From 8f9a943f55c1342177d7687e3d891f5d1c9eff30 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 1 Jul 2009 17:57:39 -0700
Subject: Fix a bunch of XSS vulnerabilities turned up by manual inspection
 using the checklist in ticket #385.

---
 modules/user/controllers/logout.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/user/controllers/logout.php')

diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
index a541ed9b..63971789 100644
--- a/modules/user/controllers/logout.php
+++ b/modules/user/controllers/logout.php
@@ -23,8 +23,8 @@ class Logout_Controller extends Controller {
 
     $user = user::active();
     user::logout();
-    log::info("user", t("User %name logged out", array("name" => $user->name)),
-              html::anchor("user/$user->id", $user->name));
+    log::info("user", t("User %name logged out", array("name" => p::clean($user->name))),
+              html::anchor("user/$user->id", p::clean($user->name)));
     if ($this->input->get("continue")) {
       $item = url::get_item_from_uri($this->input->get("continue"));
       if (access::can("view", $item)) {
-- 
cgit v1.2.3