diff options
| author | Shad Laws <shad@shadlaws.com> | 2013-09-06 00:12:43 -0700 |
|---|---|---|
| committer | Shad Laws <shad@shadlaws.com> | 2013-09-06 00:12:43 -0700 |
| commit | 277cd9a98bfc47a95d221eecc6325c8ba7ab24b9 (patch) | |
| tree | 95f925b01d7038736146b2212a13cebc654ec579 | |
| parent | 04953a4f5e863d15967414faf2caec7a8003ee86 (diff) | |
| parent | 57d12c69a87bbc2057f5f513f425e8b0d6588b87 (diff) | |
Merge pull request #463 from shadlaws/fix_20130906_master
Fix 20130906 master
| -rw-r--r-- | modules/gallery/controllers/admin_theme_options.php | 14 | ||||
| -rw-r--r-- | modules/gallery/helpers/module.php | 4 |
2 files changed, 14 insertions, 4 deletions
diff --git a/modules/gallery/controllers/admin_theme_options.php b/modules/gallery/controllers/admin_theme_options.php index 38d2b0a8..3258040c 100644 --- a/modules/gallery/controllers/admin_theme_options.php +++ b/modules/gallery/controllers/admin_theme_options.php @@ -53,11 +53,17 @@ class Admin_Theme_Options_Controller extends Admin_Controller { module::set_var("gallery", "resize_size", $resize_size); } - module::set_var("gallery", "header_text", $form->edit_theme->header_text->value); - module::set_var("gallery", "footer_text", $form->edit_theme->footer_text->value); module::set_var("gallery", "show_credits", $form->edit_theme->show_credits->value); - module::set_var("gallery", "favicon_url", $form->edit_theme->favicon_url->value); - module::set_var("gallery", "apple_touch_icon_url", $form->edit_theme->apple_touch_icon_url->value); + + // Sanitize values that get placed directly in HTML output by theme. + module::set_var("gallery", "header_text", + html::purify($form->edit_theme->header_text->value)); + module::set_var("gallery", "footer_text", + html::purify($form->edit_theme->footer_text->value)); + module::set_var("gallery", "favicon_url", + html::purify($form->edit_theme->favicon_url->value)); + module::set_var("gallery", "apple_touch_icon_url", + html::purify($form->edit_theme->apple_touch_icon_url->value)); module::event("theme_edit_form_completed", $form); diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index 1b6c8d1a..0e190e46 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -93,6 +93,10 @@ class module_Core { $module_name = basename(dirname($file)); $modules->$module_name = new ArrayObject(parse_ini_file($file), ArrayObject::ARRAY_AS_PROPS); + foreach ($modules->$module_name as &$value) { + $value = html::purify($value); + } + $m =& $modules->$module_name; $m->installed = module::is_installed($module_name); $m->active = module::is_active($module_name); |