From 8f9a943f55c1342177d7687e3d891f5d1c9eff30 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 1 Jul 2009 17:57:39 -0700
Subject: Fix a bunch of XSS vulnerabilities turned up by manual inspection
 using the checklist in ticket #385.

---
 modules/gallery/controllers/admin_advanced_settings.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery/controllers/admin_advanced_settings.php')

diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php
index 79bc1183..64007fdb 100644
--- a/modules/gallery/controllers/admin_advanced_settings.php
+++ b/modules/gallery/controllers/admin_advanced_settings.php
@@ -46,7 +46,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller {
     module::set_var($module_name, $var_name, Input::instance()->post("value"));
     message::success(
       t("Saved value for %var (%module_name)",
-        array("var" => $var_name, "module_name" => $module_name)));
+        array("var" => p::clean($var_name), "module_name" => $module_name)));
 
     print json_encode(array("result" => "success"));
   }
-- 
cgit v1.2.3