search

biow0lf / evedev-kb

Automatically exported from code.google.com/p/evedev-kb
1 stars 0 forks source link

small bug in class.comments.php #192

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Post a comment with a < or > in it, for example, a copy/paste of local.

What is the expected output? What do you see instead?
Katrinya > nerf tornadoes, lol
Katrinya &gt. nerf tornadoes, lol

What version of the board are you using? 
4

Please provide any additional information below.

class.comments.php, function getComments()

Change line:
'comment' => stripslashes($row['comment']),
...to...
'comment' => html_entity_decode( stripslashes($row['comment'])), 

This is because when you create the comment entry below, you very reasonably 
addslashes() AND htmlspecialcharacters().

Original issue reported on code.google.com by jjl...@gmail.com on 15 Dec 2011 at 9:05

GoogleCodeExporter commented 9 years ago 
I've removed most of the slashes, which were to protect the sql in ways not 
needed for some time. Instead of the html_entity_decode I removed the & to & 
conversion in the lines above.

Original comment by kovellia on 15 Dec 2011 at 11:26

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision 645e5df180d3.

Original comment by kovellia on 16 Dec 2011 at 12:06