From 61168847ac9b1c952d6762eb0bd382b200e3183f Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Thu, 27 Feb 2020 10:25:00 +0300
Subject: af_comics: escape all template urls

---
 plugins/af_comics/init.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins/af_comics')

diff --git a/plugins/af_comics/init.php b/plugins/af_comics/init.php
index 3a8203428..979cd350c 100755
--- a/plugins/af_comics/init.php
+++ b/plugins/af_comics/init.php
@@ -206,7 +206,7 @@ class Af_Comics extends Plugin {
 						$tpl->setVariable('ARTICLE_CONTENT', "<p> " . $doc->saveHTML($content_node) . "</p>", true);
 
 						$tpl->setVariable('ARTICLE_AUTHOR', '', true);
-						$tpl->setVariable('ARTICLE_SOURCE_LINK', $article_link, true);
+						$tpl->setVariable('ARTICLE_SOURCE_LINK', htmlspecialchars($article_link), true);
 						$tpl->setVariable('ARTICLE_SOURCE_TITLE', "The Far Side", true);
 
 						$tpl->addBlock('entry');
-- 
cgit v1.2.3