diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php index 18e86394c..0a64b1c06 100644 --- a/modules/comment/comment.controller.php +++ b/modules/comment/comment.controller.php @@ -266,9 +266,13 @@ class commentController extends comment return new Object(-1, 'msg_invalid_request'); } - if($obj->homepage && !preg_match('/^[a-z]+:\/\//i', $obj->homepage)) + if($obj->homepage) { - $obj->homepage = 'http://' . $obj->homepage; + $obj->homepage = removeHackTag($obj->homepage); + if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage)) + { + $obj->homepage = 'http://'.$obj->homepage; + } } // input the member's information if logged-in @@ -655,9 +659,13 @@ class commentController extends comment $obj->password = md5($obj->password); } - if($obj->homepage && !preg_match('/^[a-z]+:\/\//i', $obj->homepage)) + if($obj->homepage) { - $obj->homepage = 'http://' . $obj->homepage; + $obj->homepage = removeHackTag($obj->homepage); + if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage)) + { + $obj->homepage = 'http://'.$obj->homepage; + } } // set modifier's information if logged-in and posting author and modifier are matched. diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php index 7e3f9e74a..3c8f0e9dd 100644 --- a/modules/document/document.controller.php +++ b/modules/document/document.controller.php @@ -398,7 +398,15 @@ class documentController extends document if(!$obj->commentStatus) $obj->commentStatus = 'DENY'; if($obj->commentStatus == 'DENY') $this->_checkCommentStatusForOldVersion($obj); if($obj->allow_trackback!='Y') $obj->allow_trackback = 'N'; - if($obj->homepage && !preg_match('/^[a-z]+:\/\//i',$obj->homepage)) $obj->homepage = 'http://'.$obj->homepage; + if($obj->homepage) + { + $obj->homepage = removeHackTag($obj->homepage); + if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage)) + { + $obj->homepage = 'http://'.$obj->homepage; + } + } + if($obj->notify_message != 'Y') $obj->notify_message = 'N'; // can modify regdate only manager