From 8312eb116e65195e3fc70d59b3b0817b9c807287 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Mon, 31 Aug 2009 02:12:01 -0700
Subject: XSS review fixes (mostly adding missing html::mark_clean()) calls.

---
 modules/gallery/controllers/photos.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'modules/gallery/controllers/photos.php')

diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index 3447b4c6..3b9662c7 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -86,7 +86,8 @@ class Photos_Controller extends Items_Controller {
 
       log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>");
       message::success(
-        t("Saved photo %photo_title", array("photo_title" => $photo->title)));
+                       t("Saved photo %photo_title",
+                         array("photo_title" => html::purify($photo->title))));
 
       print json_encode(
         array("result" => "success",
-- 
cgit v1.2.3