Source: reviews (security level: low)
Flip the security level in the header to compare the vulnerable and fixed code paths.
<?php // LOW: review author/body rendered verbatim -> STORED XSS
function render_review($r){ echo "<div class='review'><b>".$r['author']."</b> on <i>".$r['pname']."</i><p>".$r['body']."</p></div>"; }