diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-07-01 17:57:39 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-07-01 17:57:39 -0700 |
| commit | 8f9a943f55c1342177d7687e3d891f5d1c9eff30 (patch) | |
| tree | eb84d7973495f3b9558951139c0b4952be0a2aaa /modules/gallery/controllers/quick.php | |
| parent | 7b1e3c50218b235a7d25ebe21f93eb8dd9acfb84 (diff) | |
Fix a bunch of XSS vulnerabilities turned up by manual inspection
using the checklist in ticket #385.
Diffstat (limited to 'modules/gallery/controllers/quick.php')
| -rw-r--r-- | modules/gallery/controllers/quick.php | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index e89d9701..5d3d8885 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -89,7 +89,7 @@ class Quick_Controller extends Controller { access::required("view", $item->parent()); access::required("edit", $item->parent()); - $msg = t("Made <b>%title</b> this album's cover", array("title" => $item->title)); + $msg = t("Made <b>%title</b> this album's cover", array("title" => p::clean($item->title))); item::make_album_cover($item); message::success($msg); @@ -105,9 +105,10 @@ class Quick_Controller extends Controller { if ($item->is_album()) { print t( "Delete the album <b>%title</b>? All photos and movies in the album will also be deleted.", - array("title" => $item->title)); + array("title" => p::clean($item->title))); } else { - print t("Are you sure you want to delete <b>%title</b>?", array("title" => $item->title)); + print t("Are you sure you want to delete <b>%title</b>?", + array("title" => p::clean($item->title))); } $form = item::get_delete_form($item); @@ -121,9 +122,9 @@ class Quick_Controller extends Controller { access::required("edit", $item); if ($item->is_album()) { - $msg = t("Deleted album <b>%title</b>", array("title" => $item->title)); + $msg = t("Deleted album <b>%title</b>", array("title" => p::clean($item->title))); } else { - $msg = t("Deleted photo <b>%title</b>", array("title" => $item->title)); + $msg = t("Deleted photo <b>%title</b>", array("title" => p::clean($item->title))); } $item->delete(); |