Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#189409 by Arancaytar: use filter_xss() to filter content type descriptions, instead of printing them verbatim (on one occassion) and printing them with check_plain() erroneusly on another

6.x
Gábor Hojtsy 2007-11-15 23:55:52 +00:00
parent 2934e7834a
commit 9c6e886368
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/node/content_types.inc
View File

@ -23,7 +23,7 @@ function node_overview_types() {
$row = array( $row = array(
l($name, 'admin/content/types/'. $type_url_str), l($name, 'admin/content/types/'. $type_url_str),
check_plain($type->type), check_plain($type->type),
check_plain($type->description), filter_xss($type->description),
); );
// Set the edit column. // Set the edit column.
$row[] = array('data' => l(t('edit'), 'admin/content/types/'. $type_url_str)); $row[] = array('data' => l(t('edit'), 'admin/content/types/'. $type_url_str));

2
modules/node/node.pages.inc
View File

@ -29,7 +29,7 @@ function theme_node_add_list($content) {
$output = '<dl class="node-type-list">'; $output = '<dl class="node-type-list">';
foreach ($content as $item) { foreach ($content as $item) {
$output .= '<dt>'. l($item['title'], $item['href'], $item['options']) .'</dt>'; $output .= '<dt>'. l($item['title'], $item['href'], $item['options']) .'</dt>';
$output .= '<dd>'. $item['description'] .'</dd>'; $output .= '<dd>'. filter_xss($item['description']) .'</dd>';
} }
$output .= '</dl>'; $output .= '</dl>';
} }