Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix XSS lastcomments plugin http://www.exploit-db.com/exploits/12034

Browse Source
This commit is contained in:
real_nowhereman 2010-04-04 08:37:33 +00:00
parent d25c3ca1e6
commit 6818c2854e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fp-plugins/lastcomments/plugin.lastcomments.php
View File

@ -49,6 +49,8 @@ function plugin_lastcomments_widget() {
continue; continue;
} }
comment_clean($arr);
$content .= $content .=
"<li> "<li>
<blockquote class=\"comment-quote\" cite=\"comments.php?entry={$arr['entry']}#{$arr['id']}\"> <blockquote class=\"comment-quote\" cite=\"comments.php?entry={$arr['entry']}#{$arr['id']}\">