disinclined.org
/
git
/
dylansserver.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
376af28
)
use htmlspecialchars to escape authorname
author
Dylan Lloyd
<dylan@dylansserver.com>
Wed, 13 Feb 2013 08:50:54 +0000
(
03:50
-0500)
committer
Dylan Lloyd
<dylan@dylansserver.com>
Wed, 13 Feb 2013 08:50:54 +0000
(
03:50
-0500)
model/note.php
patch
|
blob
|
history
diff --git
a/model/note.php
b/model/note.php
index
8e863f1
..
f0c54cb
100644
(file)
--- a/
model/note.php
+++ b/
model/note.php
@@
-85,11
+85,11
@@
class note extends model {
$i = 0;
foreach ($result as $row => $entry) {
$this->comment[$i]['date_posted'] = $entry['date_posted'];
$i = 0;
foreach ($result as $row => $entry) {
$this->comment[$i]['date_posted'] = $entry['date_posted'];
- $this->comment[$i]['author'] =
$entry['author']
;
+ $this->comment[$i]['author'] =
htmlspecialchars($entry['author'])
;
$this->comment[$i]['text'] = htmlspecialchars($entry['text']);
$this->comment[$i]['text'] = htmlspecialchars($entry['text']);
- $this->comment[$i]['head'] = "<h3>" . htmlspecialchars($author) . "</h3>";
$i++;
}
$i++;
}
+ require_once('view/comment.php');
}
public function display_comment_form() {
}
public function display_comment_form() {