From 2bc73e2e36fefc3c1ee1b8e97e686c6729e58dcb Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Mon, 31 Aug 2009 21:51:57 -0700
Subject: Fix XSS vectors in HTML attributes (mostly t() calls)

---
 modules/gallery/views/permissions_form.html.php | 42 ++++++++++++-------------
 1 file changed, 21 insertions(+), 21 deletions(-)

(limited to 'modules/gallery/views/permissions_form.html.php')

diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php
index e6b217c5..a0bb35f2 100644
--- a/modules/gallery/views/permissions_form.html.php
+++ b/modules/gallery/views/permissions_form.html.php
@@ -20,9 +20,9 @@
 
         <? if ($lock): ?>
           <td class="gDenied">
-            <img src="<?= url::file('themes/default/images/ico-denied.png') ?>" title="<?= t('denied and locked through parent album') ?>" alt="<?= t('denied icon') ?>" />
-            <a href="javascript:show(<?= $lock->id ?>)" title="<?= t('click to go to parent album') ?>">
-              <img src="<?= url::file('themes/default/images/ico-lock.png') ?>" alt="<?= t('locked icon') ?>" />
+            <img src="<?= url::file('themes/default/images/ico-denied.png') ?>" title="<?= t('denied and locked through parent album')->for_html_attr() ?>" alt="<?= t('denied icon')->for_html_attr() ?>" />
+            <a href="javascript:show(<?= $lock->id ?>)" title="<?= t('click to go to parent album')->for_html_attr() ?>">
+              <img src="<?= url::file('themes/default/images/ico-lock.png') ?>" alt="<?= t('locked icon')->for_html_attr() ?>" />
             </a>
           </td>
         <? else: ?>
@@ -30,23 +30,23 @@
             <? if ($allowed): ?>
               <td class="gAllowed">
                 <a href="javascript:set('allow',<?= $group->id ?>,<?= $permission->id ?>,<?= $item->id ?>)"
-                  title="<?= t('allowed through parent album, click to allow explicitly') ?>">
-                  <img src="<?= url::file('themes/default/images/ico-success-pale.png') ?>" alt="<?= t('passive allowed icon') ?>" />
+                  title="<?= t('allowed through parent album, click to allow explicitly')->for_html_attr() ?>">
+                  <img src="<?= url::file('themes/default/images/ico-success-pale.png') ?>" alt="<?= t('passive allowed icon')->for_html_attr() ?>" />
                 </a>
                 <a href="javascript:set('deny',<?= $group->id ?>,<?= $permission->id ?>,<?= $item->id ?>)"
-                  title="<?= t('click to deny') ?>">
-                  <img src="<?= url::file('themes/default/images/ico-denied-gray.png') ?>" alt="<?= t('inactive denied icon') ?>" />
+                  title="<?= t('click to deny')->for_html_attr() ?>">
+                  <img src="<?= url::file('themes/default/images/ico-denied-gray.png') ?>" alt="<?= t('inactive denied icon')->for_html_attr() ?>" />
                 </a>
               </td>
             <? else: ?>
               <td class="gDenied">
                 <a href="javascript:set('allow',<?= $group->id ?>,<?= $permission->id ?>,<?= $item->id ?>)"
-                  title="<?= t('click to allow') ?>">
-                  <img src="<?= url::file('themes/default/images/ico-success-gray.png') ?>" alt="<?= t('inactive allowed icon') ?>" />
+                  title="<?= t('click to allow')->for_html_attr() ?>">
+                  <img src="<?= url::file('themes/default/images/ico-success-gray.png') ?>" alt="<?= t('inactive allowed icon')->for_html_attr() ?>" />
                 </a>
                 <a href="javascript:set('deny',<?= $group->id ?>,<?= $permission->id ?>,<?= $item->id ?>)"
-                  title="<?= t('denied through parent album, click to deny explicitly') ?>">
