* Fixes escaping of comments in the new backend pane to prevent
XSS. Thanks to Steffen Röemann for reporting!
This commit is contained in:
garvinhicking
@ -39,9 +39,9 @@
|
||||
{if is_array($comments)}
|
||||
{foreach $comments as $comment}
|
||||
<li class="clearfix"><b>{$comment.author|escape|truncate:30:"…"} {$CONST.IN} <a href="{$comment.entrylink}" title="Comment to {$comment.title}">#{$comment.id}</a></b>
|
||||
<div class="comment_summary">{$comment.body|truncate:100:"…"}</div>
|
||||
<div class="comment_summary">{$comment.body|escape|truncate:100:"…"}</div>
|
||||
|
||||
<div id="c{$comment.id}_full" class="comment_full additional_info">{$comment.fullBody}</div>
|
||||
<div id="c{$comment.id}_full" class="comment_full additional_info">{$comment.fullBody|escape}</div>
|
||||
|
||||
<ul class="plainList actions">
|
||||
<li><a class="button_link" href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=edit&serendipity[id]={$comment.id}&serendipity[entry_id]={$comment.entry_id}&{$urltoken}" title="{$CONST.EDIT}"><span class="icon-edit"></span><span class="visuallyhidden"> {$CONST.EDIT}</span></a></li>
|
||||
|
||||
Reference in New Issue
Block a user