diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-08-30 21:26:23 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-08-30 21:26:23 -0700 |
| commit | fc294c2777e74ab171709c08eeae1675711add5a (patch) | |
| tree | aec8609d64712a3e946de3cb4bdb847fa681d169 | |
| parent | 0a0c7a78e6333728bad19611cccb095241545cc6 (diff) | |
XSS fixes in admin_comments.html.php
| -rw-r--r-- | modules/comment/views/admin_comments.html.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index 801ce2b3..588c3ebc 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -108,12 +108,12 @@ <a href="#"> <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= html::clean($comment->author_name()) ?>" + alt="<?= html::clean_attribute($comment->author_name()) ?>" width="40" height="40" /> </a> - <p><a href="mailto:<?= html::clean($comment->author_email()) ?>" - title="<?= html::clean($comment->author_email()) ?>"> <?= html::clean($comment->author_name()) ?> </a></p> + <p><a href="mailto:<?= html::clean_attribute($comment->author_email()) ?>" + title="<?= html::clean_attribute($comment->author_email()) ?>"> <?= html::clean($comment->author_name()) ?> </a></p> </td> <td> <div class="right"> |