diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-07-01 17:57:39 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-07-01 17:57:39 -0700 |
| commit | 8f9a943f55c1342177d7687e3d891f5d1c9eff30 (patch) | |
| tree | eb84d7973495f3b9558951139c0b4952be0a2aaa /modules/user/controllers/logout.php | |
| parent | 7b1e3c50218b235a7d25ebe21f93eb8dd9acfb84 (diff) | |
Fix a bunch of XSS vulnerabilities turned up by manual inspection
using the checklist in ticket #385.
Diffstat (limited to 'modules/user/controllers/logout.php')
| -rw-r--r-- | modules/user/controllers/logout.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php index a541ed9b..63971789 100644 --- a/modules/user/controllers/logout.php +++ b/modules/user/controllers/logout.php @@ -23,8 +23,8 @@ class Logout_Controller extends Controller { $user = user::active(); user::logout(); - log::info("user", t("User %name logged out", array("name" => $user->name)), - html::anchor("user/$user->id", $user->name)); + log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), + html::anchor("user/$user->id", p::clean($user->name))); if ($this->input->get("continue")) { $item = url::get_item_from_uri($this->input->get("continue")); if (access::can("view", $item)) { |