Commit b3457c75 authored by dsnopek's avatar dsnopek Committed by dsnopek

Issue #2920326 by dsnopek: [autologout] Add D6 patch for SA-CONTRIB-2017-081

parent f87bfc52
diff --git a/autologout.admin.inc b/autologout.admin.inc
index 8e5583a..abdce81 100644
--- a/autologout.admin.inc
+++ b/autologout.admin.inc
@@ -86,7 +86,9 @@ function autologout_settings() {
'#title' => t('Message to display to the user after they are logged out.'),
'#default_value' => variable_get('autologout_inactivity_message', 'You have been logged out due to inactivity.'),
'#size' => 40,
- '#description' => t('This message is displayed after the user was logged out due to inactivity. You can leave this blank to show no message to the user.'),
+ '#description' => t('This message is displayed after the user was logged out due to inactivity. You can leave this blank to show no message to the user.')
+ . ' ' . t('This text will passed through <a href="!url">filter_xss</a>.',
+ array('!url' => "https://api.drupal.org/api/drupal/includes%21common.inc/function/filter_xss/6.x")),
);
$form['autologout_use_watchdog'] = array(
diff --git a/autologout.module b/autologout.module
index 91587a4..db36289 100644
--- a/autologout.module
+++ b/autologout.module
@@ -700,7 +700,7 @@ function _autologout_logout_role($user) {
function _autologout_inactivity_message() {
$message = variable_get('autologout_inactivity_message', 'You have been logged out due to inactivity.');
if (!empty($message)) {
- drupal_set_message(t($message));
+ drupal_set_message(filter_xss(t($message)));
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment