From 8f9a943f55c1342177d7687e3d891f5d1c9eff30 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 1 Jul 2009 17:57:39 -0700
Subject: Fix a bunch of XSS vulnerabilities turned up by manual inspection
 using the checklist in ticket #385.

---
 modules/gallery/controllers/photos.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'modules/gallery/controllers/photos.php')

diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index f5be5d59..6a62e859 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -87,7 +87,8 @@ class Photos_Controller extends Items_Controller {
       module::event("item_updated", $orig, $photo);
 
       log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>");
-      message::success(t("Saved photo %photo_title", array("photo_title" => $photo->title)));
+      message::success(
+        t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title))));
 
       print json_encode(
         array("result" => "success",
-- 
cgit v1.2.3