From: Dylan Lloyd Date: Wed, 13 Feb 2013 08:50:54 +0000 (-0500) Subject: use htmlspecialchars to escape authorname X-Git-Url: https://disinclined.org/git/?a=commitdiff_plain;ds=sidebyside;h=a3778d8897496a7b491b6e51b80f3b8d8598d232;p=dylansserver.git use htmlspecialchars to escape authorname --- diff --git a/model/note.php b/model/note.php index 8e863f1..f0c54cb 100644 --- a/model/note.php +++ b/model/note.php @@ -85,11 +85,11 @@ class note extends model { $i = 0; foreach ($result as $row => $entry) { $this->comment[$i]['date_posted'] = $entry['date_posted']; - $this->comment[$i]['author'] = $entry['author']; + $this->comment[$i]['author'] = htmlspecialchars($entry['author']); $this->comment[$i]['text'] = htmlspecialchars($entry['text']); - $this->comment[$i]['head'] = "

" . htmlspecialchars($author) . "

"; $i++; } + require_once('view/comment.php'); } public function display_comment_form() {