use htmlspecialchars to escape authorname

author Dylan Lloyd <dylan@dylansserver.com>

Wed, 13 Feb 2013 08:50:54 +0000 (03:50 -0500)

committer Dylan Lloyd <dylan@dylansserver.com>

Wed, 13 Feb 2013 08:50:54 +0000 (03:50 -0500)
author Dylan Lloyd <dylan@dylansserver.com>
Wed, 13 Feb 2013 08:50:54 +0000 (03:50 -0500)
committer Dylan Lloyd <dylan@dylansserver.com>
Wed, 13 Feb 2013 08:50:54 +0000 (03:50 -0500)
diff --git a/model/note.php b/model/note.php

index 8e863f1..f0c54cb 100644 (file)
--- a/model/note.php
+++ b/model/note.php
@@ -85,11 +85,11 @@ class note extends model {
      $i = 0;
      foreach ($result as $row => $entry) {
        $this->comment[$i]['date_posted'] = $entry['date_posted'];
-      $this->comment[$i]['author']  = $entry['author'];
+      $this->comment[$i]['author']  = htmlspecialchars($entry['author']);
        $this->comment[$i]['text'] = htmlspecialchars($entry['text']);
-      $this->comment[$i]['head'] = "<h3>" . htmlspecialchars($author) . "</h3>";
        $i++;
      }
+    require_once('view/comment.php');
    }
  
    public function display_comment_form() {
author	Dylan Lloyd <dylan@dylansserver.com>
	Wed, 13 Feb 2013 08:50:54 +0000 (03:50 -0500)
committer	Dylan Lloyd <dylan@dylansserver.com>
	Wed, 13 Feb 2013 08:50:54 +0000 (03:50 -0500)