gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-12 12:41:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

run comment through htmlspecialchars() if markdown parsing is enabled

Browse Source
This commit is contained in:
Uwe Steinmann 2023-04-22 19:41:41 +02:00
parent 511492fb5c
commit 28174e3a33
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
views/bootstrap/class.ViewDocument.php
View File

@ -421,7 +421,7 @@ $(document).ready( function() {
if($document->getComment()) { if($document->getComment()) {
if($settings->_markdownComments) { if($settings->_markdownComments) {
$Parsedown = new Parsedown(); $Parsedown = new Parsedown();
$comment = $Parsedown->text($document->getComment()); $comment = $Parsedown->text(htmlspecialchars($document->getComment()));
} else { } else {
$comment = htmlspecialchars($document->getComment()); $comment = htmlspecialchars($document->getComment());
} }
@ -773,7 +773,7 @@ $(document).ready( function() {
if($latestContent->getComment()) if($latestContent->getComment())
if($settings->_markdownComments) { if($settings->_markdownComments) {
$Parsedown = new Parsedown(); $Parsedown = new Parsedown();
$comment = $Parsedown->text($latestContent->getComment()); $comment = $Parsedown->text(htmlspecialchars($latestContent->getComment()));
print "<div class=\"content-comment\">".$comment."</div>"; print "<div class=\"content-comment\">".$comment."</div>";
} else { } else {
$comment = htmlspecialchars($latestContent->getComment()); $comment = htmlspecialchars($latestContent->getComment());