diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-08-29 15:41:02 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-08-29 15:41:02 -0700 |
| commit | 0204617b602183a3e157bc7e23c617acd22a5212 (patch) | |
| tree | 429a7f7ecd3eb9e7cc846bbf5a4f28601e09d22d /modules | |
| parent | c4d5ecde66c7bffde2259b9815c050e6a4d8f333 (diff) | |
XSS fixes
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/gallery/views/admin_maintenance.html.php | 2 | ||||
| -rw-r--r-- | modules/rss/views/rss_block.html.php | 2 | ||||
| -rw-r--r-- | modules/server_add/views/admin_server_add.html.php | 4 | ||||
| -rw-r--r-- | modules/server_add/views/server_add_tree.html.php | 4 | ||||
| -rw-r--r-- | modules/tag/views/admin_tags.html.php | 4 |
5 files changed, 8 insertions, 8 deletions
diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php index a0a6a19e..a1f7b126 100644 --- a/modules/gallery/views/admin_maintenance.html.php +++ b/modules/gallery/views/admin_maintenance.html.php @@ -164,7 +164,7 @@ <?= $task->status ?> </td> <td> - <?= $task->owner()->name ?> + <?= SafeString::of($task->owner()->name) ?> </td> <td> <? if ($task->done): ?> diff --git a/modules/rss/views/rss_block.html.php b/modules/rss/views/rss_block.html.php index 39921d7d..cd8db89d 100644 --- a/modules/rss/views/rss_block.html.php +++ b/modules/rss/views/rss_block.html.php @@ -5,7 +5,7 @@ <span class="ui-icon-left"> <a href="<?= rss::url($url) ?>"> <span class="ui-icon ui-icon-signal-diag"></span> - <?= $title ?> + <?= SafeString::purify($title) ?> </a> </span> </li> diff --git a/modules/server_add/views/admin_server_add.html.php b/modules/server_add/views/admin_server_add.html.php index 30ab3536..c4439bda 100644 --- a/modules/server_add/views/admin_server_add.html.php +++ b/modules/server_add/views/admin_server_add.html.php @@ -11,12 +11,12 @@ <ul id="gPathList"> <? foreach ($paths as $id => $path): ?> <li class="ui-icon-left"> - <a href="<?= url::site("admin/server_add/remove_path?path=$path&csrf=$csrf") ?>" + <a href="<?= url::site("admin/server_add/remove_path?path=" . urlencode($path) . "&csrf=$csrf") ?>" id="icon_<?= $id?>" class="gRemoveDir ui-icon ui-icon-trash"> X </a> - <?= $path ?> + <?= SafeString::of($path) ?> </li> <? endforeach ?> </ul> diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index b68544ec..2f65a590 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -10,7 +10,7 @@ <li class="ui-icon-left"> <span class="ui-icon ui-icon-folder-open"></span> <span ondblclick="open_dir('<?= $dir ?>')"> - <?= basename($dir) ?> + <?= SafeString::of(basename($dir)) ?> </span> <ul> <? endforeach ?> @@ -22,7 +22,7 @@ <? if (is_dir($file)): ?> ondblclick="open_dir($(this).attr('file'))" <? endif ?> - file="<?= $file ?>" + file="<?= strtr($file, array('"' => '\\"')) ?>" > <?= SafeString::of(basename($file)) ?> </span> diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index 5bd23112..30dd0728 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -32,7 +32,7 @@ <? $current_letter = strtoupper(mb_substr($tag->name, 0, 1)) ?> <? if ($i == 0): /* first letter */ ?> - <strong><?= $current_letter ?></strong> + <strong><?= SafeString::of($current_letter) ?></strong> <ul> <? elseif ($last_letter != $current_letter): /* new letter */ ?> <? if ($column_tag_count > $tags_per_column): /* new column */ ?> @@ -42,7 +42,7 @@ <? endif ?> </ul> - <strong><?= $current_letter ?></strong> + <strong><?= SafeString::of($current_letter) ?></strong> <ul> <? endif ?> |