[PHPBB3-6453] missing escaping when quoting posts - phpBB Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Resolution: Fixed
Affects Version/s: 3.0.RC7
Fix Version/s: 3.0.0
Component/s: Posting
Labels:
None
Environment:
PHP Environment:
Database:

phpBB Import Key:
http://www.phpbb.com/bugs/all/ticket.php?ticket_id=15096

Description

In posting.php there is this:

if ($mode == 'quote' && !$submit && !$preview && !$refresh)

	$message_parser->message = '[quote="' . $post_data['quote_username'] . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n";

When quoting a post, this is not escaped properly, it should be ".

Attachments

Activity

People

Assignee:: Meik Sievertsen [X] (Inactive)

Reporter:: Igor Wiedler [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 12/Nov/07 5:30 PM

Updated:: 18/Nov/07 12:25 PM

Resolved:: 18/Nov/07 12:25 PM