aboutsummaryrefslogtreecommitdiff
path: root/ratatoeskr/frontend.php
diff options
context:
space:
mode:
authorLaria Carolin Chabowski <laria@laria.me>2020-09-25 22:26:52 +0200
committerLaria Carolin Chabowski <laria@laria.me>2020-09-25 22:26:52 +0200
commit854fef47192b45517d112e630fe2afa830432253 (patch)
tree0d6e08df7491d288937e276dec030f5e572cea7b /ratatoeskr/frontend.php
parent3de03d4f83817e59c1be4bc361fee8eca781789b (diff)
downloadratatoeskr-cms-854fef47192b45517d112e630fe2afa830432253.tar.gz
ratatoeskr-cms-854fef47192b45517d112e630fe2afa830432253.tar.bz2
ratatoeskr-cms-854fef47192b45517d112e630fe2afa830432253.zip
Cast POSTed data into strings before passing it into Esc::esc
Diffstat (limited to 'ratatoeskr/frontend.php')
-rw-r--r--ratatoeskr/frontend.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/ratatoeskr/frontend.php b/ratatoeskr/frontend.php
index f49e61e..0bac1e4 100644
--- a/ratatoeskr/frontend.php
+++ b/ratatoeskr/frontend.php
@@ -454,9 +454,9 @@ $ste->register_tag("comment_form", function ($ste, $params, $sub) {
$previewbtn = $ste->evalbool(@$params["previewbtn"]) ? " <input type=\"submit\" name=\"preview_comment\" value=\"{$translation["comment_form_preview"]}\" />" : "";
if ($ste->evalbool(@$params["default"])) {
- $form_body = "<p>{$translation["comment_form_name"]}: <input type=\"text\" name=\"author_name\" value=\"" . Esc::esc(@$_POST["author_name"]) . "\" /></p>
-<p>{$translation["comment_form_mail"]}: <input type=\"text\" name=\"author_mail\" value=\"" . Esc::esc(@$_POST["author_mail"]) . "\" /></p>
-<p>{$translation["comment_form_text"]}:<br /><textarea name=\"comment_text\" cols=\"50\" rows=\"10\">" . Esc::esc(@$_POST["comment_text"]) . "</textarea></p>
+ $form_body = "<p>{$translation["comment_form_name"]}: <input type=\"text\" name=\"author_name\" value=\"" . Esc::esc((string)$_POST["author_name"] ?? '') . "\" /></p>
+<p>{$translation["comment_form_mail"]}: <input type=\"text\" name=\"author_mail\" value=\"" . Esc::esc((string)$_POST["author_mail"] ?? '') . "\" /></p>
+<p>{$translation["comment_form_text"]}:<br /><textarea name=\"comment_text\" cols=\"50\" rows=\"10\">" . Esc::esc((string)@$_POST["comment_text"] ?? '') . "</textarea></p>
<p><input type=\"submit\" name=\"post_comment\" value=\"{$translation["comment_form_submit"]}\" />$previewbtn</p>";
} else {
$ste->vars["current"]["oldcomment"] = [