From 1affe3c09326419809320cf1cc8ef6891b3715a4 Mon Sep 17 00:00:00 2001
From: FrancescoUK <francesco.lodolo.uk@gmail.com>
Date: Sat, 25 Jun 2016 09:31:18 +0100
Subject: [PATCH] Strip html tags from image upload error message (#696)

---
 application/controllers/Config.php | 2 +-
 application/controllers/Items.php  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/application/controllers/Config.php b/application/controllers/Config.php
index 248b4b45b..03c746ab1 100644
--- a/application/controllers/Config.php
+++ b/application/controllers/Config.php
@@ -49,7 +49,7 @@ class Config extends Secure_Controller
 		$result = $this->Appconfig->batch_save($batch_save_data);
 		$success = $upload_success && $result ? TRUE : FALSE;
 		$message = $this->lang->line('config_saved_' . ($success ? '' : 'un') . 'successfully');
-		$message = $upload_success ? $message : $this->upload->display_errors();
+		$message = $upload_success ? $message : strip_tags($this->upload->display_errors());
 
 		echo json_encode(array('success' => $success, 'message' => $message));
 	}
diff --git a/application/controllers/Items.php b/application/controllers/Items.php
index 1bbd291b4..d489e2560 100644
--- a/application/controllers/Items.php
+++ b/application/controllers/Items.php
@@ -410,7 +410,7 @@ class Items extends Secure_Controller
             }
             else
             {
-            	$message = $this->xss_clean($upload_success ? $this->lang->line('items_error_adding_updating') . ' ' . $item_data['name'] : $this->upload->display_errors()); 
+            	$message = $this->xss_clean($upload_success ? $this->lang->line('items_error_adding_updating') . ' ' . $item_data['name'] : strip_tags($this->upload->display_errors())); 
 
             	echo json_encode(array('success' => FALSE, 'message' => $message, 'id' => $item_id));
             }