XEVE-19-001, XEVE-19-003, XEVE-19-006

xpressengine/xe-core@18ec8078eb
2026-01-07 10:41:40 +09:00 · 2019-05-04 17:36:41 +09:00 · 2019-05-04 17:36:41 +09:00 · 70108f858d
commit 70108f858d
parent 880ae97e31
9 changed files with 86 additions and 25 deletions
--- a/modules/comment/comment.controller.php
+++ b/modules/comment/comment.controller.php
@ -440,7 +440,7 @@ class commentController extends comment

 			if($obj->homepage)
 			{
-				$obj->homepage = removeHackTag($obj->homepage);
+				$obj->homepage = escape($obj->homepage);
 				if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage))
 				{
 					$obj->homepage = 'http://'.$obj->homepage;
@ -803,7 +803,7 @@ class commentController extends comment

 		if($obj->homepage) 
 		{
-			$obj->homepage = removeHackTag($obj->homepage);
+			$obj->homepage = escape($obj->homepage);
 			if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage))
 			{
 				$obj->homepage = 'http://'.$obj->homepage;