Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

#2082 - Sanitize admin theme options that get placed directly in HTML.

  • Loading branch information...
commit 5e19662b75d87e719f751bf2c2b69d76e4fc3678 1 parent 04953a4
@shadlaws shadlaws authored
Showing with 10 additions and 4 deletions.
  1. +10 −4 modules/gallery/controllers/admin_theme_options.php
View
14 modules/gallery/controllers/admin_theme_options.php
@@ -53,11 +53,17 @@ public function save() {
module::set_var("gallery", "resize_size", $resize_size);
}
- module::set_var("gallery", "header_text", $form->edit_theme->header_text->value);
- module::set_var("gallery", "footer_text", $form->edit_theme->footer_text->value);
module::set_var("gallery", "show_credits", $form->edit_theme->show_credits->value);
- module::set_var("gallery", "favicon_url", $form->edit_theme->favicon_url->value);
- module::set_var("gallery", "apple_touch_icon_url", $form->edit_theme->apple_touch_icon_url->value);
+
+ // Sanitize values that get placed directly in HTML output by theme.
+ module::set_var("gallery", "header_text",
+ html::purify($form->edit_theme->header_text->value));
+ module::set_var("gallery", "footer_text",
+ html::purify($form->edit_theme->footer_text->value));
+ module::set_var("gallery", "favicon_url",
+ html::purify($form->edit_theme->favicon_url->value));
+ module::set_var("gallery", "apple_touch_icon_url",
+ html::purify($form->edit_theme->apple_touch_icon_url->value));
module::event("theme_edit_form_completed", $form);
Please sign in to comment.
Something went wrong with that request. Please try again.