diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-05-31 01:02:51 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-05-31 01:02:51 -0700 |
| commit | 9369ccab7fb3413d63e218cec81b4cf43442fd98 (patch) | |
| tree | 22066e2335c6aa2d81fadc56fbdbea8e7694069c /modules/notification/views | |
| parent | a049de28ace48a3970371caf24d7c389d8d93cd7 (diff) | |
Run all variables that come from user-entered data through p::clean()
Diffstat (limited to 'modules/notification/views')
| -rw-r--r-- | modules/notification/views/item_deleted.html.php | 12 | ||||
| -rw-r--r-- | modules/notification/views/item_updated.html.php | 12 |
2 files changed, 14 insertions, 10 deletions
diff --git a/modules/notification/views/item_deleted.html.php b/modules/notification/views/item_deleted.html.php index ac9ab594..2d6d5738 100644 --- a/modules/notification/views/item_deleted.html.php +++ b/modules/notification/views/item_deleted.html.php @@ -1,20 +1,24 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= $subject ?> </title> + <title><?= p::clean($subject) ?> </title> </head> <body> - <h2><?= $subject ?></h2> + <h2><?= p::clean($subject) ?></h2> <table> <tr> <td colspan="2"> <?= t("To view the changed album %title use the link below.", - array("title" => $item->parent()->title)) ?> + array("title" => p::clean($item->parent()->title))) ?> </td> </tr> <tr> <td><?= t("Url:") ?></td> - <td><a href="<?= $item->parent()->url(array(), true) ?>"><?= $item->parent()->url(array(), true) ?></a></td> + <td> + <a href="<?= $item->parent()->url(array(), true) ?>"> + <?= $item->parent()->url(array(), true) ?> + </a> + </td> </tr> </table> </body> diff --git a/modules/notification/views/item_updated.html.php b/modules/notification/views/item_updated.html.php index cba522e8..0620c50c 100644 --- a/modules/notification/views/item_updated.html.php +++ b/modules/notification/views/item_updated.html.php @@ -1,18 +1,18 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= $subject ?> </title> + <title><?= p::clean($subject) ?> </title> </head> <body> - <h2> <?= $subject ?> </h2> + <h2> <?= p::clean($subject) ?> </h2> <table> <tr> <? if ($old->title != $new->title): ?> <td><?= t("New Title:") ?></td> - <td><?= $new->title ?></td> + <td><?= p::clean($new->title) ?></td> <? else: ?> <td><?= t("Title:") ?></td> - <td><?= $new->title ?></td> + <td><?= p::clean($new->title) ?></td> <? endif ?> </tr> <tr> @@ -22,12 +22,12 @@ <? if ($old->description != $new->description): ?> <tr> <td><?= t("New Description:") ?></td> - <td><?= $new->description ?></td> + <td><?= p::clean($new->description) ?></td> </tr> <? elseif (!empty($new->description)): ?> <tr> <td><?= t("Description:") ?></td> - <td><?= $new->description ?></td> + <td><?= p::clean($new->description) ?></td> </tr> <? endif ?> </table> |