Fix SQL injection reported by Dr. Neal Krawetz

docs/NEWS

@@ -162,7 +162,16 @@ Version 1.2 ()
     * Allow to call permalinks that end with a "/" the same as if not
       ending with a "/" (garvinhicking)
 
-Version 1.1.2 ()
+Version 1.1.3 (June 17th, 2007)
+------------------------------------------------------------------------
+
+    * Fix SQL injection through 'commentMode' variable. Thanks to
+      Dr. Neal Krawetz
+
+    * Fix missing %username% permalink pattern in single entry view.
+      Patch by cress_cc
+
+Version 1.1.2 (March 1st, 2007)
 -----------------------------------------------------------------------
 
     * Fix showing SQL error message when an empty category is selected

include/functions_comments.inc.php

@@ -313,7 +313,7 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace
 function serendipity_printCommentsByAuthor() {
     global $serendipity;
 
-    $type      = $serendipity['GET']['commentMode'];
+    $type      = serendipity_db_escape_string($serendipity['GET']['commentMode']);
 
     if ($type == 'comments' || empty($type)) {
         $type = 'NORMAL';