Fix XSS vectors in HTML attributes (mostly t() calls)

2 files changed, 3 insertions, 3 deletions

diff --git a/themes/default/views/page.html.php b/themes/default/views/page.html.php
index 7d181ea0..1650debe 100644
--- a/themes/default/views/page.html.php
+++ b/themes/default/views/page.html.php
@@ -81,8 +81,8 @@
           <? if ($header_text = module::get_var("gallery", "header_text")): ?>
           <?= $header_text ?>
           <? else: ?>
-          <a id="gLogo" href="<?= url::site("albums/1") ?>" title="<?= t("go back to the Gallery home") ?>">
-            <img width="107" height="48" alt="<?= t("Gallery logo: Your photos on your web site") ?>" src="<?= $theme->url("images/logo.png") ?>" />
+          <a id="gLogo" href="<?= url::site("albums/1") ?>" title="<?= t("go back to the Gallery home")->for_html_attr() ?>">
+            <img width="107" height="48" alt="<?= t("Gallery logo: Your photos on your web site")->for_html_attr() ?>" src="<?= $theme->url("images/logo.png") ?>" />
           </a>
           <? endif ?>
           <div id="gSiteMenu">
diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php
index 5289b467..b0096043 100644
--- a/themes/default/views/photo.html.php
+++ b/themes/default/views/photo.html.php
@@ -40,7 +40,7 @@
   <div id="gPhoto">
     <?= $theme->resize_top($item) ?>
     <? if (access::can("view_full", $item)): ?>
-    <a href="<?= $item->file_url() ?>" class="gFullSizeLink" title="<?= t("View full size") ?>">
+    <a href="<?= $item->file_url() ?>" class="gFullSizeLink" title="<?= t("View full size")->for_html_attr() ?>">
       <? endif ?>
       <?= $item->resize_img(array("id" => "gPhotoId-{$item->id}", "class" => "gResize")) ?>
       <? if (access::can("view_full", $item)): ?>