diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-08-31 21:51:57 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-08-31 21:51:57 -0700 |
| commit | 2bc73e2e36fefc3c1ee1b8e97e686c6729e58dcb (patch) | |
| tree | c511db2684ea957572a1d27caf49a08963ef8484 /themes | |
| parent | 8c3a2db3803ccaa3572f0bf061ca7faf62f13fca (diff) | |
Fix XSS vectors in HTML attributes (mostly t() calls)
Diffstat (limited to 'themes')
| -rw-r--r-- | themes/admin_default/views/admin.html.php | 2 | ||||
| -rw-r--r-- | themes/default/views/page.html.php | 4 | ||||
| -rw-r--r-- | themes/default/views/photo.html.php | 2 |
3 files changed, 4 insertions, 4 deletions
diff --git a/themes/admin_default/views/admin.html.php b/themes/admin_default/views/admin.html.php index 3b1ff92c..c54fdcb5 100644 --- a/themes/admin_default/views/admin.html.php +++ b/themes/admin_default/views/admin.html.php @@ -48,7 +48,7 @@ <li class="first"><?= html::anchor("albums/1", "← ".t("Back to the Gallery")) ?></li> <li id="gLogoutLink"><a href="<?= url::site("logout?continue=albums/1&csrf=$csrf") ?>"><?= t("Logout") ?></a></li> </ul> - <a id="gLogo" href="<?= url::site("albums/1") ?>" title="<?= t("go back to the Gallery") ?>"> + <a id="gLogo" href="<?= url::site("albums/1") ?>" title="<?= t("go back to the Gallery")->for_html_attr() ?>"> ← <?= t("back to the ...") ?> </a> <div id="gSiteAdminMenu" style="display: none;"> diff --git a/themes/default/views/page.html.php b/themes/default/views/page.html.php index 7d181ea0..1650debe 100644 --- a/themes/default/views/page.html.php +++ b/themes/default/views/page.html.php @@ -81,8 +81,8 @@ <? if ($header_text = module::get_var("gallery", "header_text")): ?> <?= $header_text ?> <? else: ?> - <a id="gLogo" href="<?= url::site("albums/1") ?>" title="<?= t("go back to the Gallery home") ?>"> - <img width="107" height="48" alt="<?= t("Gallery logo: Your photos on your web site") ?>" src="<?= $theme->url("images/logo.png") ?>" /> + <a id="gLogo" href="<?= url::site("albums/1") ?>" title="<?= t("go back to the Gallery home")->for_html_attr() ?>"> + <img width="107" height="48" alt="<?= t("Gallery logo: Your photos on your web site")->for_html_attr() ?>" src="<?= $theme->url("images/logo.png") ?>" /> </a> <? endif ?> <div id="gSiteMenu"> diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php index 5289b467..b0096043 100644 --- a/themes/default/views/photo.html.php +++ b/themes/default/views/photo.html.php @@ -40,7 +40,7 @@ <div id="gPhoto"> <?= $theme->resize_top($item) ?> <? if (access::can("view_full", $item)): ?> - <a href="<?= $item->file_url() ?>" class="gFullSizeLink" title="<?= t("View full size") ?>"> + <a href="<?= $item->file_url() ?>" class="gFullSizeLink" title="<?= t("View full size")->for_html_attr() ?>"> <? endif ?> <?= $item->resize_img(array("id" => "gPhotoId-{$item->id}", "class" => "gResize")) ?> <? if (access::can("view_full", $item)): ?> |