diff options
author | Dries Buytaert <dries@buytaert.net> | 2010-06-10 06:57:20 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2010-06-10 06:57:20 +0000 |
commit | 23582a5e9101a369474016e43bbb904c47a47df5 (patch) | |
tree | 5c7cbf4df26ce4dca42325c988dbb0c830cd3abe /modules/comment/comment.pages.inc | |
parent | a9af3a61cfb2bb1d0d57f156a3f52f8233b0af4a (diff) | |
download | brdo-23582a5e9101a369474016e43bbb904c47a47df5.tar.gz brdo-23582a5e9101a369474016e43bbb904c47a47df5.tar.bz2 |
- Patch #520760 by sun, Berdir, Steven Merrill, David_Rothstein, Heine, duellj, catch: fixed SA-CORE-2009-007 user signature format.
Diffstat (limited to 'modules/comment/comment.pages.inc')
-rw-r--r-- | modules/comment/comment.pages.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/comment/comment.pages.inc b/modules/comment/comment.pages.inc index 089825f56..8e39ea387 100644 --- a/modules/comment/comment.pages.inc +++ b/modules/comment/comment.pages.inc @@ -48,7 +48,7 @@ function comment_reply($node, $pid = NULL) { // $pid indicates that this is a reply to a comment. if ($pid) { // Load the comment whose cid = $pid - $comment = db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comment} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = :cid AND c.status = :status', array( + $comment = db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data FROM {comment} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = :cid AND c.status = :status', array( ':cid' => $pid, ':status' => COMMENT_PUBLISHED, ))->fetchObject(); |