Issue #14 : XSS fix

2014-03-06 10:00:57 +01:00 · 2014-03-06 10:00:57 +01:00 · 924668fe2c
commit 924668fe2c
parent 109664842b
1 changed files with 2 additions and 1 deletions
--- a/fp-interface/sharedtpls/comment-form.tpl
+++ b/fp-interface/sharedtpls/comment-form.tpl
@ -33,6 +33,7 @@
 		<label class="textlabel" for="url">{$lang.comments.www}</label>
 		</p>
 		
+		{* do action *}
 		{comment_form}
 		
 	</div>
@ -42,7 +43,7 @@
 	
 	<div class="comment-content">
 			<p><textarea name="content" {$error.content|notempty:'class="field-error"'}
-			id="content" rows="10" cols="74">{$values.content}</textarea></p>
+			id="content" rows="10" cols="74">{$values.content|wp_specialchars:1}</textarea></p>
 			{*here will go a plugin hook*}
 	</div>