diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-06-03 17:08:23 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-06-03 17:08:23 -0700 |
| commit | dd854379c20722a763ae7fe3d097a57a544cae80 (patch) | |
| tree | 4d30410323ace83e43ecc00eca5a94ec25c940ce /modules/organize/controllers | |
| parent | 05d18da3908ff872f0f726affe1babee975084d8 (diff) | |
Sanitize all data we return via json_encode() to guard against XSS and
other data leaks.
Diffstat (limited to 'modules/organize/controllers')
| -rw-r--r-- | modules/organize/controllers/organize.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 43d41357..57709cb5 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -61,8 +61,9 @@ class Organize_Controller extends Controller { access::required("view", $item); access::required("edit", $item); - print json_encode(array("title" => $item->title, - "description" => empty($item->description) ? "" : $item->description)); + print json_encode( + array("title" => p::clean($item->title), + "description" => empty($item->description) ? "" : p::clean($item->description))); } function tree($item, $parent) { |