Commit b3d87718 authored by dsnopek's avatar dsnopek Committed by dsnopek

Issue #3005728 by dsnopek: [lightbox2] Add D6LTS patch for SA-CONTRIB-2018-064

parent d8bd4dc8
diff --git a/lightbox2_handler_field_lightbox2.inc b/lightbox2_handler_field_lightbox2.inc
index b32f691..dbfa4d5 100644
--- a/lightbox2_handler_field_lightbox2.inc
+++ b/lightbox2_handler_field_lightbox2.inc
@@ -141,7 +141,12 @@ class lightbox2_handler_field_lightbox2 extends views_handler_field {
// div is hidden it won't show up as a lightbox. We also specify a group
// in the rel attribute in order to link the whole View together for paging.
$group_name = !empty($this->options['custom_group']) ? $this->options['custom_group'] : ($this->options['rel_group'] ? 'lightbox-popup-' . $this->view->name . '-' . implode('/', $this->view->args) : '');
- return "<a href='$link #lightbox-popup-{$i}' rel='lightmodal[{$group_name}|width:" . ($this->options['width'] ? $this->options['width'] : '600px') . ';height:' . ($this->options['height'] ? $this->options['height'] : '600px') . "][" . $caption . "]'>". $tokens["[{$this->options['trigger_field']}]"] ."</a>
+ $group_name = check_plain($group_name);
+ $width = $this->options['width'] ? check_plain($this->options['width']) : '600px';
+ $height = $this->options['height'] ? check_plain($this->options['height']) : '600px';
+ $trigger_field = filter_xss_admin($this->options['trigger_field']);
+
+ return "<a href='$link #lightbox-popup-{$i}' rel='lightmodal[{$group_name}|width:" . $width . ';height:' . $height . "][" . $caption . "]'>" . $tokens["[{$trigger_field}]"] . "</a>
<div style='display: none;'><div id='lightbox-popup-{$i}' class='lightbox-popup'>$popup</div></div>";
}
else {
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment