diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-07-01 17:57:39 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-07-01 17:57:39 -0700 |
| commit | 8f9a943f55c1342177d7687e3d891f5d1c9eff30 (patch) | |
| tree | eb84d7973495f3b9558951139c0b4952be0a2aaa /modules/gallery/controllers/albums.php | |
| parent | 7b1e3c50218b235a7d25ebe21f93eb8dd9acfb84 (diff) | |
Fix a bunch of XSS vulnerabilities turned up by manual inspection
using the checklist in ticket #385.
Diffstat (limited to 'modules/gallery/controllers/albums.php')
| -rw-r--r-- | modules/gallery/controllers/albums.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 22f50fb8..d141d157 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -111,7 +111,8 @@ class Albums_Controller extends Items_Controller { log::success("content", "Created an album", html::anchor("albums/$new_album->id", "view album")); - message::success(t("Created album %album_title", array("album_title" => $new_album->title))); + message::success( + t("Created album %album_title", array("album_title" => p::clean($new_album->title)))); print json_encode( array("result" => "success", @@ -143,7 +144,8 @@ class Albums_Controller extends Items_Controller { user::active()->id); log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo")); - message::success(t("Added photo %photo_title", array("photo_title" => $photo->title))); + message::success( + t("Added photo %photo_title", array("photo_title" => p::clean($photo->title)))); print json_encode( array("result" => "success", @@ -197,7 +199,8 @@ class Albums_Controller extends Items_Controller { module::event("item_updated", $orig, $album); log::success("content", "Updated album", "<a href=\"albums/$album->id\">view</a>"); - message::success(t("Saved album %album_title", array("album_title" => $album->title))); + message::success( + t("Saved album %album_title", array("album_title" => p::clean($album->title)))); print json_encode( array("result" => "success", |