500-7002-AS
Gerhard Killesreiter
parent
a8cc1c74c5
commit
a8ae433168
|
|
@ -682,7 +682,7 @@ function form_select_options($element, $choices = NULL) {
|
|||
else {
|
||||
$selected = '';
|
||||
}
|
||||
$options .= '<option value="'. $key .'"'. $selected .'>'. check_plain($choice) .'</option>';
|
||||
$options .= '<option value="'. check_plain($key) .'"'. $selected .'>'. check_plain($choice) .'</option>';
|
||||
}
|
||||
}
|
||||
return $options;
|
||||
|
|
@ -725,7 +725,7 @@ function theme_radio($element) {
|
|||
$output = '<input type="radio" ';
|
||||
$output .= 'name="' . $element['#name'] .'" ';
|
||||
$output .= 'value="'. $element['#return_value'] .'" ';
|
||||
$output .= ($element['#value'] == $element['#return_value']) ? ' checked="checked" ' : ' ';
|
||||
$output .= (check_plain($element['#value']) == $element['#return_value']) ? ' checked="checked" ' : ' ';
|
||||
$output .= drupal_attributes($element['#attributes']) .' />';
|
||||
if (!is_null($element['#title'])) {
|
||||
$output = '<label class="option">'. $output .' '. $element['#title'] .'</label>';
|
||||
|
|
@ -909,7 +909,7 @@ function expand_radios($element) {
|
|||
if (count($element['#options']) > 0) {
|
||||
foreach ($element['#options'] as $key => $choice) {
|
||||
if (!isset($element[$key])) {
|
||||
$element[$key] = array('#type' => 'radio', '#title' => $choice, '#return_value' => $key, '#default_value' => $element['#default_value'], '#attributes' => $element['#attributes'], '#parents' => $element['#parents'], '#spawned' => TRUE);
|
||||
$element[$key] = array('#type' => 'radio', '#title' => $choice, '#return_value' => check_plain($key), '#default_value' => $element['#default_value'], '#attributes' => $element['#attributes'], '#parents' => $element['#parents'], '#spawned' => TRUE);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -626,10 +626,10 @@ function theme_form_element($title, $value, $description = NULL, $id = NULL, $re
|
|||
|
||||
if ($title) {
|
||||
if ($id) {
|
||||
$output .= ' <label for="'. form_clean_id($id) .'">'. t('%title: %required', array('%title' => $title, '%required' => $required)) . "</label>\n";
|
||||
$output .= ' <label for="'. form_clean_id($id) .'">'. t('%title: %required', array('%title' => filter_xss_admin($title), '%required' => $required)) . "</label>\n";
|
||||
}
|
||||
else {
|
||||
$output .= ' <label>'. t('%title: %required', array('%title' => $title, '%required' => $required)) . "</label>\n";
|
||||
$output .= ' <label>'. t('%title: %required', array('%title' => filter_xss_admin($title), '%required' => $required)) . "</label>\n";
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1367,24 +1367,26 @@ function comment_form_add_preview($form, $edit) {
|
|||
|
||||
$output = '';
|
||||
|
||||
comment_validate($edit);
|
||||
$comment = (object)_comment_form_submit($edit);
|
||||
|
||||
// Attach the user and time information.
|
||||
if ($edit['author']) {
|
||||
$account = user_load(array('name' => $edit['author']));
|
||||
}
|
||||
elseif ($user->uid && !isset($edit['is_anonymous'])) {
|
||||
$account = $user;
|
||||
}
|
||||
if ($account) {
|
||||
$comment->uid = $account->uid;
|
||||
$comment->name = check_plain($account->name);
|
||||
}
|
||||
$comment->timestamp = $edit['timestamp'] ? $edit['timestamp'] : time();
|
||||
|
||||
// Preview the comment with security check.
|
||||
// Invoke full validation for the form, to protect against cross site
|
||||
// request forgeries (CSRF) and setting arbitrary values for fields such as
|
||||
// the input format. Preview the comment only when form validation does not
|
||||
// set any errors.
|
||||
drupal_validate_form($form['form_id']['#value'], $form);
|
||||
if (!form_get_errors()) {
|
||||
$comment = (object)_comment_form_submit($edit);
|
||||
|
||||
// Attach the user and time information.
|
||||
if ($edit['author']) {
|
||||
$account = user_load(array('name' => $edit['author']));
|
||||
}
|
||||
elseif ($user->uid && !isset($edit['is_anonymous'])) {
|
||||
$account = $user;
|
||||
}
|
||||
if ($account) {
|
||||
$comment->uid = $account->uid;
|
||||
$comment->name = check_plain($account->name);
|
||||
}
|
||||
$comment->timestamp = $edit['timestamp'] ? $edit['timestamp'] : time();
|
||||
$output .= theme('comment_view', $comment);
|
||||
}
|
||||
$form['comment_preview'] = array(
|
||||
|
|
|
|||
|
|
@ -1724,6 +1724,10 @@ function node_form_add_preview($form) {
|
|||
|
||||
$op = isset($_POST['op']) ? $_POST['op'] : '';
|
||||
if ($op == t('Preview')) {
|
||||
// Invoke full validation for the form, to protect against cross site
|
||||
// request forgeries (CSRF) and setting arbitrary values for fields such as
|
||||
// the input format. Preview the node only when form validation does not
|
||||
// set any errors.
|
||||
drupal_validate_form($form['form_id']['#value'], $form);
|
||||
if (!form_get_errors()) {
|
||||
// Because the node preview may display a form, we must render it
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
* Configuration system that lets administrators modify the workings of the site.
|
||||
*/
|
||||
|
||||
define('VERSION', '4.7.6 dev');
|
||||
define('VERSION', '4.7.6');
|
||||
|
||||
/**
|
||||
* Implementation of hook_help().
|
||||
|
|
|
|||
Loading…
Reference in New Issue