From 9c6e88636803dbdd660991e2d9458be5a74dfbd2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=A1bor=20Hojtsy?= <gabor@hojtsy.hu>
Date: Thu, 15 Nov 2007 23:55:52 +0000
Subject: [PATCH] #189409 by Arancaytar: use filter_xss() to filter content
 type descriptions, instead of printing them verbatim (on one occassion) and
 printing them with check_plain() erroneusly on another

---
 modules/node/content_types.inc | 2 +-
 modules/node/node.pages.inc    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/node/content_types.inc b/modules/node/content_types.inc
index 85b1bb1d357..c5950815b8c 100644
--- a/modules/node/content_types.inc
+++ b/modules/node/content_types.inc
@@ -23,7 +23,7 @@ function node_overview_types() {
       $row = array(
         l($name, 'admin/content/types/'. $type_url_str),
         check_plain($type->type),
-        check_plain($type->description),
+        filter_xss($type->description),
       );
       // Set the edit column.
       $row[] = array('data' => l(t('edit'), 'admin/content/types/'. $type_url_str));
diff --git a/modules/node/node.pages.inc b/modules/node/node.pages.inc
index fe112af8c81..cceb6bdf824 100644
--- a/modules/node/node.pages.inc
+++ b/modules/node/node.pages.inc
@@ -29,7 +29,7 @@ function theme_node_add_list($content) {
     $output = '<dl class="node-type-list">';
     foreach ($content as $item) {
       $output .= '<dt>'. l($item['title'], $item['href'], $item['options']) .'</dt>';
-      $output .= '<dd>'. $item['description'] .'</dd>';
+      $output .= '<dd>'. filter_xss($item['description']) .'</dd>';
     }
     $output .= '</dl>';
   }