From c16e034f7c92be5ef997666394fc789921ef57c7 Mon Sep 17 00:00:00 2001
From: Garvin Hicking <blog@garv.in>
Date: Mon, 4 Jan 2016 10:53:52 +0100
Subject: [PATCH] XSS fix
---
docs/NEWS | 7 +++++--
include/functions_comments.inc.php | 2 +-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/docs/NEWS b/docs/NEWS
index ea044d9a..fda78601 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -106,11 +106,14 @@ Version 2.1 ()
* Some small enhancements to the error reporting
-Version 2.0.3 ()
+Version 2.0.3 (December 17th, 2015)
------------------------------------------------------------------------
+ * Fix XSS in backend comment editing form for logged-in authors,
+ thanks to Onur Yilmaz and Robert Abela from Netsparker.com
+
* Fix some backend entry form related event messages
-
+
Version 2.0.2 (July 24th, 2015)
------------------------------------------------------------------------
diff --git a/include/functions_comments.inc.php b/include/functions_comments.inc.php
index 8e2dd4cb..0a44b45c 100644
--- a/include/functions_comments.inc.php
+++ b/include/functions_comments.inc.php
@@ -190,7 +190,7 @@ function serendipity_displayCommentForm($id, $url = '', $comments = NULL, $data
$commentform_data = array(
'commentform_action' => $url,
- 'commentform_id' => $id,
+ 'commentform_id' => (int)$id,
'commentform_name' => isset($data['name']) ? serendipity_specialchars($data['name']) : (isset($serendipity['COOKIE']['name']) ? serendipity_specialchars($serendipity['COOKIE']['name']) : ''),
'commentform_email' => isset($data['email']) ? serendipity_specialchars($data['email']) : (isset($serendipity['COOKIE']['email']) ? serendipity_specialchars($serendipity['COOKIE']['email']) : ''),
'commentform_url' => isset($data['url']) ? serendipity_specialchars($data['url']) : (isset($serendipity['COOKIE']['url']) ? serendipity_specialchars($serendipity['COOKIE']['url']) : ''),