From d92c5a8a845baefc31743330f0a348a6f0c0c4fd Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 19 Sep 2009 12:39:58 -0700
Subject: XSS test checkpoint

---
 modules/gallery/tests/xss_data.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 57da8730..ff4a78a5 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -251,8 +251,8 @@ modules/search/views/search.html.php                         31  DIRTY_JS $item-
 modules/search/views/search.html.php                         32  DIRTY    $item->thumb_img()
 modules/server_add/views/admin_server_add.html.php           15  DIRTY_ATTR $id
 modules/server_add/views/admin_server_add.html.php           24  DIRTY    $form
-modules/server_add/views/server_add_tree.html.php            12  DIRTY_JS html::js_string($dir)
 modules/server_add/views/server_add_tree.html.php            20  DIRTY_ATTR is_dir($file)?"ui-icon-folder-collapsed":"ui-icon-document"
+modules/server_add/views/server_add_tree.html.php            21  DIRTY_ATTR is_dir($file)?"gDirectory":"gFile"
 modules/server_add/views/server_add_tree_dialog.html.php     3   DIRTY_JS url::site("server_add/children?path=__PATH__")
 modules/server_add/views/server_add_tree_dialog.html.php     4   DIRTY_JS url::site("server_add/start?item_id={$item->id}&csrf=$csrf")
 modules/server_add/views/server_add_tree_dialog.html.php     23  DIRTY    $tree
-- 
cgit v1.2.3


From b64729bfbe9f76bbbcdfa288f8fb1b696c6d8895 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 15 Nov 2009 19:46:12 -0800
Subject: Fix ticket 890 (related to 879): Don't double-escape menu labels on
 the comment admin screen.

---
 modules/comment/controllers/admin_comments.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'modules')

diff --git a/modules/comment/controllers/admin_comments.php b/modules/comment/controllers/admin_comments.php
index 2c278d64..13532c4e 100644
--- a/modules/comment/controllers/admin_comments.php
+++ b/modules/comment/controllers/admin_comments.php
@@ -33,10 +33,10 @@ class Admin_Comments_Controller extends Admin_Controller {
 
   public function menu_labels() {
     $menu = $this->_menu($this->_counts());
-    print json_encode(array($menu->get("unpublished")->label->for_js(),
-                            $menu->get("published")->label->for_js(),
-                            $menu->get("spam")->label->for_js(),
-                            $menu->get("deleted")->label->for_js()));
+    print json_encode(array((string) $menu->get("unpublished")->label,
+                            (string) $menu->get("published")->label,
+                            (string) $menu->get("spam")->label,
+                            (string) $menu->get("deleted")->label));
   }
 
   public function queue($state) {
-- 
cgit v1.2.3