onokazu
onoka****@users*****
2005年 10月 25日 (火) 11:57:28 JST
Index: xoops2jp/html/modules/system/blocks/system_blocks.php
diff -u xoops2jp/html/modules/system/blocks/system_blocks.php:1.6 xoops2jp/html/modules/system/blocks/system_blocks.php:1.7
--- xoops2jp/html/modules/system/blocks/system_blocks.php:1.6 Mon Sep 5 05:46:12 2005
+++ xoops2jp/html/modules/system/blocks/system_blocks.php Tue Oct 25 11:57:28 2005
@@ -1,5 +1,5 @@
<?php
-// $Id: system_blocks.php,v 1.6 2005/09/04 20:46:12 onokazu Exp $
+// $Id: system_blocks.php,v 1.7 2005/10/25 02:57:28 onokazu Exp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
@@ -344,7 +344,7 @@
}
$com['id'] = $i;
$com['title'] = '<a href="'.XOOPS_URL.'/modules/'.$modules[$mid]->getVar('dirname').'/'.$comment_config[$mid]['pageName'].'?'.$comment_config[$mid]['itemName'].'='.$comments[$i]->getVar('com_itemid').'&com_id='.$i.'&com_rootid='.$comments[$i]->getVar('com_rootid').'&'.htmlspecialchars($comments[$i]->getVar('com_exparams')).'#comment'.$i.'">'.$comments[$i]->getVar('com_title').'</a>';
- $com['icon'] = $comments[$i]->getVar('com_icon');
+ $com['icon'] = htmlspecialchars($comments[$i]->getVar('com_icon'), ENT_QUOTES);
$com['icon'] = ($com['icon'] != '') ? $com['icon'] : 'icon1.gif';
$com['time'] = formatTimestamp($comments[$i]->getVar('com_created'),'m');
if ($comments[$i]->getVar('com_uid') > 0) {