Minahito
minah****@users*****
2005年 12月 30日 (金) 17:28:42 JST
Index: xoops2jp/html/modules/system/admin/comments/main.php diff -u xoops2jp/html/modules/system/admin/comments/main.php:1.2.8.1 xoops2jp/html/modules/system/admin/comments/main.php:1.2.8.2 --- xoops2jp/html/modules/system/admin/comments/main.php:1.2.8.1 Wed Oct 19 02:21:54 2005 +++ xoops2jp/html/modules/system/admin/comments/main.php Fri Dec 30 17:28:42 2005 @@ -1,5 +1,5 @@ <?php -// $Id: main.php,v 1.2.8.1 2005/10/18 17:21:54 minahito Exp $ +// $Id: main.php,v 1.2.8.2 2005/12/30 08:28:42 minahito Exp $ // ------------------------------------------------------------------------ // // XOOPS - PHP Content Management System // // Copyright (c) 2000 XOOPS.org // @@ -125,7 +125,7 @@ $poster_uname = '<a href="'.XOOPS_URL.'/userinfo.php?uid='.$comments[$i]->getVar('com_uid').'">'.$poster->getVar('uname').'</a>'; } } - $icon = ($comments[$i]->getVar('com_icon') != '') ? '<img src="'.XOOPS_URL.'/images/subject/'.$comments[$i]->getVar('com_icon').'" alt="" />' : '<img src="'.XOOPS_URL.'/images/icons/no_posticon.gif" alt="" />'; + $icon = ($comments[$i]->getVar('com_icon') != '') ? '<img src="'.XOOPS_URL.'/images/subject/'.htmlspecialchars($comments[$i]->getVar('com_icon')).'" alt="" />' : '<img src="'.XOOPS_URL.'/images/icons/no_posticon.gif" alt="" />'; echo '<tr align="center"><td class="'.$class.'">'.$icon.'</td><td class="'.$class.'" align="left"><a href="admin.php?fct=comments&op=jump&com_id='.$i.'">'. $comments[$i]->getVar('com_title').'</a></td><td class="'.$class.'">'.formatTimestamp($comments[$i]->getVar('com_created'), 'm').'</td><td class="'.$class.'">'.$poster_uname.'</td><td class="'.$class.'">'.$comments[$i]->getVar('com_ip').'</td><td class="'.$class.'">'.$module_array[$comments[$i]->getVar('com_modid')].'</td><td class="'.$class.'">'.$status_array2[$comments[$i]->getVar('com_status')].'</td><td class="'.$class.'" align="right"><a href="admin/comments/comment_edit.php?com_id='.$i.'">'._EDIT.'</a> <a href="admin/comments/comment_delete.php?com_id='.$i.'">'._DELETE.'</a></td></tr>'; } echo '</table>';