From 44b372077c64b0f051051c6dd16a88f1507c507f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 28 Jan 2010 09:35:38 -0800 Subject: Secure the t("Continue") strings in javascript. --- modules/gallery/views/admin_modules.html.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/views/admin_modules.html.php b/modules/gallery/views/admin_modules.html.php index 26b2c87c..c5015e68 100644 --- a/modules/gallery/views/admin_modules.html.php +++ b/modules/gallery/views/admin_modules.html.php @@ -22,7 +22,7 @@ buttons: { for_js() ?>: function() { $("form", this).submit(); - $(".ui-dialog-buttonpane button:contains()") + $(".ui-dialog-buttonpane button:contains(" + for_js() ?> + ")") .attr("disabled", "disabled") .addClass("ui-state-disabled"); }, @@ -32,7 +32,7 @@ } }); if (!data.allow_continue) { - $(".ui-dialog-buttonpane button:contains()") + $(".ui-dialog-buttonpane button:contains(" + for_js() ?> + ")") .attr("disabled", "disabled") .addClass("ui-state-disabled"); } -- cgit v1.2.3 From c011b0e1f63215a4389658ca0a6edcef47a0ea8c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 28 Jan 2010 09:37:33 -0800 Subject: Secure the t("Completed") call. --- modules/gallery/views/form_uploadify.html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index b3b81ecb..137cb353 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -58,7 +58,7 @@ "
  • " + fileObj.name + " - " + msg[1] + "
    • "); } else { $("#g-add-photos-status ul").append( - "
  • " + fileObj.name + " -
    • "); + "
  • " + fileObj.name + " - " + for_js() ?> + "
    • "); } return true; }, -- cgit v1.2.3 From 86721d3884568c534f412915175088be667ca65b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 28 Jan 2010 09:40:04 -0800 Subject: Reviewed all DIRTY_JS entries --- modules/gallery/tests/xss_data.txt | 3 --- 1 file changed, 3 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 663080a0..d139d297 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -97,8 +97,6 @@ modules/gallery/views/admin_maintenance.html.php 158 DIRTY $task- modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY_JS url::site("admin/maintenance/save_log/$task->id?csrf=$csrf") modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name modules/gallery/views/admin_maintenance_task.html.php 55 DIRTY $task->name -modules/gallery/views/admin_modules.html.php 25 DIRTY_JS t("Continue") -modules/gallery/views/admin_modules.html.php 35 DIRTY_JS t("Continue") modules/gallery/views/admin_modules.html.php 51 DIRTY access::csrf_form_field() modules/gallery/views/admin_modules.html.php 60 DIRTY_ATTR text::alternate("g-odd","g-even") modules/gallery/views/admin_modules.html.php 63 DIRTY form::checkbox($data,'1',module::is_active($module_name)) @@ -127,7 +125,6 @@ modules/gallery/views/form_uploadify.html.php 30 DIRTY_JS url::f modules/gallery/views/form_uploadify.html.php 31 DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}") modules/gallery/views/form_uploadify.html.php 35 DIRTY_JS url::file("lib/uploadify/cancel.png") modules/gallery/views/form_uploadify.html.php 36 DIRTY_JS $simultaneous_upload_limit -modules/gallery/views/form_uploadify.html.php 61 DIRTY_JS t("Completed") modules/gallery/views/in_place_edit.html.php 2 DIRTY form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form"),$hidden) modules/gallery/views/in_place_edit.html.php 5 DIRTY form::input("input",$form["input"]," class=\"textbox\"") modules/gallery/views/in_place_edit.html.php 12 DIRTY form::close() -- cgit v1.2.3 From fcc72bbbd032e21d2fe0ec727f09692886c8e09e Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 28 Jan 2010 09:41:18 -0800 Subject: Rename $class to $css_class for clarity. --- modules/gallery/views/admin_modules_confirm.html.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/views/admin_modules_confirm.html.php b/modules/gallery/views/admin_modules_confirm.html.php index 59592505..8c4cb2bd 100644 --- a/modules/gallery/views/admin_modules_confirm.html.php +++ b/modules/gallery/views/admin_modules_confirm.html.php @@ -6,9 +6,9 @@
      - "g-error", "warn" => "g-warning") as $type => $class): ?> + "g-error", "warn" => "g-warning") as $type => $css_class): ?> -
      • +
    -- cgit v1.2.3 From df3db40ab7a181ba0f461fe2ebf84d2ba828265c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 28 Jan 2010 09:43:10 -0800 Subject: Reviewed DIRTY_ATTR --- modules/gallery/tests/xss_data.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index d139d297..c2769647 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -101,7 +101,7 @@ modules/gallery/views/admin_modules.html.php 51 DIRTY access modules/gallery/views/admin_modules.html.php 60 DIRTY_ATTR text::alternate("g-odd","g-even") modules/gallery/views/admin_modules.html.php 63 DIRTY form::checkbox($data,'1',module::is_active($module_name)) modules/gallery/views/admin_modules.html.php 65 DIRTY $module_info->version -modules/gallery/views/admin_modules_confirm.html.php 11 DIRTY_ATTR $class +modules/gallery/views/admin_modules_confirm.html.php 11 DIRTY_ATTR $css_class modules/gallery/views/admin_modules_confirm.html.php 11 DIRTY $message modules/gallery/views/admin_modules_confirm.html.php 16 DIRTY access::csrf_form_field() modules/gallery/views/admin_modules_confirm.html.php 18 DIRTY form::hidden($module,1) -- cgit v1.2.3