Commit 852c4741353ee65c68e8176d1668a4bfd2f90764
1 parent
b87b5682
KTS-2178
"cross site scripting" Updated. Reviewed By: Kevin Fourie git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6931 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
8 additions
and
8 deletions
templates/ktstandard/action/discussion_comment_list_item.smarty
| @@ -5,16 +5,16 @@ | @@ -5,16 +5,16 @@ | ||
| 5 | {else} | 5 | {else} |
| 6 | <dl class="kt-discussion-comment odd-comment"> | 6 | <dl class="kt-discussion-comment odd-comment"> |
| 7 | {/if} | 7 | {/if} |
| 8 | - | ||
| 9 | - <dt>{i18n arg_subject=$comment->getSubject() arg_author=$creator->getName() arg_date=$comment->getDate()} | ||
| 10 | - <span class="subject">#subject#</span> | 8 | + |
| 9 | + <dt> | ||
| 10 | + <span class="subject">{$comment->getSubject()|sanitize_input}</span> | ||
| 11 | by | 11 | by |
| 12 | - <span class="author">#author#</span> | ||
| 13 | - <span class="date">(#date#)</span> | ||
| 14 | - {/i18n} | 12 | + <span class="author">{$creator->getName()}</span> |
| 13 | + <span class="date">({$comment->getDate()})</span> | ||
| 14 | + | ||
| 15 | </dt> | 15 | </dt> |
| 16 | - | ||
| 17 | - <dd>{$comment->getBody()}</dd> | 16 | + |
| 17 | + <dd>{$comment->getBody()|sanitize_input}</dd> | ||
| 18 | 18 | ||
| 19 | </dl> | 19 | </dl> |
| 20 | 20 |