From dd854379c20722a763ae7fe3d097a57a544cae80 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 3 Jun 2009 17:08:23 -0700
Subject: Sanitize all data we return via json_encode() to guard against XSS
 and other data leaks.

---
 modules/organize/controllers/organize.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'modules/organize/controllers')

diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php
index 43d41357..57709cb5 100644
--- a/modules/organize/controllers/organize.php
+++ b/modules/organize/controllers/organize.php
@@ -61,8 +61,9 @@ class Organize_Controller extends Controller {
     access::required("view", $item);
     access::required("edit", $item);
 
-    print json_encode(array("title" => $item->title,
-                            "description" => empty($item->description) ? "" : $item->description));
+    print json_encode(
+      array("title" => p::clean($item->title),
+            "description" => empty($item->description) ? "" : p::clean($item->description)));
   }
 
   function tree($item, $parent) {
-- 
cgit v1.2.3