diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-07-01 17:57:39 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-07-01 17:57:39 -0700 |
| commit | 8f9a943f55c1342177d7687e3d891f5d1c9eff30 (patch) | |
| tree | eb84d7973495f3b9558951139c0b4952be0a2aaa /modules/gallery/controllers/movies.php | |
| parent | 7b1e3c50218b235a7d25ebe21f93eb8dd9acfb84 (diff) | |
Fix a bunch of XSS vulnerabilities turned up by manual inspection
using the checklist in ticket #385.
Diffstat (limited to 'modules/gallery/controllers/movies.php')
| -rw-r--r-- | modules/gallery/controllers/movies.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index d8cca825..30a5d78c 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -94,7 +94,8 @@ class Movies_Controller extends Items_Controller { module::event("item_updated", $orig, $photo); log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>"); - message::success(t("Saved photo %photo_title", array("photo_title" => $photo->title))); + message::success( + t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title)))); print json_encode( array("result" => "success", |