SECURITY: Comments: fix poor sanitization of subject on initial submit
authorDan
Fri, 21 Aug 2009 11:50:22 -0400
changeset 330 acf430dc25e7
parent 329 e48b1937dfc3
child 331 f0eee185880a
SECURITY: Comments: fix poor sanitization of subject on initial submit
includes/comment.php
--- a/includes/comment.php	Sat Mar 21 18:58:41 2009 -0400
+++ b/includes/comment.php	Fri Aug 21 11:50:22 2009 -0400
@@ -289,6 +289,7 @@
           $subj = htmlspecialchars($data['subj']);
           $text = RenderMan::preprocess_text($data['text'], true, false);
           $src = $text;
+          $sql_subj = $db->escape($subj);
           $sql_text = $db->escape($text);
           $text = RenderMan::render($text);
           $appr = ( getConfig('approve_comments') == '1' ) ? '0' : '1';
@@ -297,7 +298,7 @@
           
           // Send it to the database
           $q = $db->sql_query('INSERT INTO '.table_prefix.'comments(page_id,namespace,name,subject,comment_data,approved, time, user_id) VALUES' .
-                              "('$this->page_id', '$this->namespace', '$name', '$subj', '$sql_text', $appr, $time, $session->user_id);");
+                              "('$this->page_id', '$this->namespace', '$name', '$sql_subj', '$sql_text', $appr, $time, $session->user_id);");
           if(!$q)
             $db->die_json();