From: Dylan Lloyd Date: Mon, 12 Dec 2011 16:58:05 +0000 (-0500) Subject: Fixed double comment sanitation. X-Git-Url: https://disinclined.org/git/?a=commitdiff_plain;h=f4311d6999688a97e69368017d511cd13e4b7c1f;p=dylansserver.git Fixed double comment sanitation. Now ONLY sanitizing output. Input is safe for mysql with bound parameters. --- diff --git a/index.php b/index.php index 88f82d2..485b063 100644 --- a/index.php +++ b/index.php @@ -435,8 +435,8 @@ class note extends cms { // and a default author needs to be set // for no-javascript users. $stmt->bind_param('sss', - htmlspecialchars($_POST['name']), - htmlspecialchars($_POST['text']), + $_POST['name'], + $_POST['text'], $this->id); $stmt->execute(); } @@ -491,7 +491,7 @@ END_OF_NAVIGATION; $date_posted = $entry['date_posted']; $author = $entry['author']; $text = htmlspecialchars($entry['text']); - $head = "

$author

"; + $head = "

" . htmlspecialchars($author) . "

"; echo << $head