diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-05-31 00:11:48 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-05-31 00:11:48 -0700 |
| commit | 708f27f483d70660446ea2132b02cb7b39225f98 (patch) | |
| tree | c1f6231ea024565be6c2a41ad092eea05b30d7fc /modules/notification | |
| parent | ad81861c331f60ec8c19ea11e47e2826660fa142 (diff) | |
Run p::clean() on any variables that contain data entered by users.
Diffstat (limited to 'modules/notification')
| -rw-r--r-- | modules/notification/views/comment_published.html.php | 18 | ||||
| -rw-r--r-- | modules/notification/views/item_added.html.php | 14 |
2 files changed, 20 insertions, 12 deletions
diff --git a/modules/notification/views/comment_published.html.php b/modules/notification/views/comment_published.html.php index 23588c72..ff2ba0bc 100644 --- a/modules/notification/views/comment_published.html.php +++ b/modules/notification/views/comment_published.html.php @@ -1,30 +1,34 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= $subject ?> </title> + <title><?= p::clean($subject) ?> </title> </head> <body> - <h2><?= $subject ?></h2> + <h2><?= p::clean($subject) ?></h2> <table> <tr> <td><?= t("Comment:") ?></td> - <td><?= $comment->text ?></td> + <td><?= p::clean($comment->text) ?></td> </tr> <tr> <td><?= t("Author Name:") ?></td> - <td><?= $comment->author_name() ?></td> + <td><?= p::clean($comment->author_name()) ?></td> </tr> <tr> <td><?= t("Author Email:") ?></td> - <td><?= $comment->author_email() ?></td> + <td><?= p::clean($comment->author_email()) ?></td> </tr> <tr> <td><?= t("Author URL:") ?></td> - <td><?= $comment->author_url() ?></td> + <td><?= p::clean($comment->author_url()) ?></td> </tr> <tr> <td><?= t("Url:") ?></td> - <td><a href="<?= $comment->item()->url(array(), true) ?>#comments"><?= $comment->item()->url(array(), true) ?>#comments</a></td> + <td> + <a href="<?= $comment->item()->url(array(), true) ?>#comments"> + <?= $comment->item()->url(array(), true) ?>#comments + </a> + </td> </tr> </table> </body> diff --git a/modules/notification/views/item_added.html.php b/modules/notification/views/item_added.html.php index b67b9f38..32857c08 100644 --- a/modules/notification/views/item_added.html.php +++ b/modules/notification/views/item_added.html.php @@ -1,23 +1,27 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= $subject ?> </title> + <title><?= p::clean($subject) ?> </title> </head> <body> - <h2><?= $subject ?></h2> + <h2><?= p::clean($subject) ?></h2> <table> <tr> <td><?= t("Title:") ?></td> - <td><?= $item->title ?></td> + <td><?= p::clean($item->title) ?></td> </tr> <tr> <td><?= t("Url:") ?></td> - <td><a href="<?= $item->url(array(), true) ?>"><?= $item->url(array(), true) ?></a></td> + <td> + <a href="<?= $item->url(array(), true) ?>"> + <?= $item->url(array(), true) ?> + </a> + </td> </tr> <? if ($item->description): ?> <tr> <td><?= t("Description:") ?></td> - <td><?= $item->description ?></td> + <td><?= p::clean($item->description) ?></td> </tr> <? endif ?> </table> |