diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-09-01 01:28:52 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-09-01 01:28:52 -0700 |
| commit | 53711225ac9d116e72c159de943284fd55fe26e4 (patch) | |
| tree | fa88f7786c2a5f30db2a12f8f601d4f55c5824d6 /modules/comment/views | |
| parent | 94c201f265c758fad38eb69c0a5878970119197a (diff) | |
XSS / style fixes for newly detected issues (after fixing XSS scanner)
Diffstat (limited to 'modules/comment/views')
| -rw-r--r-- | modules/comment/views/admin_comments.html.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index f5970ae1..455cd714 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -1,7 +1,7 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <script type="text/javascript"> var set_state_url = - "<?= url::site("admin/comments/set_state/__ID__/__STATE__?csrf=$csrf") ?>"; + <?= html::js_string(url::site("admin/comments/set_state/__ID__/__STATE__?csrf=$csrf")) ?>; function set_state(state, id) { $.get(set_state_url.replace("__STATE__", state).replace("__ID__", id), {}, @@ -12,7 +12,7 @@ } var delete_url = - "<?= url::site("admin/comments/delete/__ID__?csrf=$csrf") ?>"; + <?= html::js_string(url::site("admin/comments/delete/__ID__?csrf=$csrf")) ?>; function del(id) { $.get(delete_url.replace("__ID__", id), @@ -24,7 +24,7 @@ } function update_menu() { - $.get("<?= url::site("admin/comments/menu_labels") ?>", {}, + $.get(<?= html::js_string(url::site("admin/comments/menu_labels")) ?>, {}, function(data) { for (var i = 0; i < data.length; i++) { $("#gAdminCommentsMenu li:eq(" + i + ") a").html(data[i]); |