diff options
| author | Andrew Dolgov <[email protected]> | 2012-10-22 01:22:44 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2012-10-22 01:22:44 +0400 |
| commit | 6e577ba15715cb3ccb9c54bd4e13f3f9ff2c3563 (patch) | |
| tree | d3d83cc5f320332fb42abeaf64cdce98983f8647 /classes/feeds.php | |
| parent | 5c5689734955ced9ca81690ad9c1b76b71a8712a (diff) | |
properly escape comment links
Diffstat (limited to 'classes/feeds.php')
| -rw-r--r-- | classes/feeds.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/classes/feeds.php b/classes/feeds.php index 5280502c4..836bbb060 100644 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -633,14 +633,14 @@ class Feeds extends Handler_Protected { if ($num_comments > 0) {
if ($line["comments"]) {
- $comments_url = $line["comments"];
+ $comments_url = htmlspecialchars($line["comments"]);
} else {
- $comments_url = $line["link"];
+ $comments_url = htmlspecialchars($line["link"]);
}
$entry_comments = "<a target='_blank' href=\"$comments_url\">$num_comments comments</a>";
} else {
if ($line["comments"] && $line["link"] != $line["comments"]) {
- $entry_comments = "<a target='_blank' href=\"".$line["comments"]."\">comments</a>";
+ $entry_comments = "<a target='_blank' href=\"".htmlspecialchars($line["comments"])."\">comments</a>";
}
}
|