From 60bcda3564dd3e2f9d74a0980b95290f373e6817 Mon Sep 17 00:00:00 2001
From: rub <rub@piwigo.org>
Date: Wed, 3 Jan 2007 23:28:09 +0000
Subject: Fixed: HTML vulnerability (Cross Site Scripting)

git-svn-id: http://piwigo.org/svn/trunk@1696 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 comments.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'comments.php')

diff --git a/comments.php b/comments.php
index 771d23ea7..5f043d58c 100644
--- a/comments.php
+++ b/comments.php
@@ -193,8 +193,8 @@ $template->assign_vars(
     'L_COMMENT_TITLE' => $title,
 
     'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
-    'F_KEYWORD'=>@$_GET['keyword'],
-    'F_AUTHOR'=>@$_GET['author'],
+    'F_KEYWORD'=>@htmlentities($_GET['keyword']),
+    'F_AUTHOR'=>@htmlentities($_GET['author']),
 
     'U_HOME' => make_index_url(),
     )
-- 
cgit v1.2.3