From 8312eb116e65195e3fc70d59b3b0817b9c807287 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Mon, 31 Aug 2009 02:12:01 -0700
Subject: XSS review fixes (mostly adding missing html::mark_clean()) calls.

---
 modules/notification/controllers/notification.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/notification')

diff --git a/modules/notification/controllers/notification.php b/modules/notification/controllers/notification.php
index ffb4b46a..5745de5d 100644
--- a/modules/notification/controllers/notification.php
+++ b/modules/notification/controllers/notification.php
@@ -26,10 +26,10 @@ class Notification_Controller extends Controller {
 
     if (notification::is_watching($item)) {
       notification::remove_watch($item);
-      message::success(sprintf(t("You are no longer watching %s"), $item->title));
+      message::success(sprintf(t("You are no longer watching %s"), html::purify($item->title)));
     } else {
       notification::add_watch($item);
-      message::success(sprintf(t("You are now watching %s"), $item->title));
+      message::success(sprintf(t("You are now watching %s"), html::purify($item->title)));
     }
     url::redirect($item->url(array(), true));
   }
-- 
cgit v1.2.3