Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Fixing some plain/url check calls.

4.7.x
Steven Wittens 2005-05-18 21:12:17 +00:00
parent c3cf0622b6
commit 5154c3aca4
7 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
includes/theme.inc
View File

@ -310,7 +310,7 @@ function theme_get_setting($setting_name, $refresh = FALSE) {
$text = $value['text'][$i]; $text = $value['text'][$i];
$link = $value['link'][$i]; $link = $value['link'][$i];
if (substr($link, 0, 7) == 'http://') { if (substr($link, 0, 7) == 'http://') {
$settings[$type .'_links'][] = '<a href="'. $link .'"'. drupal_attributes($attributes) .'>'. $text .'</a>'; $settings[$type .'_links'][] = '<a href="'. check_url($link) .'"'. drupal_attributes($attributes) .'>'. check_plain($text) .'</a>';
} }
else { else {
$settings[$type .'_links'][] = l($text, $link, $attributes); $settings[$type .'_links'][] = l($text, $link, $attributes);
@ -818,7 +818,7 @@ function theme_item_list($items = array(), $title = NULL) {
* Returns code that emits the 'more help'-link. * Returns code that emits the 'more help'-link.
*/ */
function theme_more_help_link($url) { function theme_more_help_link($url) {
return '<div class="more-help-link">' . t('[<a href="%link">more help...</a>]', array('%link' => $url)) . '</div>'; return '<div class="more-help-link">' . t('[<a href="%link">more help...</a>]', array('%link' => check_url($url))) . '</div>';
} }
/** /**
@ -826,7 +826,7 @@ function theme_more_help_link($url) {
*/ */
function theme_xml_icon($url) { function theme_xml_icon($url) {
if ($image = theme('image', 'misc/xml.png', t('XML feed'), t('XML feed'))) { if ($image = theme('image', 'misc/xml.png', t('XML feed'), t('XML feed'))) {
return '<div class="xml-icon"><a href="'. $url .'">'. $image. '</a></div>'; return '<div class="xml-icon"><a href="'. check_url($url) .'">'. $image. '</a></div>';
} }
} }

4
modules/drupal.module
View File

@ -114,8 +114,10 @@ function drupal_directory_ping($arguments) {
function drupal_directory_page($sort = 'name') { function drupal_directory_page($sort = 'name') {
$result = db_query('SELECT * FROM {directory} ORDER BY '. $sort); $result = db_query('SELECT * FROM {directory} ORDER BY '. $sort);
// Note: All fields except the mission are treated as plain-text.
// The mission is stripped of any HTML tags to keep the output simple and consistent.
while ($site = db_fetch_object($result)) { while ($site = db_fetch_object($result)) {
$output .= "<a href=\"$site->link\">$site->name</a> - $site->slogan<div style=\"padding-left: 20px;\">$site->mission</div><br />"; $output .= '<a href="'. check_url($site->link) .'">'. check_plain($site->name) .'</a> - '. check_plain($site->slogan) .'<div style="padding-left: 20px;">'. strip_tags($site->mission) .'</div><br />';
} }
return $output; return $output;

4
modules/drupal/drupal.module
View File

@ -114,8 +114,10 @@ function drupal_directory_ping($arguments) {
function drupal_directory_page($sort = 'name') { function drupal_directory_page($sort = 'name') {
$result = db_query('SELECT * FROM {directory} ORDER BY '. $sort); $result = db_query('SELECT * FROM {directory} ORDER BY '. $sort);
// Note: All fields except the mission are treated as plain-text.
// The mission is stripped of any HTML tags to keep the output simple and consistent.
while ($site = db_fetch_object($result)) { while ($site = db_fetch_object($result)) {
$output .= "<a href=\"$site->link\">$site->name</a> - $site->slogan<div style=\"padding-left: 20px;\">$site->mission</div><br />"; $output .= '<a href="'. check_url($site->link) .'">'. check_plain($site->name) .'</a> - '. check_plain($site->slogan) .'<div style="padding-left: 20px;">'. strip_tags($site->mission) .'</div><br />';
} }
return $output; return $output;

