diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-07-01 17:57:39 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-07-01 17:57:39 -0700 |
| commit | 8f9a943f55c1342177d7687e3d891f5d1c9eff30 (patch) | |
| tree | eb84d7973495f3b9558951139c0b4952be0a2aaa /modules/tag/controllers | |
| parent | 7b1e3c50218b235a7d25ebe21f93eb8dd9acfb84 (diff) | |
Fix a bunch of XSS vulnerabilities turned up by manual inspection
using the checklist in ticket #385.
Diffstat (limited to 'modules/tag/controllers')
| -rw-r--r-- | modules/tag/controllers/admin_tags.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index af5055ff..dcdc16b9 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -53,8 +53,8 @@ class Admin_Tags_Controller extends Admin_Controller { $name = $tag->name; Database::instance()->delete("items_tags", array("tag_id" => "$tag->id")); $tag->delete(); - message::success(t("Deleted tag %tag_name", array("tag_name" => $name))); - log::success("tags", t("Deleted tag %tag_name", array("tag_name" => $name))); + message::success(t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); + log::success("tags", t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); print json_encode( array("result" => "success", @@ -98,7 +98,7 @@ class Admin_Tags_Controller extends Admin_Controller { $tag->save(); $message = t("Renamed tag %old_name to %new_name", - array("old_name" => $old_name, "new_name" => $tag->name)); + array("old_name" => p::clean($old_name), "new_name" => p::clean($tag->name))); message::success($message); log::success("tags", $message); |