Escape variables in comments module

midasplatform · Dec 8, 2014 · 9b7ca65 · 9b7ca65
1 parent 552c856
commit 9b7ca65
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/modules/comments/controllers/components/CommentComponent.php b/modules/comments/controllers/components/CommentComponent.php
@@ -35,7 +35,7 @@ public function getComments($item, $limit, $offset)
         foreach ($comments as $comment) {
             $commentArray = $comment->toArray();
             $commentArray['user'] = $comment->getUser()->toArray();
-            $commentArray['comment'] = htmlentities($commentArray['comment']);
+            $commentArray['comment'] = htmlspecialchars($commentArray['comment'], ENT_QUOTES, 'UTF-8');
             $commentArray['ago'] = $dateComponent->ago($commentArray['date']);
             $commentsList[] = $commentArray;
         }