From f70bd09d2de2e429a68832018e01c178bc0b6f09 Mon Sep 17 00:00:00 2001
From: Alberto Bertogli <albertito@blitiri.com.ar>
Date: Sat, 6 Sep 2008 11:46:24 -0300
Subject: [PATCH 1/1] Use the vars' version when building the comment link

Otherwise, the object versions won't be sanitize()d, and can contain
malicious code.

Signed-off-by: Alberto Bertogli <albertito@blitiri.com.ar>
---
 blitiri.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/blitiri.cgi b/blitiri.cgi
index 8ce4298..60c86ea 100755
--- a/blitiri.cgi
+++ b/blitiri.cgi
@@ -615,9 +615,9 @@ class Templates (object):
 		vars = comment.to_vars()
 		if comment.link:
 			vars['linked_author'] = '<a href="%s">%s</a>' \
-					% (comment.link, comment.author)
+					% (vars['link'], vars['author'])
 		else:
-			vars['linked_author'] = comment.author
+			vars['linked_author'] = vars['author']
 		return self.get_template(
 			'com_header', default_comment_header, vars)
 
-- 
2.43.0