From 2bc73e2e36fefc3c1ee1b8e97e686c6729e58dcb Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Mon, 31 Aug 2009 21:51:57 -0700
Subject: Fix XSS vectors in HTML attributes (mostly t() calls)

---
 modules/user/views/admin_users.html.php       | 10 +++++-----
 modules/user/views/admin_users_group.html.php |  6 +++---
 modules/user/views/login.html.php             |  2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)

(limited to 'modules/user')

diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 9455f9d9..c065e4b1 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -44,7 +44,7 @@
 <div class="gBlock">
   <a href="<?= url::site("admin/users/add_user_form") ?>"
       class="gDialogLink gButtonLink right ui-icon-left ui-state-default ui-corner-all"
-      title="<?= t("Create a new user") ?>">
+      title="<?= t("Create a new user")->for_html_attr() ?>">
     <span class="ui-icon ui-icon-circle-plus"></span>
     <?= t("Add a new user") ?>
   </a>
@@ -67,8 +67,8 @@
       <tr id="gUser-<?= $user->id ?>" class="<?= text::alternate("gOddRow", "gEvenRow") ?> user <?= $user->admin ? "admin" : "" ?>">
         <td id="user-<?= $user->id ?>" class="core-info gDraggable">
           <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
-               title="<?= t("Drag user onto group below to add as a new member") ?>"
-               alt="<?= html::clean($user->name) ?>"
+               title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
+               alt="<?= html::clean_attribute($user->name) ?>"
                width="20"
                height="20" />
           <?= html::clean($user->name) ?>
@@ -92,7 +92,7 @@
               class="gDialogLink gButtonLink ui-state-default ui-corner-all ui-icon-left">
             <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
           <? else: ?>
-          <span title="<?= t("This user cannot be deleted") ?>"
+          <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
               class="gButtonLink ui-state-disabled ui-corner-all ui-icon-left">
             <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
           <? endif ?>
@@ -106,7 +106,7 @@
 <div id="gGroupAdmin" class="gBlock">
   <a href="<?= url::site("admin/users/add_group_form") ?>"
       class="gDialogLink gButtonLink right ui-icon-left ui-state-default ui-corner-all"
-      title="<?= t("Create a new group") ?>">
+      title="<?= t("Create a new group")->for_html_attr() ?>">
     <span class="ui-icon ui-icon-circle-plus"></span>
     <?= t("Add a new group") ?>
   </a>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
index 8418ebc9..476e0817 100644
--- a/modules/user/views/admin_users_group.html.php
+++ b/modules/user/views/admin_users_group.html.php
@@ -3,11 +3,11 @@
   <?= html::clean($group->name) ?>
   <? if (!$group->special): ?>
   <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
-    title="<?= t("Delete the %name group", array("name" => $group->name)) ?>"
+    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
     class="gDialogLink gButtonLink ui-state-default ui-corner-all">
     <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
   <? else: ?>
-  <a title="<?= t("This default group cannot be deleted") ?>"
+  <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
      class="gDialogLink gButtonLink ui-state-disabled ui-corner-all ui-icon-left">
     <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
   <? endif ?>
@@ -22,7 +22,7 @@
     <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
        class="gButtonLink ui-state-default ui-corner-all ui-icon-left"
        title="<?= t("Remove %user from %group group",
-              array("user" => $user->name, "group" => $group->name)) ?>">
+              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
       <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
     </a>
     <? endif ?>
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
index 27431ce8..bb670d51 100644
--- a/modules/user/views/login.html.php
+++ b/modules/user/views/login.html.php
@@ -3,7 +3,7 @@
   <? if ($user->guest): ?>
   <li class="first">
     <a href="<?= url::site("login/ajax") ?>"
-       title="<?= t("Login to Gallery") ?>"
+       title="<?= t("Login to Gallery")->for_html_attr() ?>"
        id="gLoginLink"><?= t("Login") ?></a>
   </li>
   <? else: ?>
-- 
cgit v1.2.3