Sanitize the 'user' before output.

author kmorimatsu <kmorimatsu@1ca29b6e-896d-4ea0-84a5-967f57386b96>

Tue, 15 Mar 2011 02:01:25 +0000 (02:01 +0000)

committer kmorimatsu <kmorimatsu@1ca29b6e-896d-4ea0-84a5-967f57386b96>

Tue, 15 Mar 2011 02:01:25 +0000 (02:01 +0000)
author kmorimatsu <kmorimatsu@1ca29b6e-896d-4ea0-84a5-967f57386b96>
Tue, 15 Mar 2011 02:01:25 +0000 (02:01 +0000)
committer kmorimatsu <kmorimatsu@1ca29b6e-896d-4ea0-84a5-967f57386b96>
Tue, 15 Mar 2011 02:01:25 +0000 (02:01 +0000)
diff --git a/utf8/nucleus/libs/COMMENTACTIONS.php b/utf8/nucleus/libs/COMMENTACTIONS.php

index f737be6..5e69eed 100644 (file)
--- a/utf8/nucleus/libs/COMMENTACTIONS.php
+++ b/utf8/nucleus/libs/COMMENTACTIONS.php
@@ -358,7 +358,7 @@ class COMMENTACTIONS extends BaseActions {
                         $member =& $manager->getMember($this->currentComment['memberid']);
                         echo $member->getRealName();
                 } else {
-                       echo $this->currentComment['user'];
+                       echo htmlspecialchars($this->currentComment['user'],ENT_QUOTES);
                 }
         }
author	kmorimatsu <kmorimatsu@1ca29b6e-896d-4ea0-84a5-967f57386b96>
	Tue, 15 Mar 2011 02:01:25 +0000 (02:01 +0000)
committer	kmorimatsu <kmorimatsu@1ca29b6e-896d-4ea0-84a5-967f57386b96>
	Tue, 15 Mar 2011 02:01:25 +0000 (02:01 +0000)