From: Alberto Bertogli <albertito@blitiri.com.ar>
Date: Sat, 6 Sep 2008 14:46:24 +0000 (-0300)
Subject: Use the vars' version when building the comment link
X-Git-Url: https://git.llucax.com/software/blitiri.git/commitdiff_plain/f70bd09d2de2e429a68832018e01c178bc0b6f09?ds=sidebyside;hp=2b64be9dc6ae52efdbc2beaf76b87c747857c4a1

Use the vars' version when building the comment link

Otherwise, the object versions won't be sanitize()d, and can contain
malicious code.

Signed-off-by: Alberto Bertogli <albertito@blitiri.com.ar>
---

diff --git a/blitiri.cgi b/blitiri.cgi
index 8ce4298..60c86ea 100755
--- a/blitiri.cgi
+++ b/blitiri.cgi
@@ -615,9 +615,9 @@ class Templates (object):
 		vars = comment.to_vars()
 		if comment.link:
 			vars['linked_author'] = '<a href="%s">%s</a>' \
-					% (comment.link, comment.author)
+					% (vars['link'], vars['author'])
 		else:
-			vars['linked_author'] = comment.author
+			vars['linked_author'] = vars['author']
 		return self.get_template(
 			'com_header', default_comment_header, vars)