From 7f66494a57ee2c63b235dbda6abaafb76a168b5b Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Mon, 19 Oct 2015 12:59:40 -0400
Subject: [PATCH] closes #3764

---
 public/language/en_GB/notifications.json | 4 ++--
 src/socket.io/helpers.js                 | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/public/language/en_GB/notifications.json b/public/language/en_GB/notifications.json
index 52d5a10194..7a96e0da53 100644
--- a/public/language/en_GB/notifications.json
+++ b/public/language/en_GB/notifications.json
@@ -14,8 +14,8 @@
 
 	"new_message_from": "New message from <strong>%1</strong>",
 	"upvoted_your_post_in": "<strong>%1</strong> has upvoted your post in <strong>%2</strong>.",
-	"moved_your_post": "<strong>%1</strong> has moved your post.",
-	"moved_your_topic": "<strong>%1</strong> has moved your topic.",
+	"moved_your_post": "<strong>%1</strong> has moved your post to <strong>%2</strong>",
+	"moved_your_topic": "<strong>%1</strong> has moved <strong>%2</strong>",
 	"favourited_your_post_in": "<strong>%1</strong> has favourited your post in <strong>%2</strong>.",
 	"user_flagged_post_in": "<strong>%1</strong> flagged a post in <strong>%2</strong>",
 	"user_posted_to" : "<strong>%1</strong> has posted a reply to: <strong>%2</strong>",
diff --git a/src/socket.io/helpers.js b/src/socket.io/helpers.js
index c538aca14d..caa4c9fa5b 100644
--- a/src/socket.io/helpers.js
+++ b/src/socket.io/helpers.js
@@ -3,6 +3,7 @@
 var async = require('async');
 var winston = require('winston');
 var nconf = require('nconf');
+var validator = require('validator');
 
 var websockets = require('./index');
 var user = require('../user');
@@ -64,7 +65,7 @@ SocketHelpers.sendNotificationToPostOwner = function(pid, fromuid, notification)
 			}
 
 			notifications.create({
-				bodyShort: '[[' + notification + ', ' + results.username + ', ' + results.topicTitle + ']]',
+				bodyShort: '[[' + notification + ', ' + results.username + ', ' + validator.escape(results.topicTitle) + ']]',
 				bodyLong: results.postObj.content,
 				pid: pid,
 				nid: 'post:' + pid + ':uid:' + fromuid,
@@ -86,14 +87,14 @@ SocketHelpers.sendNotificationToTopicOwner = function(tid, fromuid, notification
 
 	async.parallel({
 		username: async.apply(user.getUserField, fromuid, 'username'),
-		topicData: async.apply(topics.getTopicFields, tid, ['uid', 'slug']),
+		topicData: async.apply(topics.getTopicFields, tid, ['uid', 'slug', 'title']),
 	}, function(err, results) {
 		if (err || fromuid === parseInt(results.topicData.uid, 10)) {
 			return;
 		}
 
 		notifications.create({
-			bodyShort: '[[' + notification + ', ' + results.username + ']]',
+			bodyShort: '[[' + notification + ', ' + results.username + ', ' + validator.escape(results.topicData.title) + ']]',
 			path: nconf.get('relative_path') + '/topic/' + results.topicData.slug,
 			nid: 'tid:' + tid + ':uid:' + fromuid,
 			from: fromuid