- Patch #520760 by sun, Berdir, Steven Merrill, David_Rothstein, Heine, duellj, catch: fixed SA-CORE-2009-007 user signature format.

2 files changed, 2 insertions, 2 deletions

diff --git a/modules/comment/comment.module b/modules/comment/comment.module
index 1ffce389a..03cbb5460 100644
--- a/modules/comment/comment.module
+++ b/modules/comment/comment.module
@@ -1633,7 +1633,7 @@ class CommentController extends DrupalDefaultEntityController {
     $query->addField('n', 'type', 'node_type');
     $query->innerJoin('users', 'u', 'base.uid = u.uid');
     $query->addField('u', 'name', 'registered_name');
-    $query->fields('u', array('uid', 'signature', 'picture'));
+    $query->fields('u', array('uid', 'signature', 'signature_format', 'picture'));
     return $query;
   }
 
diff --git a/modules/comment/comment.pages.inc b/modules/comment/comment.pages.inc
index 089825f56..8e39ea387 100644
--- a/modules/comment/comment.pages.inc
+++ b/modules/comment/comment.pages.inc
@@ -48,7 +48,7 @@ function comment_reply($node, $pid = NULL) {
       // $pid indicates that this is a reply to a comment.
       if ($pid) {
         // Load the comment whose cid = $pid
-        $comment = db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comment} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = :cid AND c.status = :status', array(
+        $comment = db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data FROM {comment} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = :cid AND c.status = :status', array(
           ':cid' => $pid,
           ':status' => COMMENT_PUBLISHED,
         ))->fetchObject();