diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-08-31 21:51:57 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-08-31 21:51:57 -0700 |
| commit | 2bc73e2e36fefc3c1ee1b8e97e686c6729e58dcb (patch) | |
| tree | c511db2684ea957572a1d27caf49a08963ef8484 /modules/gallery/views/move_browse.html.php | |
| parent | 8c3a2db3803ccaa3572f0bf061ca7faf62f13fca (diff) | |
Fix XSS vectors in HTML attributes (mostly t() calls)
Diffstat (limited to 'modules/gallery/views/move_browse.html.php')
| -rw-r--r-- | modules/gallery/views/move_browse.html.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/gallery/views/move_browse.html.php b/modules/gallery/views/move_browse.html.php index 4f69c0e9..99728ecc 100644 --- a/modules/gallery/views/move_browse.html.php +++ b/modules/gallery/views/move_browse.html.php @@ -42,6 +42,6 @@ <form method="post" action="<?= url::site("move/save/$source->id") ?>"> <?= access::csrf_form_field() ?> <input type="hidden" name="target_id" value="" /> - <input type="submit" id="gMoveButton" value="<?= t("Move") ?>" disabled="disabled"/> + <input type="submit" id="gMoveButton" value="<?= t("Move")->for_html_attr() ?>" disabled="disabled"/> </form> </div> |