From 9369ccab7fb3413d63e218cec81b4cf43442fd98 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sun, 31 May 2009 01:02:51 -0700
Subject: Run all variables that come from user-entered data through p::clean()

---
 modules/notification/views/item_deleted.html.php | 12 ++++++++----
 modules/notification/views/item_updated.html.php | 12 ++++++------
 2 files changed, 14 insertions(+), 10 deletions(-)

(limited to 'modules/notification')

diff --git a/modules/notification/views/item_deleted.html.php b/modules/notification/views/item_deleted.html.php
index ac9ab594..2d6d5738 100644
--- a/modules/notification/views/item_deleted.html.php
+++ b/modules/notification/views/item_deleted.html.php
@@ -1,20 +1,24 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= $subject ?> </title>
+    <title><?= p::clean($subject) ?> </title>
   </head>
   <body>
-    <h2><?= $subject ?></h2>
+    <h2><?= p::clean($subject) ?></h2>
     <table>
       <tr>
         <td colspan="2">
           <?= t("To view the changed album %title use the link below.",
-              array("title" => $item->parent()->title)) ?>
+              array("title" => p::clean($item->parent()->title))) ?>
         </td>
       </tr>
       <tr>
         <td><?= t("Url:") ?></td>
-        <td><a href="<?= $item->parent()->url(array(), true) ?>"><?= $item->parent()->url(array(), true) ?></a></td>
+        <td>
+          <a href="<?= $item->parent()->url(array(), true) ?>">
+            <?= $item->parent()->url(array(), true) ?>
+          </a>
+        </td>
       </tr>
     </table>
   </body>
diff --git a/modules/notification/views/item_updated.html.php b/modules/notification/views/item_updated.html.php
index cba522e8..0620c50c 100644
--- a/modules/notification/views/item_updated.html.php
+++ b/modules/notification/views/item_updated.html.php
@@ -1,18 +1,18 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= $subject ?> </title>
+    <title><?= p::clean($subject) ?> </title>
   </head>
   <body>
-    <h2> <?= $subject ?> </h2>
+    <h2> <?= p::clean($subject) ?> </h2>
     <table>
       <tr>
         <? if ($old->title != $new->title): ?>
         <td><?= t("New Title:") ?></td>
-        <td><?= $new->title ?></td>
+        <td><?= p::clean($new->title) ?></td>
         <? else: ?>
         <td><?= t("Title:") ?></td>
-        <td><?= $new->title ?></td>
+        <td><?= p::clean($new->title) ?></td>
         <? endif ?>
       </tr>
       <tr>
@@ -22,12 +22,12 @@
       <? if ($old->description != $new->description): ?>
       <tr>
         <td><?= t("New Description:") ?></td>
-        <td><?= $new->description ?></td>
+        <td><?= p::clean($new->description) ?></td>
       </tr>
       <? elseif (!empty($new->description)): ?>
       <tr>
         <td><?= t("Description:") ?></td>
-        <td><?= $new->description ?></td>
+        <td><?= p::clean($new->description) ?></td>
       </tr>
       <? endif ?>
     </table>
-- 
cgit v1.2.3