diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2012-07-21 15:42:52 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2012-07-21 15:42:52 -0700 |
| commit | 8524fba15a4cbabe1d6c4e60bdfe9e766eca1fdc (patch) | |
| tree | 28af1599c0375e4da909d0b4241cf7b3ae0bffa8 /modules/gallery/views/admin_advanced_settings.html.php | |
| parent | 27e253401678b28527444c7e4e0faa5afc95d708 (diff) | |
Sanitize the module name and don't allow storing values for illegal
module names. Fixes #1898.
Diffstat (limited to 'modules/gallery/views/admin_advanced_settings.html.php')
| -rw-r--r-- | modules/gallery/views/admin_advanced_settings.html.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index 8d21d890..6745f0df 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -19,7 +19,7 @@ </tr> <? foreach ($vars as $var): ?> <tr class="setting-row <?= text::alternate("g-odd", "g-even") ?>"> - <td> <?= $var->module_name ?> </td> + <td> <?= html::clean($var->module_name) ?> </td> <td> <?= html::clean($var->name) ?> </td> <td> <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . html::clean($var->name)) ?>" |