Commit e85593fe authored by dsnopek's avatar dsnopek

Revert "Issue #2849119 by catch: Better Exposed filters SA-CONTRIB-2017-009"

This reverts commit fdc0e319.
parent fdc0e319
diff --git a/better_exposed_filters_exposed_form_plugin.inc b/better_exposed_filters_exposed_form_plugin.inc
index 30d888f..930ad24 100644
--- a/better_exposed_filters_exposed_form_plugin.inc
+++ b/better_exposed_filters_exposed_form_plugin.inc
@@ -123,7 +123,7 @@ class better_exposed_filters_exposed_form_plugin extends views_plugin_exposed_fo
// Add a description to the exposed filter
if (!empty($options['more_options']['bef_filter_description'])) {
- $form[$field_id]['#description'] = $options['more_options']['bef_filter_description'];
+ $form[$field_id]['#description'] = filter_xss_admin($options['more_options']['bef_filter_description']);
}
switch ($options['bef_format']) {
@@ -182,4 +182,4 @@ class better_exposed_filters_exposed_form_plugin extends views_plugin_exposed_fo
} // switch ($options['bef_format'])
} // foreach ($this->options['bef']...)
} // function exposed_form_alter(...)
-}
\ No newline at end of file
+}
diff --git a/better_exposed_filters_exposed_form_plugin.inc b/better_exposed_filters_exposed_form_plugin.inc
index e9e6f71..e4ce510 100644
--- a/better_exposed_filters_exposed_form_plugin.inc
+++ b/better_exposed_filters_exposed_form_plugin.inc
@@ -381,9 +381,9 @@ class better_exposed_filters_exposed_form_plugin extends views_plugin_exposed_fo
// Pass the description and title along in a way such that it doesn't get rendered as part of
// the exposed form widget. We'll render them as part of the fieldset.
- $form[$field_id]['#bef_description'] = $form[$field_id]['#description'];
+ $form[$field_id]['#bef_description'] = filter_xss_admin($form[$field_id]['#description']);
unset($form[$field_id]['#description']);
- $form[$field_id]['#bef_title'] = $form[$field_id]['#title'];
+ $form[$field_id]['#bef_title'] = check_plain($form[$field_id]['#title']);
unset($form[$field_id]['#title']);
// Take care of adding the fieldset in the theme layer
@@ -444,4 +444,4 @@ class better_exposed_filters_exposed_form_plugin extends views_plugin_exposed_fo
$form['submit']['#access'] = $show_apply;
} // function exposed_form_alter(...)
-}
\ No newline at end of file
+}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment