Closed (fixed)
Project:
Drupal core
Version:
7.x-dev
Component:
theme system
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
27 Dec 2008 at 00:25 UTC
Updated:
23 Oct 2012 at 15:31 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #1
dries commentedCommitted to CVS HEAD. Should be backported to Drupal 6? (Was $comment->signature properly escaped?)
Comment #2
David_Rothstein commentedGood question... I checked and tested this out, and it seems that $comment->signature is always safe to use in a theme (since it is escaped in http://api.drupal.org/api/function/user_comment/6).
The patch for D6 is attached.
Comment #3
David_Rothstein commentedNote that I found a closely related issue here: #351649: Chameleon and Marvin themes do not correctly use comment status
Comment #4
Anonymous (not verified) commentedI'm going to say this is a won't fix for D6, since D6 commits focus on security fixes at this point.
Comment #5
Anonymous (not verified) commentedChanging issue status to reflect that it was fixed in 7.x.