diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/gallery/controllers/user_profile.php | 4 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_event.php | 2 | ||||
| -rw-r--r-- | modules/gallery/views/user_profile.html.php | 2 | ||||
| -rw-r--r-- | modules/gallery/views/user_profile_info.html.php | 2 | ||||
| -rw-r--r-- | modules/rest/views/user_profile_rest.html.php | 2 |
5 files changed, 6 insertions, 6 deletions
diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php index a0e6619e..327d2ff1 100644 --- a/modules/gallery/controllers/user_profile.php +++ b/modules/gallery/controllers/user_profile.php @@ -53,11 +53,11 @@ class User_Profile_Controller extends Controller { if ($form->validate()) { Sendmail::factory() ->to($user->email) - ->subject($form->message->subject->value) + ->subject(html::clean($form->message->subject->value)) ->header("Mime-Version", "1.0") ->header("Content-type", "text/html; charset=iso-8859-1") ->reply_to($form->message->reply_to->value) - ->message($form->message->message->value) + ->message(html::purify($form->message->message->value)) ->send(); message::success(t("Sent message to %user_name", array("user_name" => $user->display_name()))); print json_encode(array("result" => "success")); diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 70c6de4a..9b252f61 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -411,7 +411,7 @@ class gallery_event_Core { if ($field == "locale") { $value = locales::display_name($value); } - $v->fields[(string) $label] = html::clean($value); + $v->fields[(string) $label] = $value; } } $data->content[] = (object) array("title" => t("User information"), "view" => $v); diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php index 708b1613..7dc9d13e 100644 --- a/modules/gallery/views/user_profile.html.php +++ b/modules/gallery/views/user_profile.html.php @@ -41,7 +41,7 @@ <? foreach ($info_parts as $info): ?> <div> <fieldset> - <label><?= $info->title ?></label> + <label><?= html::purify($info->title) ?></label> <div> <?= $info->view ?> </div> diff --git a/modules/gallery/views/user_profile_info.html.php b/modules/gallery/views/user_profile_info.html.php index 2a2549c8..2f2d68d3 100644 --- a/modules/gallery/views/user_profile_info.html.php +++ b/modules/gallery/views/user_profile_info.html.php @@ -3,7 +3,7 @@ <? foreach ($fields as $field => $value): ?> <tr> <td><?= $field ?></td> - <td><?= $value ?></td> + <td><?= html::purify($value) ?></td> </tr> <? endforeach ?> </table> diff --git a/modules/rest/views/user_profile_rest.html.php b/modules/rest/views/user_profile_rest.html.php index 3807817e..397afa89 100644 --- a/modules/rest/views/user_profile_rest.html.php +++ b/modules/rest/views/user_profile_rest.html.php @@ -2,7 +2,7 @@ <div id="g-rest-detail"> <ul> <li id="g-rest-key"> - <p><b><?= t("Key") ?></b>:<?= $rest_key ?></p> + <p><b><?= t("Key") ?></b>:<?= html::clean($rest_key) ?></p> </li> </ul> </div> |