From 708f27f483d70660446ea2132b02cb7b39225f98 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sun, 31 May 2009 00:11:48 -0700
Subject: Run p::clean() on any variables that contain data entered by users.

---
 modules/comment/views/admin_block_recent_comments.html.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'modules/comment/views/admin_block_recent_comments.html.php')

diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php
index d7b8d2b0..d5aab84c 100644
--- a/modules/comment/views/admin_block_recent_comments.html.php
+++ b/modules/comment/views/admin_block_recent_comments.html.php
@@ -4,13 +4,13 @@
   <li class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>">
     <img src="<?= $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) ?>"
          class="gAvatar"
-         alt="<?= $comment->author_name() ?>"
+         alt="<?= p::clean($comment->author_name()) ?>"
          width="32"
          height="32" />
     <?= date("Y-M-d H:i:s", $comment->created) ?>
     <?= t("<a href=#>%author_name</a> said <em>%comment_text</em>",
-          array("author_name" => $comment->author_name(),
-                "comment_text" => text::limit_words($comment->text, 50))); ?>
+        array("author_name" => p::clean($comment->author_name()),
+                "comment_text" => text::limit_words(p::clean($comment->text), 50))); ?>
   </li>
   <? endforeach ?>
 </ul>
-- 
cgit v1.2.3