width="32"
         height="32" />
    <?= date("Y-M-d H:i:s", $comment->created) ?>
    <?= t("<a href=#>%author_name</a> said <em>%comment_text</em>",
-          array("author_name" => $comment->author_name(),
-                "comment_text" => text::limit_words($comment->text, 50))); ?>
+        array("author_name" => p::clean($comment->author_name()),
+                "comment_text" => text::limit_words(p::clean($comment->text), 50))); ?>
  </li>
  <? endforeach ?>
 </ul>