Do all the html::clean|purify calls in the views and not the controller. Also clean the subject line and email message body of the contact user email.

author: Tim Almdal <tnalmdal@shaw.ca> 2010-01-28 07:44:58 -0800
committer: Tim Almdal <tnalmdal@shaw.ca> 2010-01-28 07:44:58 -0800
commit: cedbc82dccaf74a983f1f92846735b69391fdf10 (patch)
tree: 22e39f1f74d9ab6bbc6a2f4292f504b76109deea /modules/gallery/views
parent: bbe70119ef99e77a57dbc5354bc348c7adaece46 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php
index 708b1613..7dc9d13e 100644
--- a/modules/gallery/views/user_profile.html.php
+++ b/modules/gallery/views/user_profile.html.php
@@ -41,7 +41,7 @@
   <? foreach ($info_parts as $info): ?>
   <div>
     <fieldset>
-    <label><?= $info->title ?></label>
+    <label><?= html::purify($info->title) ?></label>
     <div>
     <?= $info->view ?>
     </div>
diff --git a/modules/gallery/views/user_profile_info.html.php b/modules/gallery/views/user_profile_info.html.php
index 2a2549c8..2f2d68d3 100644
--- a/modules/gallery/views/user_profile_info.html.php
+++ b/modules/gallery/views/user_profile_info.html.php
@@ -3,7 +3,7 @@
   <? foreach ($fields as $field => $value): ?>
   <tr>
     <td><?= $field ?></td>
-    <td><?= $value ?></td>
+    <td><?= html::purify($value) ?></td>
   </tr>
   <? endforeach ?>
 </table>
author	Tim Almdal <tnalmdal@shaw.ca>	2010-01-28 07:44:58 -0800
committer	Tim Almdal <tnalmdal@shaw.ca>	2010-01-28 07:44:58 -0800
commit	cedbc82dccaf74a983f1f92846735b69391fdf10 (patch)
tree	22e39f1f74d9ab6bbc6a2f4292f504b76109deea /modules/gallery/views
parent	bbe70119ef99e77a57dbc5354bc348c7adaece46 (diff)