From 264217f318a8852c4f3e34350d4a0e1363cdd727 Mon Sep 17 00:00:00 2001
From: azett <githubregistrierung@azett.com>
Date: Sun, 8 Jan 2023 13:04:12 +0100
Subject: [PATCH] Fixes #186, possible XSS in comments

---
 fp-includes/core/core.comment.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/fp-includes/core/core.comment.php b/fp-includes/core/core.comment.php
index a4d0f97..dcb46a8 100755
--- a/fp-includes/core/core.comment.php
+++ b/fp-includes/core/core.comment.php
@@ -73,12 +73,14 @@ function comment_exists($entryid, $id) {
 }
 
 function comment_clean(&$arr) {
-	$arr ['name'] = apply_filters('pre_comment_author_name', stripslashes($arr ['name']));
-	if (isset($arr ['email']))
-		$arr ['email'] = apply_filters('pre_comment_author_email', $arr ['email']);
-	if (isset($arr ['url']))
-		$arr ['url'] = apply_filters('pre_comment_author_url', $arr ['url']);
-	$arr ['content'] = apply_filters('pre_comment_content', $arr ['content']);
+	$arr ['name'] = strip_tags(apply_filters('pre_comment_author_name', stripslashes($arr ['name'])));
+	if (isset($arr ['email'])) {
+		$arr ['email'] = strip_tags(apply_filters('pre_comment_author_email', $arr ['email']));
+	}
+	if (isset($arr ['url'])) {
+		$arr ['url'] = strip_tags(apply_filters('pre_comment_author_url', $arr ['url']));
+	}
+	$arr ['content'] = strip_tags(apply_filters('pre_comment_content', $arr ['content']));
 	return $arr;
 }