From 924668fe2c263ad540d60514ea30d17e53ad113c Mon Sep 17 00:00:00 2001
From: Edoardo Vacchi <uncommonnonsense@gmail.com>
Date: Thu, 6 Mar 2014 10:00:57 +0100
Subject: [PATCH] Issue #14 : XSS fix

---
 fp-interface/sharedtpls/comment-form.tpl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fp-interface/sharedtpls/comment-form.tpl b/fp-interface/sharedtpls/comment-form.tpl
index ff667f1..7fd352e 100644
--- a/fp-interface/sharedtpls/comment-form.tpl
+++ b/fp-interface/sharedtpls/comment-form.tpl
@@ -33,6 +33,7 @@
 		<label class="textlabel" for="url">{$lang.comments.www}</label>
 		</p>
 		
+		{* do action *}
 		{comment_form}
 		
 	</div>
@@ -42,7 +43,7 @@
 	
 	<div class="comment-content">
 			<p><textarea name="content" {$error.content|notempty:'class="field-error"'}
-			id="content" rows="10" cols="74">{$values.content}</textarea></p>
+			id="content" rows="10" cols="74">{$values.content|wp_specialchars:1}</textarea></p>
 			{*here will go a plugin hook*}
 	</div>