SA-CONTRIB-2019-033.patch 2.78 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
diff --git a/eu_cookie_compliance.module b/eu_cookie_compliance.module
index 000dbc7..424a8c0 100644
--- a/eu_cookie_compliance.module
+++ b/eu_cookie_compliance.module
@@ -43,10 +43,10 @@ function eu_cookie_compliance_footer() {
   $popup_settings = eu_cookie_compliance_get_settings();
   if (!empty($popup_settings['popup_enabled']) && user_access( 'see EU Cookie Compliance popup' )) {
     global $language;
-    $popup_text_info = str_replace(array("\r", "\n"), '', $popup_settings['popup_info']['value']);
-    $popup_text_agreed = str_replace(array("\r", "\n"), '', $popup_settings['popup_agreed']['value']);
-    $html_info = theme('eu_cookie_compliance_popup_info', check_markup($popup_text_info, $popup_settings['popup_info']['format'], FALSE),$popup_settings['popup_agree_button_message'],$popup_settings['popup_disagree_button_message']);
-    $html_agreed = theme('eu_cookie_compliance_popup_agreed', check_markup($popup_text_agreed, $popup_settings['popup_agreed']['format'], FALSE),$popup_settings['popup_hide_button_message'],$popup_settings['popup_find_more_button_message']);
+    $popup_text_info = str_replace(array("\r", "\n"), '', filter_xss($popup_settings['popup_info']['value']));
+    $popup_text_agreed = str_replace(array("\r", "\n"), '', filter_xss($popup_settings['popup_agreed']['value']));
+    $html_info = theme('eu_cookie_compliance_popup_info', check_markup($popup_text_info, $popup_settings['popup_info']['format'], FALSE), filter_xss($popup_settings['popup_agree_button_message']), filter_xss($popup_settings['popup_disagree_button_message']));
+    $html_agreed = theme('eu_cookie_compliance_popup_agreed', check_markup($popup_text_agreed, $popup_settings['popup_agreed']['format'], FALSE), filter_xss($popup_settings['popup_hide_button_message']), filter_xss($popup_settings['popup_find_more_button_message']));
     $clicking_confirmation = (isset($popup_settings['popup_clicking_confirmation']))? $popup_settings['popup_clicking_confirmation'] : TRUE ;
     $variables = array(
       'popup_enabled' => $popup_settings['popup_enabled'],
@@ -60,7 +60,7 @@ function eu_cookie_compliance_footer() {
       'popup_height' => ($popup_settings['popup_height']) ? (int) $popup_settings['popup_height'] : 'auto',
       'popup_width' => (drupal_substr($popup_settings['popup_width'], -1) == '%') ? $popup_settings['popup_width'] : (int) $popup_settings['popup_width'],
       'popup_delay' => (int) ($popup_settings['popup_delay'] * 1000),
-      'popup_link' => empty($popup_settings['popup_link']) ? FALSE : $popup_settings['popup_link'],
+      'popup_link' => empty($popup_settings['popup_link']) ? FALSE : url($popup_settings['popup_link']),
       'popup_position' => empty($popup_settings['popup_position']) ? NULL : $popup_settings['popup_position'],
       'popup_language' => $language->language,
     );