stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-19 19:09:13 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix XSS vectors in HTML attributes (mostly t() calls)

Browse Source
This commit is contained in:
Andy Staudacher
2009-08-31 21:51:57 -07:00
parent 8c3a2db380
commit 2bc73e2e36
24 changed files with 63 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/user/views/admin_users_group.html.php
View File

@@ -3,11 +3,11 @@
<?= html::clean($group->name) ?>
<? if (!$group->special): ?>
<a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
title="<?= t("Delete the %name group", array("name" => $group->name)) ?>"
title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
class="gDialogLink gButtonLink ui-state-default ui-corner-all">
<span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
<? else: ?>
<a title="<?= t("This default group cannot be deleted") ?>"
<a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
class="gDialogLink gButtonLink ui-state-disabled ui-corner-all ui-icon-left">
<span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
<? endif ?>
@@ -22,7 +22,7 @@
<a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
class="gButtonLink ui-state-default ui-corner-all ui-icon-left"
title="<?= t("Remove %user from %group group",
array("user" => $user->name, "group" => $group->name)) ?>">
array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
<span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
</a>
<? endif ?>