iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merged revision(s) 26916 from trunk:

Browse Source 
bug 3029: XSS on website_url comment form 

git-svn-id: http://piwigo.org/svn/branches/2.6@26919 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
mistic100
2014-01-23 11:08:22 +00:00
parent d5b3d5dabd
commit 9f266381db
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/functions_comment.inc.php
View File

@@ -147,6 +147,7 @@ SELECT COUNT(*) AS user_exists
// website
if (!empty($comm['website_url']))
{
$comm['website_url'] = strip_tags($comm['website_url']);
if (!preg_match('/^https?/i', $comm['website_url']))
{
$comm['website_url'] = 'http://'.$comm['website_url'];
@@ -351,6 +352,7 @@ function update_user_comment($comment, $post_key)
// website
if (!empty($comment['website_url']))
{
$comm['website_url'] = strip_tags($comm['website_url']);
if (!preg_match('/^https?/i', $comment['website_url']))
{
$comment['website_url'] = 'http://'.$comment['website_url'];