From 708f27f483d70660446ea2132b02cb7b39225f98 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sun, 31 May 2009 00:11:48 -0700
Subject: Run p::clean() on any variables that contain data entered by users.

---
 modules/gallery/views/simple_uploader.html.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'modules/gallery/views/simple_uploader.html.php')

diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php
index b6725c31..abda6d26 100644
--- a/modules/gallery/views/simple_uploader.html.php
+++ b/modules/gallery/views/simple_uploader.html.php
@@ -5,7 +5,7 @@
 <!-- hack to set the title for the dialog -->
 <form id="gAddPhotosForm" action="<?= url::site("simple_uploader/finish") ?>">
   <fieldset>
-    <legend> <?= t("Add photos to %album_title", array("album_title" => $item->title)) ?> </legend>
+    <legend> <?= t("Add photos to %album_title", array("album_title" => p::clean($item->title))) ?> </legend>
   </fieldset>
 </form>
 
@@ -25,9 +25,9 @@
   </p>
   <ul class="gBreadcrumbs">
     <? foreach ($item->parents() as $parent): ?>
-    <li> <?= $parent->title ?> </li>
+    <li> <?= p::clean($parent->title) ?> </li>
     <? endforeach ?>
-    <li class="active"> <?= $item->title ?> </li>
+    <li class="active"> <?= p::clean($item->title) ?> </li>
   </ul>
 
   <p><?= t("Upload Queue") ?></p>
-- 
cgit v1.2.3