stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-19 19:09:13 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix XSS vectors in HTML attributes (mostly t() calls)

Browse Source
This commit is contained in:
Andy Staudacher
2009-08-31 21:51:57 -07:00
parent 8c3a2db380
commit 2bc73e2e36
24 changed files with 63 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/user/views/admin_users.html.php
View File

@@ -44,7 +44,7 @@
<div class="gBlock">
<a href="<?= url::site("admin/users/add_user_form") ?>"
class="gDialogLink gButtonLink right ui-icon-left ui-state-default ui-corner-all"
title="<?= t("Create a new user") ?>">
title="<?= t("Create a new user")->for_html_attr() ?>">
<span class="ui-icon ui-icon-circle-plus"></span>
<?= t("Add a new user") ?>
</a>
@@ -67,8 +67,8 @@
<tr id="gUser-<?= $user->id ?>" class="<?= text::alternate("gOddRow", "gEvenRow") ?> user <?= $user->admin ? "admin" : "" ?>">
<td id="user-<?= $user->id ?>" class="core-info gDraggable">
<img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
title="<?= t("Drag user onto group below to add as a new member") ?>"
alt="<?= html::clean($user->name) ?>"
title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
alt="<?= html::clean_attribute($user->name) ?>"
width="20"
height="20" />
<?= html::clean($user->name) ?>
@@ -92,7 +92,7 @@
class="gDialogLink gButtonLink ui-state-default ui-corner-all ui-icon-left">
<span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
<? else: ?>
<span title="<?= t("This user cannot be deleted") ?>"
<span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
class="gButtonLink ui-state-disabled ui-corner-all ui-icon-left">
<span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
<? endif ?>
@@ -106,7 +106,7 @@
<div id="gGroupAdmin" class="gBlock">
<a href="<?= url::site("admin/users/add_group_form") ?>"
class="gDialogLink gButtonLink right ui-icon-left ui-state-default ui-corner-all"
title="<?= t("Create a new group") ?>">
title="<?= t("Create a new group")->for_html_attr() ?>">
<span class="ui-icon ui-icon-circle-plus"></span>
<?= t("Add a new group") ?>
</a>