From f4311d6999688a97e69368017d511cd13e4b7c1f Mon Sep 17 00:00:00 2001 From: Dylan Lloyd Date: Mon, 12 Dec 2011 11:58:05 -0500 Subject: [PATCH] Fixed double comment sanitation. Now ONLY sanitizing output. Input is safe for mysql with bound parameters. --- index.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/index.php b/index.php index 88f82d2..485b063 100644 --- a/index.php +++ b/index.php @@ -435,8 +435,8 @@ class note extends cms { // and a default author needs to be set // for no-javascript users. $stmt->bind_param('sss', - htmlspecialchars($_POST['name']), - htmlspecialchars($_POST['text']), + $_POST['name'], + $_POST['text'], $this->id); $stmt->execute(); } @@ -491,7 +491,7 @@ END_OF_NAVIGATION; $date_posted = $entry['date_posted']; $author = $entry['author']; $text = htmlspecialchars($entry['text']); - $head = "

$author

"; + $head = "

" . htmlspecialchars($author) . "

"; echo << $head -- 2.30.2