From 9369ccab7fb3413d63e218cec81b4cf43442fd98 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 31 May 2009 01:02:51 -0700 Subject: Run all variables that come from user-entered data through p::clean() --- modules/notification/views/item_deleted.html.php | 12 +++++++---- modules/notification/views/item_updated.html.php | 12 +++++------ modules/organize/views/organize.html.php | 2 +- modules/organize/views/organize_album.html.php | 2 +- modules/rss/views/comment.mrss.php | 14 ++++++------- modules/rss/views/feed.mrss.php | 14 ++++++------- modules/server_add/views/server_add_tree.html.php | 2 +- .../views/server_add_tree_dialog.html.php | 6 +++--- modules/tag/views/admin_tags.html.php | 2 +- modules/tag/views/tag_cloud.html.php | 2 +- modules/user/views/admin_users.html.php | 8 ++++---- modules/user/views/admin_users_group.html.php | 12 +++++++---- modules/user/views/login.html.php | 2 +- modules/user/views/reset_password.html.php | 23 +++++++++++----------- 14 files changed, 61 insertions(+), 52 deletions(-) (limited to 'modules') diff --git a/modules/notification/views/item_deleted.html.php b/modules/notification/views/item_deleted.html.php index ac9ab594..2d6d5738 100644 --- a/modules/notification/views/item_deleted.html.php +++ b/modules/notification/views/item_deleted.html.php @@ -1,20 +1,24 @@ - <?= $subject ?> + <?= p::clean($subject) ?> -

+

- +
$item->parent()->title)) ?> + array("title" => p::clean($item->parent()->title))) ?>
parent()->url(array(), true) ?> + + parent()->url(array(), true) ?> + +
diff --git a/modules/notification/views/item_updated.html.php b/modules/notification/views/item_updated.html.php index cba522e8..0620c50c 100644 --- a/modules/notification/views/item_updated.html.php +++ b/modules/notification/views/item_updated.html.php @@ -1,18 +1,18 @@ - <?= $subject ?> + <?= p::clean($subject) ?> -

+

title != $new->title): ?> - + - + @@ -22,12 +22,12 @@ description != $new->description): ?> - + description)): ?> - +
title ?>title) ?> title ?>title) ?>
description ?>description) ?>
description ?>description) ?>
diff --git a/modules/organize/views/organize.html.php b/modules/organize/views/organize.html.php index 2f2c3a62..6e5bfcea 100644 --- a/modules/organize/views/organize.html.php +++ b/modules/organize/views/organize.html.php @@ -16,7 +16,7 @@ var CONFIRM_DELETE = "
- $item->title)) ?> + p::clean($item->title))) ?>
diff --git a/modules/organize/views/organize_album.html.php b/modules/organize/views/organize_album.html.php index 9c4d042a..ae2d5d51 100644 --- a/modules/organize/views/organize_album.html.php +++ b/modules/organize/views/organize_album.html.php @@ -7,7 +7,7 @@
gBranchText"> - title ?> + title) ?>
"> diff --git a/modules/rss/views/comment.mrss.php b/modules/rss/views/comment.mrss.php index 8b7e4f70..d2177026 100644 --- a/modules/rss/views/comment.mrss.php +++ b/modules/rss/views/comment.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> gallery3 - <?= $title ?> + <?= p::clean($title) ?> - + en-us @@ -22,17 +22,17 @@ - <?= $child["title"]?> - - + <?= p::clean($child["title"]) ?> + +

+

" - height="" width="" /> + height="" width="" />

]]> diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php index c581e5e0..0beebbcf 100644 --- a/modules/rss/views/feed.mrss.php +++ b/modules/rss/views/feed.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> gallery3 - <?= htmlspecialchars($title) ?> + <?= p::clean($title) ?> - + en-us @@ -22,25 +22,25 @@ - <?= htmlspecialchars($child->title) ?> + <?= p::clean($child->title) ?> type}s/{$child->id}") ?> type}s/{$child->id}") ?> created); ?> description ?> + description) ?>

type == "photo" || $child->type == "album"): ?>
type}s/{$child->id}") ?>">
- description ?> + description) ?>

]]> diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index 69ff09a6..b7b494e4 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -16,7 +16,7 @@ $("#").ready(function() { - + diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index c8eb6a1c..f600ce60 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -5,14 +5,14 @@
-

+

p::clean($album_title))) ?>

    -
  • title ?>
    • +
  • title) ?>
    • -
    • +
"post")) ?> diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index 133b452f..62e3a2a1 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -48,7 +48,7 @@
  • - name ?> + name) ?> (count ?>) id") ?>" class="gDialogLink delete-link gButtonLink"> diff --git a/modules/tag/views/tag_cloud.html.php b/modules/tag/views/tag_cloud.html.php index 9deedb20..eba615fc 100644 --- a/modules/tag/views/tag_cloud.html.php +++ b/modules/tag/views/tag_cloud.html.php @@ -3,7 +3,7 @@
  • count ?> photos are tagged with - id") ?>">name ?> + id") ?>">name) ?>
    • diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index bec74d28..859f3c8e 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -68,16 +68,16 @@ " title="" - alt="name ?>" + alt="name) ?>" width="20" height="20" /> - name ?> + name) ?> - full_name ?> + full_name) ?> - email ?> + email) ?> last_login == 0) ? "" : date("j-M-y", $user->last_login) ?> diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php index a25e687a..820b3031 100644 --- a/modules/user/views/admin_users_group.html.php +++ b/modules/user/views/admin_users_group.html.php @@ -1,8 +1,8 @@ -name ?> +name) ?> special): ?> id") ?>" - title="name) ?>" + title=" p::clean($group->name))) ?>" class="gDialogLink gButtonLink ui-state-default ui-corner-all"> @@ -13,11 +13,15 @@
      users as $i => $user): ?>
    • - name ?> + name) ?> special): ?> - Remove name ?> from name ?> + + p::clean($user->name), "group" => p::clean($group->name))) ?> + +
      • diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index d9a558b5..cce2fb54 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -11,7 +11,7 @@ 'id}") . '" title="' . t("Edit Your Profile") . '" id="gUserProfileLink" class="gDialogLink">' . - (empty($user->full_name) ? $user->name : $user->full_name) . '')) ?> + p::clean(empty($user->full_name) ? $user->name : $user->full_name) . '')) ?>
      • diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php index 39845d61..4c4672ee 100644 --- a/modules/user/views/reset_password.html.php +++ b/modules/user/views/reset_password.html.php @@ -1,14 +1,15 @@ - - <?= $title ?> - - -

      -

      - -
      - -

      - + + <?= t("Password Reset Request") ?> + + +

      +

      + p::clean($user->full_name ? $user->full_name : $user->name))) ?> +

      +

      + %site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?> +

      + -- cgit v1.2.3