summaryrefslogtreecommitdiff
path: root/modules/gallery/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery/controllers')
-rw-r--r--modules/gallery/controllers/admin_theme_options.php14
1 files changed, 10 insertions, 4 deletions
diff --git a/modules/gallery/controllers/admin_theme_options.php b/modules/gallery/controllers/admin_theme_options.php
index 38d2b0a8..3258040c 100644
--- a/modules/gallery/controllers/admin_theme_options.php
+++ b/modules/gallery/controllers/admin_theme_options.php
@@ -53,11 +53,17 @@ class Admin_Theme_Options_Controller extends Admin_Controller {
module::set_var("gallery", "resize_size", $resize_size);
}
- module::set_var("gallery", "header_text", $form->edit_theme->header_text->value);
- module::set_var("gallery", "footer_text", $form->edit_theme->footer_text->value);
module::set_var("gallery", "show_credits", $form->edit_theme->show_credits->value);
- module::set_var("gallery", "favicon_url", $form->edit_theme->favicon_url->value);
- module::set_var("gallery", "apple_touch_icon_url", $form->edit_theme->apple_touch_icon_url->value);
+
+ // Sanitize values that get placed directly in HTML output by theme.
+ module::set_var("gallery", "header_text",
+ html::purify($form->edit_theme->header_text->value));
+ module::set_var("gallery", "footer_text",
+ html::purify($form->edit_theme->footer_text->value));
+ module::set_var("gallery", "favicon_url",
+ html::purify($form->edit_theme->favicon_url->value));
+ module::set_var("gallery", "apple_touch_icon_url",
+ html::purify($form->edit_theme->apple_touch_icon_url->value));
module::event("theme_edit_form_completed", $form);
generated by cgit v1.2.3 (git 2.51.0) at 2025-10-31 22:02:32 +0000