From 8f9a943f55c1342177d7687e3d891f5d1c9eff30 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 1 Jul 2009 17:57:39 -0700 Subject: Fix a bunch of XSS vulnerabilities turned up by manual inspection using the checklist in ticket #385. --- modules/tag/controllers/admin_tags.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/tag/controllers') diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index af5055ff..dcdc16b9 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -53,8 +53,8 @@ class Admin_Tags_Controller extends Admin_Controller { $name = $tag->name; Database::instance()->delete("items_tags", array("tag_id" => "$tag->id")); $tag->delete(); - message::success(t("Deleted tag %tag_name", array("tag_name" => $name))); - log::success("tags", t("Deleted tag %tag_name", array("tag_name" => $name))); + message::success(t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); + log::success("tags", t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); print json_encode( array("result" => "success", @@ -98,7 +98,7 @@ class Admin_Tags_Controller extends Admin_Controller { $tag->save(); $message = t("Renamed tag %old_name to %new_name", - array("old_name" => $old_name, "new_name" => $tag->name)); + array("old_name" => p::clean($old_name), "new_name" => p::clean($tag->name))); message::success($message); log::success("tags", $message); -- cgit v1.2.3