From 8f9a943f55c1342177d7687e3d891f5d1c9eff30 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 1 Jul 2009 17:57:39 -0700
Subject: Fix a bunch of XSS vulnerabilities turned up by manual inspection
 using the checklist in ticket #385.

---
 modules/server_add/controllers/admin_server_add.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/server_add/controllers/admin_server_add.php')

diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php
index a3f9aa96..a30215b8 100644
--- a/modules/server_add/controllers/admin_server_add.php
+++ b/modules/server_add/controllers/admin_server_add.php
@@ -40,7 +40,7 @@ class Admin_Server_Add_Controller extends Admin_Controller {
         module::set_var("server_add", "authorized_paths", serialize($paths));
         $form->add_path->inputs->path->value = "";
 
-        message::success(t("Added path %path", array("path" => $path)));
+        message::success(t("Added path %path", array("path" => p::clean($path))));
 
         server_add::check_config($paths);
         url::redirect("admin/server_add");
@@ -62,7 +62,7 @@ class Admin_Server_Add_Controller extends Admin_Controller {
     $path = $this->input->get("path");
     $paths = unserialize(module::get_var("server_add", "authorized_paths"));
     unset($paths[$path]);
-    message::success(t("Removed path %path", array("path" => $path)));
+    message::success(t("Removed path %path", array("path" => p::clean($path))));
     module::set_var("server_add", "authorized_paths", serialize($paths));
     server_add::check_config($paths);
 
-- 
cgit v1.2.3