From 57f5cf48d68af25b7bc15ca45cc0f0eb46602cba Mon Sep 17 00:00:00 2001 From: Garvin Hicking Date: Thu, 26 Oct 2006 09:46:53 +0000 Subject: [PATCH] Preview correction --- include/admin/comments.inc.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/include/admin/comments.inc.php b/include/admin/comments.inc.php index 44f10ccd..b481f106 100644 --- a/include/admin/comments.inc.php +++ b/include/admin/comments.inc.php @@ -170,7 +170,7 @@ $filters = array('author', 'email', 'ip', 'url', 'body', 'referer'); /* Compress the filters into an "AND" SQL query, and a querystring */ foreach ($filters as $filter) { $and .= (!empty($serendipity['GET']['filter'][$filter]) ? "AND c.". $filter ." LIKE '%". serendipity_db_escape_string($serendipity['GET']['filter'][$filter]) ."%'" : ""); - $searchString .= (!empty($serendipity['GET']['filter'][$filter]) ? "&serendipity[filter][". $filter ."]=". $serendipity['GET']['filter'][$filter] : ""); + $searchString .= (!empty($serendipity['GET']['filter'][$filter]) ? "&serendipity[filter][". $filter ."]=". htmlspecialchars($serendipity['GET']['filter'][$filter]) : ""); } if ($serendipity['GET']['filter']['show'] == 'approved') { @@ -277,19 +277,19 @@ function highlightComment(id, checkvalue) { : - + : - + : - + IP: - + : - + : - + :