diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-08-31 02:12:01 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-08-31 02:12:01 -0700 |
| commit | 8312eb116e65195e3fc70d59b3b0817b9c807287 (patch) | |
| tree | 1a7191e21d19c92cd5fa843144356a8bd950ef06 /modules/gallery/controllers/photos.php | |
| parent | 26f6d8192ffdfd0280987ec2b9df0305e983746d (diff) | |
XSS review fixes (mostly adding missing html::mark_clean()) calls.
Diffstat (limited to 'modules/gallery/controllers/photos.php')
| -rw-r--r-- | modules/gallery/controllers/photos.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 3447b4c6..3b9662c7 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -86,7 +86,8 @@ class Photos_Controller extends Items_Controller { log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>"); message::success( - t("Saved photo %photo_title", array("photo_title" => $photo->title))); + t("Saved photo %photo_title", + array("photo_title" => html::purify($photo->title)))); print json_encode( array("result" => "success", |