Fix for ticket #477. Use nl2br method when rendering comment::text and

item::description.  In addition add p::clean or p::purify to places that
xss cleaning had missed (i.e. rss feeds)

3 files changed, 3 insertions, 3 deletions

diff --git a/themes/default/views/album.html.php b/themes/default/views/album.html.php
index 273b8a4e..65ea3381 100644
--- a/themes/default/views/album.html.php
+++ b/themes/default/views/album.html.php
@@ -3,7 +3,7 @@
 <div id="gInfo">
   <?= $theme->album_top() ?>
   <h1><?= p::purify($item->title) ?></h1>
-  <div class="gDescription"><?= p::purify($item->description) ?></div>
+  <div class="gDescription"><?= nl2br(p::purify($item->description)) ?></div>
 </div>
 
 <ul id="gAlbumGrid">
diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php
index 2cd9806f..66c80ded 100644
--- a/themes/default/views/movie.html.php
+++ b/themes/default/views/movie.html.php
@@ -16,7 +16,7 @@
 
   <div id="gInfo">
     <h1><?= p::purify($item->title) ?></h1>
-    <div><?= p::purify($item->description) ?></div>
+       <div><?= nl2br(p::purify($item->description)) ?></div>
   </div>
 
   <script type="text/javascript">
diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php
index dc3a9dfd..bf4d9da3 100644
--- a/themes/default/views/photo.html.php
+++ b/themes/default/views/photo.html.php
@@ -51,7 +51,7 @@
 
   <div id="gInfo">
     <h1><?= p::purify($item->title) ?></h1>
-    <div><?= p::purify($item->description) ?></div>
+    <div><?= nl2br(p::purify($item->description)) ?></div>
   </div>
 
   <script type="text/javascript">