use html::purify on album titles to prevent XSS
This commit is contained in:
parent
c144af904a
commit
a7a222aa34
@ -398,7 +398,7 @@ albumTree.config.cookieDomain = '';
|
||||
<?
|
||||
function addtree($album){
|
||||
?>
|
||||
albumTree.add(<?= $album->id -1 ?>, <?= $album->parent_id -1 ?>, "<?= $album->title ?>", pf+'<?= $album->relative_url() ?>');
|
||||
albumTree.add(<?= $album->id -1 ?>, <?= $album->parent_id -1 ?>, "<?= html::purify($album->title) ?>", pf+'<?= $album->relative_url() ?>');
|
||||
<?
|
||||
foreach ($album->viewable()->children(null, null, array(array("type", "=", "album"))) as $child){
|
||||
addtree($child);
|
||||
|
@ -15,7 +15,7 @@ function makelist($album,$level){
|
||||
//print out the list item
|
||||
?>
|
||||
<li>
|
||||
<a href="<?= item::root()->url() ?><?= $album->relative_url() ?>"><?= str_repeat(" ", $level) ?><?= $album->title ?></a>
|
||||
<a href="<?= item::root()->url() ?><?= $album->relative_url() ?>"><?= str_repeat(" ", $level) ?><?= html::purify($album->title) ?></a>
|
||||
</li>
|
||||
<?
|
||||
//recurse over the children, and print their list items as well
|
||||
|
@ -4,7 +4,7 @@
|
||||
function makeselect($album, $level){
|
||||
//print out the list item as a select option
|
||||
?>
|
||||
<option value="<?= item::root()->url() ?><?= $album->relative_url() ?>"><?= str_repeat(" ", $level) ?><?= $album->title ?></option>
|
||||
<option value="<?= item::root()->url() ?><?= $album->relative_url() ?>"><?= str_repeat(" ", $level) ?><?= html::purify($album->title) ?></option>
|
||||
<?
|
||||
//recurse over the children, and print their list items as well
|
||||
foreach ($album->viewable()->children(null, null, array(array("type", "=", "album"))) as $child){
|
||||
|
Reference in New Issue
Block a user