-                  <img src="<?= url::file('themes/default/images/ico-denied-pale.png') ?>" alt="<?= t('passive denied icon') ?>" />
+                  title="<?= t('denied through parent album, click to deny explicitly')->for_html_attr() ?>">
+                  <img src="<?= url::file('themes/default/images/ico-denied-pale.png') ?>" alt="<?= t('passive denied icon')->for_html_attr() ?>" />
                 </a>
               </td>
             <? endif ?>
@@ -54,31 +54,31 @@
           <? elseif ($intent === access::DENY): ?>
             <td class="gDenied">
               <a href="javascript:set('allow',<?= $group->id ?>,<?= $permission->id ?>,<?= $item->id ?>)"
-                title="<?= t('click to allow') ?>">
-                <img src="<?= url::file('themes/default/images/ico-success-gray.png') ?>" alt="<?= t('inactive allowed icon') ?>" />
+                title="<?= t('click to allow')->for_html_attr() ?>">
+                <img src="<?= url::file('themes/default/images/ico-success-gray.png') ?>" alt="<?= t('inactive allowed icon')->for_html_attr() ?>" />
               </a>
               <? if ($item->id == 1): ?>
-                <img src="<?= url::file('themes/default/images/ico-denied.png') ?>" alt="<?= t('denied icon') ?>" title="<?= t('denied') ?>"/>
+                <img src="<?= url::file('themes/default/images/ico-denied.png') ?>" alt="<?= t('denied icon')->for_html_attr() ?>" title="<?= t('denied')->for_html_attr() ?>"/>
               <? else: ?>
                 <a href="javascript:set('reset',<?= $group->id ?>,<?= $permission->id ?>,<?= $item->id ?>)"
-                  title="<?= t('denied, click to reset') ?>">
-                  <img src="<?= url::file('themes/default/images/ico-denied.png') ?>" alt="<?= t('denied icon') ?>" />
+                  title="<?= t('denied, click to reset')->for_html_attr() ?>">
+                  <img src="<?= url::file('themes/default/images/ico-denied.png') ?>" alt="<?= t('denied icon')->for_html_attr() ?>" />
                 </a>
               <? endif ?>
             </td>
           <? elseif ($intent === access::ALLOW): ?>
             <td class="gAllowed">
               <? if ($item->id == 1): ?>
-                <img src="<?= url::file('themes/default/images/ico-success.png') ?>" title="<?= t("allowed") ?>" alt="<?= t('allowed icon') ?>" />
+                <img src="<?= url::file('themes/default/images/ico-success.png') ?>" title="<?= t("allowed")->for_html_attr() ?>" alt="<?= t('allowed icon')->for_html_attr() ?>" />
               <? else: ?>
                 <a href="javascript:set('reset',<?= $group->id ?>,<?= $permission->id ?>,<?= $item->id ?>)"
-                  title="<?= t('allowed, click to reset') ?>">
-                  <img src="<?= url::file('themes/default/images/ico-success.png') ?>" alt="<?= t('allowed icon') ?>" />
+                  title="<?= t('allowed, click to reset')->for_html_attr() ?>">
+                  <img src="<?= url::file('themes/default/images/ico-success.png') ?>" alt="<?= t('allowed icon')->for_html_attr() ?>" />
                 </a>
               <? endif ?>
               <a href="javascript:set('deny',<?= $group->id ?>,<?= $permission->id ?>,<?= $item->id ?>)"
-                title="<?= t('click to deny') ?>">
-                <img src="<?= url::file('themes/default/images/ico-denied-gray.png') ?>" alt="<?= t('inactive denied icon') ?>" />
+                title="<?= t('click to deny')->for_html_attr() ?>">
+                <img src="<?= url::file('themes/default/images/ico-denied-gray.png') ?>" alt="<?= t('inactive denied icon')->for_html_attr() ?>" />
               </a>
             </td>
           <? endif ?>
-- 
cgit v1.2.3