Merged revision(s) 26916 from trunk:
bug 3029: XSS on website_url comment form git-svn-id: http://piwigo.org/svn/branches/2.5@26920 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
parent
f4089737e0
commit
3e09f3ea83
1 changed files with 2 additions and 0 deletions
|
@ -135,6 +135,7 @@ SELECT COUNT(*) AS user_exists
|
|||
// website
|
||||
if (!empty($comm['website_url']))
|
||||
{
|
||||
$comm['website_url'] = strip_tags($comm['website_url']);
|
||||
if (!preg_match('/^https?/i', $comm['website_url']))
|
||||
{
|
||||
$comm['website_url'] = 'http://'.$comm['website_url'];
|
||||
|
@ -338,6 +339,7 @@ function update_user_comment($comment, $post_key)
|
|||
// website
|
||||
if (!empty($comment['website_url']))
|
||||
{
|
||||
$comm['website_url'] = strip_tags($comm['website_url']);
|
||||
if (!preg_match('/^https?/i', $comment['website_url']))
|
||||
{
|
||||
$comment['website_url'] = 'http://'.$comment['website_url'];
|
||||
|
|
Loading…
Add table
Reference in a new issue