# HG changeset patch
# User Dan
# Date 1250869822 14400
# Node ID acf430dc25e79ba85e3d6c7fc8575043c0638e86
# Parent  e48b1937dfc3f2ed2f9ad4a0b63b9edb972165a8
SECURITY: Comments: fix poor sanitization of subject on initial submit

diff -r e48b1937dfc3 -r acf430dc25e7 includes/comment.php
--- a/includes/comment.php	Sat Mar 21 18:58:41 2009 -0400
+++ b/includes/comment.php	Fri Aug 21 11:50:22 2009 -0400
@@ -289,6 +289,7 @@
           $subj = htmlspecialchars($data['subj']);
           $text = RenderMan::preprocess_text($data['text'], true, false);
           $src = $text;
+          $sql_subj = $db->escape($subj);
           $sql_text = $db->escape($text);
           $text = RenderMan::render($text);
           $appr = ( getConfig('approve_comments') == '1' ) ? '0' : '1';
@@ -297,7 +298,7 @@
           
           // Send it to the database
           $q = $db->sql_query('INSERT INTO '.table_prefix.'comments(page_id,namespace,name,subject,comment_data,approved, time, user_id) VALUES' .
-                              "('$this->page_id', '$this->namespace', '$name', '$subj', '$sql_text', $appr, $time, $session->user_id);");
+                              "('$this->page_id', '$this->namespace', '$name', '$sql_subj', '$sql_text', $appr, $time, $session->user_id);");
           if(!$q)
             $db->die_json();