diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-05-31 00:11:48 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-05-31 00:11:48 -0700 |
| commit | 708f27f483d70660446ea2132b02cb7b39225f98 (patch) | |
| tree | c1f6231ea024565be6c2a41ad092eea05b30d7fc /modules/gallery/views/simple_uploader.html.php | |
| parent | ad81861c331f60ec8c19ea11e47e2826660fa142 (diff) | |
Run p::clean() on any variables that contain data entered by users.
Diffstat (limited to 'modules/gallery/views/simple_uploader.html.php')
| -rw-r--r-- | modules/gallery/views/simple_uploader.html.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php index b6725c31..abda6d26 100644 --- a/modules/gallery/views/simple_uploader.html.php +++ b/modules/gallery/views/simple_uploader.html.php @@ -5,7 +5,7 @@ <!-- hack to set the title for the dialog --> <form id="gAddPhotosForm" action="<?= url::site("simple_uploader/finish") ?>"> <fieldset> - <legend> <?= t("Add photos to %album_title", array("album_title" => $item->title)) ?> </legend> + <legend> <?= t("Add photos to %album_title", array("album_title" => p::clean($item->title))) ?> </legend> </fieldset> </form> @@ -25,9 +25,9 @@ </p> <ul class="gBreadcrumbs"> <? foreach ($item->parents() as $parent): ?> - <li> <?= $parent->title ?> </li> + <li> <?= p::clean($parent->title) ?> </li> <? endforeach ?> - <li class="active"> <?= $item->title ?> </li> + <li class="active"> <?= p::clean($item->title) ?> </li> </ul> <p><?= t("Upload Queue") ?></p> |