fix XSS lastcomments plugin http://www.exploit-db.com/exploits/12034

2010-04-04 08:37:33 +00:00 · 2010-04-04 08:37:33 +00:00 · 6818c2854e
commit 6818c2854e
parent d25c3ca1e6
1 changed files with 3 additions and 1 deletions
--- a/fp-plugins/lastcomments/plugin.lastcomments.php
+++ b/fp-plugins/lastcomments/plugin.lastcomments.php
@ -49,6 +49,8 @@ function plugin_lastcomments_widget() {
 				continue;
 			}

+			comment_clean($arr);
+			
 			$content .=	
 			"<li>
 			<blockquote class=\"comment-quote\" cite=\"comments.php?entry={$arr['entry']}#{$arr['id']}\">