From: garvinhicking Date: Thu, 26 Oct 2006 09:46:53 +0000 (+0000) Subject: Preview correction X-Git-Tag: 1.1~62 X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=93aecd60675e92f749e0f5429e18ad1738078262;p=s9y.git Preview correction --- diff --git a/include/admin/comments.inc.php b/include/admin/comments.inc.php index 44f10cc..b481f10 100644 --- a/include/admin/comments.inc.php +++ b/include/admin/comments.inc.php @@ -170,7 +170,7 @@ $filters = array('author', 'email', 'ip', 'url', 'body', 'referer'); /* Compress the filters into an "AND" SQL query, and a querystring */ foreach ($filters as $filter) { $and .= (!empty($serendipity['GET']['filter'][$filter]) ? "AND c.". $filter ." LIKE '%". serendipity_db_escape_string($serendipity['GET']['filter'][$filter]) ."%'" : ""); - $searchString .= (!empty($serendipity['GET']['filter'][$filter]) ? "&serendipity[filter][". $filter ."]=". $serendipity['GET']['filter'][$filter] : ""); + $searchString .= (!empty($serendipity['GET']['filter'][$filter]) ? "&serendipity[filter][". $filter ."]=". htmlspecialchars($serendipity['GET']['filter'][$filter]) : ""); } if ($serendipity['GET']['filter']['show'] == 'approved') { @@ -277,19 +277,19 @@ function highlightComment(id, checkvalue) { : - + : - + : - + IP: - + : - + : - + :