From 65381ba8c5da25f5bbced36e4fa853dfae3752ca Mon Sep 17 00:00:00 2001 From: rboren Date: Sun, 6 Feb 2005 19:02:10 +0000 Subject: [PATCH] Addslashes to user data before inserting in DB. git-svn-id: http://svn.automattic.com/wordpress/trunk@2231 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-comments-post.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wp-comments-post.php b/wp-comments-post.php index 90494605dc..bd1a7d0f20 100644 --- a/wp-comments-post.php +++ b/wp-comments-post.php @@ -21,9 +21,9 @@ $comment_content = $_POST['comment']; // If the user is logged in get_currentuserinfo(); if ( $user_ID ) : - $comment_author = $user_identity; - $comment_author_email = $user_email; - $comment_author_url = str_replace('http://', '', $user_url); + $comment_author = addslashes($user_identity); + $comment_author_email = addslashes($user_email); + $comment_author_url = addslashes(str_replace('http://', '', $user_url)); else : if ( get_option('comment_registration') ) die( __('Sorry, you must be logged in to post a comment.') );