aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-05-09 20:33:25 -0700
committerzotlabs <mike@macgirvin.com>2017-05-09 20:33:25 -0700
commit76d78571d6d7a5adfc6da9e3bbad56c15056bc4a (patch)
tree085666568ee0e47cf0ecf783e4c6638df3c9e431
parent556407408fc3a8c0a912a23f8d8f9eb7a5872013 (diff)
downloadvolse-hubzilla-76d78571d6d7a5adfc6da9e3bbad56c15056bc4a.tar.gz
volse-hubzilla-76d78571d6d7a5adfc6da9e3bbad56c15056bc4a.tar.bz2
volse-hubzilla-76d78571d6d7a5adfc6da9e3bbad56c15056bc4a.zip
don't allow html in plugin comment blocks
-rwxr-xr-xinclude/plugin.php1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/plugin.php b/include/plugin.php
index 29474735e..db20152ea 100755
--- a/include/plugin.php
+++ b/include/plugin.php
@@ -356,6 +356,7 @@ function get_plugin_info($plugin){
return $info;
$f = file_get_contents("addon/$plugin/$plugin.php");
+ $f = escape_tags($f);
$r = preg_match("|/\*.*\*/|msU", $f, $m);
if ($r){