XSS review fixes (mostly adding missing html::mark_clean()) calls.

author: Andy Staudacher <andy.st@gmail.com> 2009-08-31 02:12:01 -0700
committer: Andy Staudacher <andy.st@gmail.com> 2009-08-31 02:12:01 -0700
commit: 8312eb116e65195e3fc70d59b3b0817b9c807287 (patch)
tree: 1a7191e21d19c92cd5fa843144356a8bd950ef06 /modules/notification/controllers
parent: 26f6d8192ffdfd0280987ec2b9df0305e983746d (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/notification/controllers/notification.php b/modules/notification/controllers/notification.php
index ffb4b46a..5745de5d 100644
--- a/modules/notification/controllers/notification.php
+++ b/modules/notification/controllers/notification.php
@@ -26,10 +26,10 @@ class Notification_Controller extends Controller {
 
     if (notification::is_watching($item)) {
       notification::remove_watch($item);
-      message::success(sprintf(t("You are no longer watching %s"), $item->title));
+      message::success(sprintf(t("You are no longer watching %s"), html::purify($item->title)));
     } else {
       notification::add_watch($item);
-      message::success(sprintf(t("You are now watching %s"), $item->title));
+      message::success(sprintf(t("You are now watching %s"), html::purify($item->title)));
     }
     url::redirect($item->url(array(), true));
   }
author	Andy Staudacher <andy.st@gmail.com>	2009-08-31 02:12:01 -0700
committer	Andy Staudacher <andy.st@gmail.com>	2009-08-31 02:12:01 -0700
commit	8312eb116e65195e3fc70d59b3b0817b9c807287 (patch)
tree	1a7191e21d19c92cd5fa843144356a8bd950ef06 /modules/notification/controllers
parent	26f6d8192ffdfd0280987ec2b9df0305e983746d (diff)