Commit e3d88c28 authored by yched's avatar yched
parent 271b78fb
// $Id$
5--dev
======
5--1.10
=======
IMPORTANT : this release fixes (minor) cross-site scripting (XSS) vulnerabilities
in nodereference.module, userreference.module and content_copy.module.
See the Security Annoucement on http://drupal.org/node/330546 for more information.
Other changes
- #316656 Default weight must be zero, not NULL, or form ordering will be incorrect.
- #309558 by mroswell : fix PHP doc typo.
- #281749 by asimmonds: fix '0' not parsed as an alias for allowed values.
......
......@@ -179,7 +179,7 @@ function content_copy_export($form_id, $form_values) {
include_once('./'. drupal_get_path('module', 'content') .'/content_admin.inc');
include_once('./'. drupal_get_path('module', 'content') .'/content_crud.inc');
include_once('./'. drupal_get_path('module', 'node') .'/content_types.inc');
// Set a global variable to tell when to intervene with form_alter().
$GLOBALS['content_copy']['status'] = 'export';
......@@ -188,9 +188,9 @@ function content_copy_export($form_id, $form_values) {
// Get an array of groups to export.
// Record a macro for each group by submitting the group edit form.
// TODO come back and do this without using drupal_execute().
if (is_array($form_values['groups']) && module_exists('fieldgroup')) {
$content_type = content_types($form_values['type_name']);
......@@ -203,9 +203,9 @@ function content_copy_export($form_id, $form_values) {
// Record a macro for each field by submitting the field settings form.
// Omit fields from the export if their module is not currently installed
// otherwise the system will generate errors when the macro tries to execute their forms.
// TODO come back and do this without using drupal_execute().
$type = content_types($form_values['type_name']);
foreach ((array) $form_values['fields'] as $field_name) {
......@@ -216,7 +216,7 @@ function content_copy_export($form_id, $form_values) {
$widget_module = $widget_types[$field['widget']['type']]['module'];
if (!empty($field_module) && module_exists($field_module) && !empty($widget_module) && module_exists($widget_module)) {
$values = content_field_instance_collapse($field);
$values = content_field_instance_collapse($field);
drupal_execute('_content_admin_field', $values, $form_values['type_name'], $field_name);
}
}
......@@ -227,14 +227,14 @@ function content_copy_export($form_id, $form_values) {
/**
* A form to import formatted text created with export.
*
*
* The macro can be filled from a file, if provided.
* Example:
*
*
* The macro can be filled from a file, if provided.
* Provide a type_name to force the fields to be added to a specific
* type, or leave out type_name to create a new content type.
*
*
* Example:
* // If Content Copy is enabled, offer an import link.
* if (module_exists('content_copy')) {
......@@ -575,7 +575,7 @@ function content_copy_types() {
$types = array();
$content_info = _content_type_info();
foreach ($content_info['content types'] as $type_name => $val) {
$types[$type_name] = $val['name'] .' ('. $type_name .')';
$types[$type_name] = check_plain($val['name']) .' ('. $type_name .')';
}
return $types;
}
......
......@@ -63,7 +63,7 @@ function content_views_field_tables($field) {
if ($field['multiple']) {
$addlfields[] = 'delta';
}
$table['fields'] = array();
$table['fields'][$main_column['column']] = array(
'name' => $field_types[$field['type']]['label'] .': '. $field['widget']['label'] .' ('. $field['field_name'] .')',
......
......@@ -42,7 +42,7 @@ function nodereference_field_settings($op, $field) {
'#title' => t('Content types that can be referenced'),
'#multiple' => TRUE,
'#default_value' => isset($field['referenceable_types']) ? $field['referenceable_types'] : array(),
'#options' => node_get_types('names'),
'#options' => array_map('check_plain', node_get_types('names')),
);
if (module_exists('views')) {
$views = array('--' => '--');
......
......@@ -426,7 +426,7 @@ function userreference_user($op, &$edit, &$account, $category = NULL) {
}
if (isset($values[$node_type])) {
$links[$node_type] = array(
'title' => $node_types[$node_type]['name'],
'title' => check_plain($node_types[$node_type]['name']),
'value' => theme('item_list', $values[$node_type])
);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment