Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Patch #887102 by Heine: trigger and action escaping issues. Critical bug fix.

merge-requests/26/head
Dries Buytaert 2010-08-22 11:04:09 +00:00
parent c72614b01e
commit ee691c593a
4 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
includes/actions.inc
View File

@ -292,7 +292,7 @@ function actions_synchronize($delete_orphans = FALSE) {
'label' => $array['label'],
))
->execute();
watchdog('actions', "Action '%action' added.", array('%action' => filter_xss_admin($array['label'])));
watchdog('actions', "Action '%action' added.", array('%action' => $array['label']));
}
}
}
@ -305,7 +305,7 @@ function actions_synchronize($delete_orphans = FALSE) {
$actions = db_query('SELECT aid, label FROM {actions} WHERE callback IN (:orphaned)', array(':orphaned' => $orphaned))->fetchAll();
foreach ($actions as $action) {
actions_delete($action->aid);
watchdog('actions', "Removed orphaned action '%action' from database.", array('%action' => filter_xss_admin($action->label)));
watchdog('actions', "Removed orphaned action '%action' from database.", array('%action' => $action->label));
}
}
else {

5
modules/system/system.admin.inc
View File

@ -3174,9 +3174,8 @@ function system_actions_delete_form_submit($form, &$form_state) {
$aid = $form_state['values']['aid'];
$action = actions_load($aid);
actions_delete($aid);
$label = check_plain($action->label);
watchdog('user', 'Deleted action %aid (%action)', array('%aid' => $aid, '%action' => $label));
drupal_set_message(t('Action %action was deleted', array('%action' => $label)));
watchdog('user', 'Deleted action %aid (%action)', array('%aid' => $aid, '%action' => $action->label));
drupal_set_message(t('Action %action was deleted', array('%action' => $action->label)));
$form_state['redirect'] = 'admin/config/system/actions/manage';
}

2
modules/system/system.module
View File

@ -3062,7 +3062,7 @@ function system_message_action(&$entity, $context = array()) {
$context['node'] = $entity;
}
$context['message'] = token_replace($context['message'], $context);
$context['message'] = token_replace(filter_xss_admin($context['message']), $context);
drupal_set_message($context['message']);
}

4
modules/trigger/trigger.admin.inc
View File

@ -90,7 +90,7 @@ function trigger_unassign_submit($form, &$form_state) {
->condition('aid', $aid)
->execute();
$actions = actions_get_all_actions();
watchdog('actions', 'Action %action has been unassigned.', array('%action' => check_plain($actions[$aid]['label'])));
watchdog('actions', 'Action %action has been unassigned.', array('%action' => $actions[$aid]['label']));
drupal_set_message(t('Action %action has been unassigned.', array('%action' => $actions[$aid]['label'])));
$form_state['redirect'] = 'admin/structure/trigger/' . $form_state['values']['module'];
}
@ -291,7 +291,7 @@ function theme_trigger_display($variables) {
$rows = array();
foreach ($element['assigned']['#value'] as $aid => $info) {
$rows[] = array(
$info['label'],
check_plain($info['label']),
$info['link']
);
}