diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/organize/controllers/organize.php | 5 | ||||
| -rw-r--r-- | modules/organize/views/organize_dialog.html.php | 2 | ||||
| -rw-r--r-- | modules/organize/views/organize_frame.html.php | 2 |
3 files changed, 5 insertions, 4 deletions
diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 048f6fc3..3f04e56d 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -56,7 +56,7 @@ class Organize_Controller extends Controller { "sort_column" => $album->sort_column, "sort_order" => $album->sort_order, "editable" => access::can("edit", $album), - "title" => $album->title, + "title" => (string)html::clean($album->title), "children" => array()); foreach ($album->viewable()->children() as $child) { @@ -67,8 +67,9 @@ class Organize_Controller extends Controller { "width" => $dims[1], "height" => $dims[0], "type" => $child->type, - "title" => $child->title); + "title" => (string)html::clean($child->title)); } + Kohana_Log::add("error","".print_r($data,1)); json::reply($data); } diff --git a/modules/organize/views/organize_dialog.html.php b/modules/organize/views/organize_dialog.html.php index a386fa77..9ea4d923 100644 --- a/modules/organize/views/organize_dialog.html.php +++ b/modules/organize/views/organize_dialog.html.php @@ -11,7 +11,7 @@ var set_title = function(title) { $("#g-dialog").dialog("option", "title", ORGANIZE_TITLE.replace("__TITLE__", title)); } - set_title("<?= $album->title ?>"); + set_title("<?= html::clean($album->title) ?>"); var done_loading = function() { $("#g-organize-app-loading").hide(); diff --git a/modules/organize/views/organize_frame.html.php b/modules/organize/views/organize_frame.html.php index 20a1a6da..51d49104 100644 --- a/modules/organize/views/organize_frame.html.php +++ b/modules/organize/views/organize_frame.html.php @@ -506,7 +506,7 @@ root: { allowDrop: Boolean(<?= access::can("edit", item::root()) ?>), nodeType: "async", - text: "<?= item::root()->title ?>", + text: "<?= html::clean(item::root()->title) ?>", draggable: false, id: "<?= item::root()->id ?>", expanded: true |