Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#611532 by mr.baileys, scor: Fixed XSS Vulnerability in profile.module.

merge-requests/26/head
Angie Byron 2010-04-23 04:32:16 +00:00
parent e82edd5758
commit 630d473c8e
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/profile/profile.admin.inc
View File

@ -123,7 +123,7 @@ function theme_profile_admin_overview($variables) {
// class names won't contain invalid characters.
$categories[$category] = $category_number;
$category_field['#attributes']['class'] = array('profile-category', 'profile-category-' . $category_number);
$rows[] = array(array('data' => $category, 'colspan' => 7, 'class' => array('category')));
$rows[] = array(array('data' => check_plain($category), 'colspan' => 7, 'class' => array('category')));
$rows[] = array('data' => array(array('data' => '<em>' . t('No fields in this category. If this category remains empty when saved, it will be removed.') . '</em>', 'colspan' => 7)), 'class' => array('category-' . $category_number . '-message', 'category-message', 'category-populated'));
// Make it draggable only if there is more than one field

2
modules/profile/profile.module
View File

@ -360,7 +360,7 @@ function profile_user_view($account) {
}
function _profile_form_explanation($field) {
$output = $field->explanation;
$output = filter_xss_admin($field->explanation);
if ($field->type == 'list') {
$output .= ' ' . t('Put each item on a separate line or separate them by commas. No HTML allowed.');