2
modules/statistics.module
View File

@ -316,7 +316,7 @@ function statistics_top_referrers() {
$result = pager_query($query, 30, 0, $query_cnt, $_SERVER['HTTP_HOST']); $result = pager_query($query, 30, 0, $query_cnt, $_SERVER['HTTP_HOST']);
while ($referrer = db_fetch_object($result)) { while ($referrer = db_fetch_object($result)) {
$rows[] = array($referrer->hits, '<a href="'. $referrer->url .'">'. _statistics_column_width($referrer->url) .'</a>', t('%time ago', array('%time' => format_interval(time() - $referrer->last)))); $rows[] = array($referrer->hits, '<a href="'. check_url($referrer->url) .'">'. check_plain(_statistics_column_width($referrer->url)) .'</a>', t('%time ago', array('%time' => format_interval(time() - $referrer->last))));
} }
if ($pager = theme('pager', NULL, 30, 0, tablesort_pager())) { if ($pager = theme('pager', NULL, 30, 0, tablesort_pager())) {
$rows[] = array(array('data' => $pager, 'colspan' => '3')); $rows[] = array(array('data' => $pager, 'colspan' => '3'));

2
modules/statistics/statistics.module
View File

@ -316,7 +316,7 @@ function statistics_top_referrers() {
$result = pager_query($query, 30, 0, $query_cnt, $_SERVER['HTTP_HOST']); $result = pager_query($query, 30, 0, $query_cnt, $_SERVER['HTTP_HOST']);
while ($referrer = db_fetch_object($result)) { while ($referrer = db_fetch_object($result)) {
$rows[] = array($referrer->hits, '<a href="'. $referrer->url .'">'. _statistics_column_width($referrer->url) .'</a>', t('%time ago', array('%time' => format_interval(time() - $referrer->last)))); $rows[] = array($referrer->hits, '<a href="'. check_url($referrer->url) .'">'. check_plain(_statistics_column_width($referrer->url)) .'</a>', t('%time ago', array('%time' => format_interval(time() - $referrer->last))));
} }
if ($pager = theme('pager', NULL, 30, 0, tablesort_pager())) { if ($pager = theme('pager', NULL, 30, 0, tablesort_pager())) {
$rows[] = array(array('data' => $pager, 'colspan' => '3')); $rows[] = array(array('data' => $pager, 'colspan' => '3'));

2
modules/upload.module
View File

@ -247,7 +247,7 @@ function upload_nodeapi(&$node, $op, $arg) {
foreach ($node->files as $file) { foreach ($node->files as $file) {
if ($file->list) { if ($file->list) {
$rows[] = array( $rows[] = array(
'<a href="'. ($file->fid ? file_create_url($file->filepath) : url(file_create_filename($file->filename, file_create_path()))) . '">'. $file->filename .'</a>', '<a href="'. check_url(($file->fid ? file_create_url($file->filepath) : url(file_create_filename($file->filename, file_create_path())))) .'">'. check_plain($file->filename) .'</a>',
format_size($file->filesize) format_size($file->filesize)
); );
// We save the list of files still in preview for later // We save the list of files still in preview for later

2
modules/upload/upload.module
View File

@ -247,7 +247,7 @@ function upload_nodeapi(&$node, $op, $arg) {
foreach ($node->files as $file) { foreach ($node->files as $file) {
if ($file->list) { if ($file->list) {
$rows[] = array( $rows[] = array(
'<a href="'. ($file->fid ? file_create_url($file->filepath) : url(file_create_filename($file->filename, file_create_path()))) . '">'. $file->filename .'</a>', '<a href="'. check_url(($file->fid ? file_create_url($file->filepath) : url(file_create_filename($file->filename, file_create_path())))) .'">'. check_plain($file->filename) .'</a>',
format_size($file->filesize) format_size($file->filesize)
); );
// We save the list of files still in preview for later // We save the list of files still in preview for later