From 87b424123b498b8a445e78e2ae15c28219f1246a Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Tue, 9 May 2017 20:33:25 -0700
Subject: don't allow html in plugin comment blocks

---
 include/plugin.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/plugin.php b/include/plugin.php
index 29474735e..db20152ea 100755
--- a/include/plugin.php
+++ b/include/plugin.php
@@ -356,6 +356,7 @@ function get_plugin_info($plugin){
 		return $info;
 
 	$f = file_get_contents("addon/$plugin/$plugin.php");
+	$f = escape_tags($f);
 	$r = preg_match("|/\*.*\*/|msU", $f, $m);
 
 	if ($r){
-- 
cgit v1.2.3