From bea964e5174636e88ce70aadc01ef5774d665a89 Mon Sep 17 00:00:00 2001
From: real_nowhereman <real_nowhereman@aa359531-4221-0410-9edc-b0b45c38dadb>
Date: Sun, 5 Sep 2010 13:14:51 +0000
Subject: [PATCH] avoid rather nasty potential XSS vulnerability

---
 comments.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/comments.php b/comments.php
index 1f2c573..b39a00b 100644
--- a/comments.php
+++ b/comments.php
@@ -97,8 +97,8 @@
 				$name 	= $user['userid'];
 			} else {
 
-				$name 	= trim(stripslashes(@$_POST['name']));
-				$email 	= isset($_POST['email'])? trim($_POST['email']) : null;
+				$name 	= trim(htmlspecialchars(@$_POST['name']));
+				$email 	= isset($_POST['email'])? trim(htmlspecialchars($_POST['email'])) : null;
 				$url 	= isset($_POST['url'])? trim(stripslashes(htmlspecialchars($_POST['url']))) : null;
 				
 				/*