1 files changed, 3 insertions, 3 deletions
diff --git a/includes/comments.php b/includes/comments.php
index e050073..0f48444 100755
--- a/includes/comments.php
+++ b/includes/comments.php

@@ -69,8 +69,8 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
        if (isset($username))
        {
                $template->add_ref($curID, 'COMMENTS', array(   'CODEDEMAIL' => md5(strtolower($email)),
-                                                                'USERNAME' => (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username),
+                                                                'USERNAME' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username),
-                                                                'DATE' => date("F dS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])),
+                                                                'DATE' => date("F jS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])),
                                                                'ID' => $getcomments3[$i]['id'],
                                                                'TEXT' => parseText($getcomments3[$i]['comment'])));
@@ -78,7 +78,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
                {
                        if ((isAdmin()) || (($getcomments3[$i]['is_anon'] == 0) && (getSessionUserID() === $getcomments3[$i]['user_id'])))
                        {
-                                $template->adds_ref_sub($curID, 'EDITOR', array('BEFORE' => $getcomments3[$i]['comment']));
+                                $template->adds_ref_sub($curID, 'EDITOR', array('BEFORE' => htmlspecialchars($getcomments3[$i]['comment'])));
                        }
                }
        }

diff --git a/includes/comments.php b/includes/comments.php index e050073..0f48444 100755 --- a/includes/comments.php +++ b/includes/comments.php
@@ -69,8 +69,8 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
69	if (isset($username))	69	if (isset($username))
70	{	70	{
71	$template->add_ref($curID, 'COMMENTS', array( 'CODEDEMAIL' => md5(strtolower($email)),	71	$template->add_ref($curID, 'COMMENTS', array( 'CODEDEMAIL' => md5(strtolower($email)),
72	'USERNAME' => (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username),	72	'USERNAME' => (($website != '') ? '<a href="' . $website . '">' . $username . '</a>' : $username),
73	'DATE' => date("F dS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])),	73	'DATE' => date("F jS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])),
74	'ID' => $getcomments3[$i]['id'],	74	'ID' => $getcomments3[$i]['id'],
75	'TEXT' => parseText($getcomments3[$i]['comment'])));	75	'TEXT' => parseText($getcomments3[$i]['comment'])));
76		76
@@ -78,7 +78,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
78	{	78	{
79	if ((isAdmin()) \|\| (($getcomments3[$i]['is_anon'] == 0) && (getSessionUserID() === $getcomments3[$i]['user_id'])))	79	if ((isAdmin()) \|\| (($getcomments3[$i]['is_anon'] == 0) && (getSessionUserID() === $getcomments3[$i]['user_id'])))
80	{	80	{
81	$template->adds_ref_sub($curID, 'EDITOR', array('BEFORE' => $getcomments3[$i]['comment']));	81	$template->adds_ref_sub($curID, 'EDITOR', array('BEFORE' => htmlspecialchars($getcomments3[$i]['comment'])));
82	}	82	}
83	}	83	}
84	}	84	}