Fixes #186, possible XSS in comments

2023-01-08 13:04:12 +01:00 · 2023-01-08 13:04:12 +01:00 · 264217f318
commit 264217f318
parent 8c79821e9e
1 changed files with 8 additions and 6 deletions
--- a/fp-includes/core/core.comment.php
+++ b/fp-includes/core/core.comment.php
@ -73,12 +73,14 @@ function comment_exists($entryid, $id) {
 }
 function comment_clean(&$arr) {
-	$arr ['name'] = apply_filters('pre_comment_author_name', stripslashes($arr ['name']));
+	$arr ['name'] = strip_tags(apply_filters('pre_comment_author_name', stripslashes($arr ['name'])));
-	if (isset($arr ['email']))
+	if (isset($arr ['email'])) {
-		$arr ['email'] = apply_filters('pre_comment_author_email', $arr ['email']);
+		$arr ['email'] = strip_tags(apply_filters('pre_comment_author_email', $arr ['email']));
-	if (isset($arr ['url']))
+	}
-		$arr ['url'] = apply_filters('pre_comment_author_url', $arr ['url']);
+	if (isset($arr ['url'])) {
-	$arr ['content'] = apply_filters('pre_comment_content', $arr ['content']);
+		$arr ['url'] = strip_tags(apply_filters('pre_comment_author_url', $arr ['url']));
 	}
 	$arr ['content'] = strip_tags(apply_filters('pre_comment_content', $arr ['content']));
 	return $arr;
 }