diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-08-31 21:51:57 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-08-31 21:51:57 -0700 |
| commit | 2bc73e2e36fefc3c1ee1b8e97e686c6729e58dcb (patch) | |
| tree | c511db2684ea957572a1d27caf49a08963ef8484 /modules/comment | |
| parent | 8c3a2db3803ccaa3572f0bf061ca7faf62f13fca (diff) | |
Fix XSS vectors in HTML attributes (mostly t() calls)
Diffstat (limited to 'modules/comment')
| -rw-r--r-- | modules/comment/views/admin_block_recent_comments.html.php | 2 | ||||
| -rw-r--r-- | modules/comment/views/admin_comments.html.php | 2 | ||||
| -rw-r--r-- | modules/comment/views/comment.html.php | 2 | ||||
| -rw-r--r-- | modules/comment/views/comments.html.php | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php index dc3975e0..2afa5bf8 100644 --- a/modules/comment/views/admin_block_recent_comments.html.php +++ b/modules/comment/views/admin_block_recent_comments.html.php @@ -4,7 +4,7 @@ <li class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>"> <img src="<?= $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= html::clean($comment->author_name()) ?>" + alt="<?= html::clean_attribute($comment->author_name()) ?>" width="32" height="32" /> <?= gallery::date_time($comment->created) ?> diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index 588c3ebc..f5970ae1 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -122,7 +122,7 @@ <a href="<?= $item->url() ?>"> <? if ($item->has_thumb()): ?> <img src="<?= $item->thumb_url() ?>" - alt="<?= html::purify($item->title) ?>" + alt="<?= html::purify($item->title)->for_html_attr() ?>" <?= photo::img_dimensions($item->thumb_width, $item->thumb_height, 75) ?> /> <? else: ?> diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php index 1d0786cb..ce4e197d 100644 --- a/modules/comment/views/comment.html.php +++ b/modules/comment/views/comment.html.php @@ -4,7 +4,7 @@ <a href="#"> <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= html::clean($comment->author_name()) ?>" + alt="<?= html::clean_attribute($comment->author_name()) ?>" width="40" height="40" /> </a> diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index 1e45c946..b7ebdf3a 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -18,7 +18,7 @@ <a href="#"> <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= html::clean($comment->author_name()) ?>" + alt="<?= html::clean_attribute($comment->author_name()) ?>" width="40" height="40" /> </a> |