Skip to content
Snippets Groups Projects
Commit 1f5025e5 authored by Steven Wittens's avatar Steven Wittens
Browse files

- sa-2006-002: XSS issues with username

parent 1e9862a2
No related branches found
No related tags found
No related merge requests found
......@@ -884,7 +884,7 @@ function format_name($object) {
$output = l($name, 'user/'. $object->uid, array('title' => t('View user profile.')));
}
else {
$output = $name;
$output = check_plain($name);
}
}
else if ($object->name) {
......@@ -893,10 +893,10 @@ function format_name($object) {
// aggregator modules). This clause enables modules to display
// the true author of the content.
if ($object->homepage) {
$output = '<a href="'. $object->homepage .'">'. $object->name .'</a>';
$output = '<a href="'. check_url($object->homepage) .'">'. check_plain($object->name) .'</a>';
}
else {
$output = $object->name;
$output = check_plain($object->name);
}
$output .= ' ('. t('not verified') .')';
......
......@@ -417,7 +417,7 @@ function book_view(&$node, $teaser = FALSE, $page = FALSE) {
$node = book_content($node, $teaser);
if (!$teaser && $node->moderate) {
$node->body .= '<div class="log"><div class="title">'. t('Log') .':</div>'. $node->log .'</div>';
$node->body .= '<div class="log"><div class="title">'. t('Log') .':</div>'. check_output($node->log, $node->format) .'</div>';
}
}
......
......@@ -183,7 +183,7 @@ function xtemplate_page($content) {
// only parse the mission block if we are on the frontpage ...
if ($_GET["q"] == variable_get("site_frontpage", "node") && theme_get_setting('toggle_mission') && ($mission = theme_get_setting('mission'))) {
$xtemplate->template->assign("mission", $mission);
$xtemplate->template->assign("mission", filter_xss($mission));
$xtemplate->template->parse("header.mission");
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment