diff options
| -rw-r--r-- | modules/organize/controllers/organize.php | 5 | ||||
| -rw-r--r-- | modules/organize/views/organize_dialog.html.php | 2 | ||||
| -rw-r--r-- | modules/organize/views/organize_frame.html.php | 2 | ||||
| -rw-r--r-- | themes/wind/views/dynamic.html.php | 2 | ||||
| -rw-r--r-- | themes/wind/views/page.html.php | 4 |
5 files changed, 8 insertions, 7 deletions
diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 048f6fc3..3f04e56d 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -56,7 +56,7 @@ class Organize_Controller extends Controller { "sort_column" => $album->sort_column, "sort_order" => $album->sort_order, "editable" => access::can("edit", $album), - "title" => $album->title, + "title" => (string)html::clean($album->title), "children" => array()); foreach ($album->viewable()->children() as $child) { @@ -67,8 +67,9 @@ class Organize_Controller extends Controller { "width" => $dims[1], "height" => $dims[0], "type" => $child->type, - "title" => $child->title); + "title" => (string)html::clean($child->title)); } + Kohana_Log::add("error","".print_r($data,1)); json::reply($data); } diff --git a/modules/organize/views/organize_dialog.html.php b/modules/organize/views/organize_dialog.html.php index a386fa77..9ea4d923 100644 --- a/modules/organize/views/organize_dialog.html.php +++ b/modules/organize/views/organize_dialog.html.php @@ -11,7 +11,7 @@ var set_title = function(title) { $("#g-dialog").dialog("option", "title", ORGANIZE_TITLE.replace("__TITLE__", title)); } - set_title("<?= $album->title ?>"); + set_title("<?= html::clean($album->title) ?>"); var done_loading = function() { $("#g-organize-app-loading").hide(); diff --git a/modules/organize/views/organize_frame.html.php b/modules/organize/views/organize_frame.html.php index 20a1a6da..51d49104 100644 --- a/modules/organize/views/organize_frame.html.php +++ b/modules/organize/views/organize_frame.html.php @@ -506,7 +506,7 @@ root: { allowDrop: Boolean(<?= access::can("edit", item::root()) ?>), nodeType: "async", - text: "<?= item::root()->title ?>", + text: "<?= html::clean(item::root()->title) ?>", draggable: false, id: "<?= item::root()->id ?>", expanded: true diff --git a/themes/wind/views/dynamic.html.php b/themes/wind/views/dynamic.html.php index a8a4d362..c8b2fcaf 100644 --- a/themes/wind/views/dynamic.html.php +++ b/themes/wind/views/dynamic.html.php @@ -3,7 +3,7 @@ <div id="g-album-header-buttons"> <?= $theme->dynamic_top() ?> </div> - <h1><?= html::clean($title) ?></h1> + <h1><?= html::purify($title) ?></h1> </div> <ul id="g-album-grid" class="ui-helper-clearfix"> diff --git a/themes/wind/views/page.html.php b/themes/wind/views/page.html.php index 24d3347e..18ade97f 100644 --- a/themes/wind/views/page.html.php +++ b/themes/wind/views/page.html.php @@ -10,11 +10,11 @@ <?= $page_title ?> <? else: ?> <? if ($theme->item()): ?> - <?= $theme->item()->title ?> + <?= html::purify($theme->item()->title) ?> <? elseif ($theme->tag()): ?> <?= t("Photos tagged with %tag_title", array("tag_title" => $theme->tag()->name)) ?> <? else: /* Not an item, not a tag, no page_title specified. Help! */ ?> - <?= item::root()->title ?> + <?= html::purify(item::root()->title) ?> <? endif ?> <? endif ?> </title> |