From 708f27f483d70660446ea2132b02cb7b39225f98 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sun, 31 May 2009 00:11:48 -0700
Subject: Run p::clean() on any variables that contain data entered by users.

---
 modules/comment/views/comments.html.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'modules/comment/views/comments.html.php')

diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php
index 25928ab5..95f07baf 100644
--- a/modules/comment/views/comments.html.php
+++ b/modules/comment/views/comments.html.php
@@ -12,16 +12,16 @@
       <a href="#">
         <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
              class="gAvatar"
-             alt="<?= $comment->author_name() ?>"
+             alt="<?= p::clean($comment->author_name()) ?>"
              width="40"
              height="40" />
       </a>
       <?= t("on %date <a href=#>%name</a> said",
             array("date" => date("Y-M-d H:i:s", $comment->created),
-                  "name" => $comment->author_name())); ?>
+                  "name" => p::clean($comment->author_name()))); ?>
     </p>
     <div>
-      <?= $comment->text ?>
+      <?= p::clean($comment->text) ?>
     </div>
   </li>
   <? endforeach ?>
-- 
cgit v1.2.3