git » blitiri » commit f70bd09

Use the vars' version when building the comment link

author Alberto Bertogli
2008-09-06 14:46:24 UTC
committer Alberto Bertogli
2008-09-06 14:51:39 UTC
parent 2b64be9dc6ae52efdbc2beaf76b87c747857c4a1
Use the vars' version when building the comment link

Otherwise, the object versions won't be sanitize()d, and can contain
malicious code.

Signed-off-by: Alberto Bertogli <albertito@blitiri.com.ar>
blitiri.cgi +2 -2 
diff --git a/blitiri.cgi b/blitiri.cgi
index 8ce4298..60c86ea 100755
--- a/blitiri.cgi
+++ b/blitiri.cgi
@@ -615,9 +615,9 @@ class Templates (object):
 		vars = comment.to_vars()
 		if comment.link:
 			vars['linked_author'] = '<a href="%s">%s</a>' \
-					% (comment.link, comment.author)
+					% (vars['link'], vars['author'])
 		else:
-			vars['linked_author'] = comment.author
+			vars['linked_author'] = vars['author']
 		return self.get_template(
 			'com_header', default_comment_header, vars)