From 85812eda45908ddbac9dc49c782d80e490e13897 Mon Sep 17 00:00:00 2001
From: Jan-Christoph Ihrens <ihrens@cc-services.de>
Date: Mon, 27 May 2013 19:08:27 +0200
Subject: [PATCH] $field was not defined in getReplyForm(). This could lead to
 the following problem:

1) Login to Manager
2) Open a new comment form
3) The user fields should be pre-filled with the values from user profile
4) Change content of any of the user fields (name, email, website)
5) Preview the comment
6) The changes in the reply form are overwritten with the data from the user profile

Signed-off-by: Jan-Christoph Ihrens <ihrens@cc-services.de>
---
 .../quip/controllers/web/ThreadReply.php      | 27 ++++++++++++-------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/core/components/quip/controllers/web/ThreadReply.php b/core/components/quip/controllers/web/ThreadReply.php
index d61a396..e67155d 100644
--- a/core/components/quip/controllers/web/ThreadReply.php
+++ b/core/components/quip/controllers/web/ThreadReply.php
@@ -24,7 +24,7 @@
  */
 /**
  * Returns the number of comments a given thread/user/family has
- * 
+ *
  * @package quip
  * @subpackage controllers
  */
@@ -133,25 +133,25 @@ public function process() {
         $p = $this->modx->request->getParameters();
         unset($p['reported'],$p['quip_approved']);
         $this->setPlaceholder('url',$this->modx->makeUrl($this->modx->resource->get('id'),'',$p));
-        
+
         $this->setPlaceholder('parent',$this->parentThread);
         $this->setPlaceholder('thread',$this->thread->get('name'));
         $this->setPlaceholder('idprefix',$this->thread->get('idprefix'));
-        
+
         /* handle POST */
         $this->hasPreview = false;
         if (!empty($_POST)) {
             $this->handlePost();
         }
-        
+
         /* display moderated success message */
         $this->checkForModeration();
-        
+
         $this->checkForUnSubscribe();
-        
+
         /* if using recaptcha, load recaptcha html if user is not logged in */
         $this->loadReCaptcha();
-        
+
         /* build reply form */
         $isOpen = $this->isOpen();
         if ($this->hasAuth && $isOpen) {
@@ -161,7 +161,7 @@ public function process() {
         } else {
             $replyForm = $this->quip->getChunk($this->getProperty('tplLoginToComment','quipLoginToComment'),$this->getPlaceholders());
         }
-        
+
         /* output or set to placeholder */
         $toPlaceholder = $this->getProperty('toPlaceholder',false);
         if ($toPlaceholder) {
@@ -180,6 +180,15 @@ public function getReplyForm() {
         $this->setPlaceholder('username',$this->modx->user->get('username'));
         $this->setPlaceholder('unsubscribe','');
 
+        $fields = array();
+        foreach ($_POST as $k => $v) {
+            $fields[$k] = str_replace(array('[',']'),array('&#91;','&#93;'),$v);
+        }
+
+        $fields['name']    = strip_tags($fields['name']);
+        $fields['email']   = strip_tags($fields['email']);
+        $fields['website'] = strip_tags($fields['website']);
+
         /* prefill fields */
         $profile = $this->modx->user->getOne('Profile');
         if ($profile) {
@@ -250,7 +259,7 @@ public function handlePost() {
                 $params = $this->modx->request->getParameters();
                 unset($params[$this->getProperty('postAction')],$params['quip_parent'],$params['quip_thread']);
                 $params['quip_approved'] = $comment->get('approved') ? 1 : 0;
-                
+
                 /* redirect urls for custom FURL scheme  */
                 $redirectToUrl = $this->getProperty('redirectToUrl','');
                 $redirectTo = $this->getProperty('redirectTo','');