From 8524fba15a4cbabe1d6c4e60bdfe9e766eca1fdc Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sat, 21 Jul 2012 15:42:52 -0700
Subject: Sanitize the module name and don't allow storing values for illegal
 module names.  Fixes #1898.

---
 modules/gallery/views/admin_advanced_settings.html.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php
index 8d21d890..6745f0df 100644
--- a/modules/gallery/views/admin_advanced_settings.html.php
+++ b/modules/gallery/views/admin_advanced_settings.html.php
@@ -19,7 +19,7 @@
       </tr>
       <? foreach ($vars as $var): ?>
       <tr class="setting-row <?= text::alternate("g-odd", "g-even") ?>">
-        <td> <?= $var->module_name ?> </td>
+        <td> <?= html::clean($var->module_name) ?> </td>
         <td> <?= html::clean($var->name) ?> </td>
         <td>
           <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . html::clean($var->name)) ?>"
-- 
cgit v1.2.3