diff options
author | Andrew Dolgov <[email protected]> | 2012-10-22 01:22:44 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2012-10-22 01:22:44 +0400 |
commit | 6e577ba15715cb3ccb9c54bd4e13f3f9ff2c3563 (patch) | |
tree | d3d83cc5f320332fb42abeaf64cdce98983f8647 /include | |
parent | 5c5689734955ced9ca81690ad9c1b76b71a8712a (diff) |
properly escape comment links
Diffstat (limited to 'include')
-rw-r--r-- | include/functions.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/include/functions.php b/include/functions.php index f37578ba3..2fb14097f 100644 --- a/include/functions.php +++ b/include/functions.php @@ -3352,14 +3352,14 @@ if ($num_comments > 0) { if ($line["comments"]) { - $comments_url = $line["comments"]; + $comments_url = htmlspecialchars($line["comments"]); } else { - $comments_url = $line["link"]; + $comments_url = htmlspecialchars($line["link"]); } $entry_comments = "<a target='_blank' href=\"$comments_url\">$num_comments comments</a>"; } else { if ($line["comments"] && $line["link"] != $line["comments"]) { - $entry_comments = "<a target='_blank' href=\"".$line["comments"]."\">comments</a>"; + $entry_comments = "<a target='_blank' href=\"".htmlspecialchars($line["comments"])."\">comments</a>"; } } |