Commit b4ea7b35 authored by dsnopek's avatar dsnopek Committed by dsnopek

Issue #3038079 by dsnopek: [eu_cookie_compliance] Update for SA-CONTRIB-2019-033

parent 56ac5ec8
diff --git a/eu_cookie_compliance.module b/eu_cookie_compliance.module
index 000dbc7..424a8c0 100644
--- a/eu_cookie_compliance.module
+++ b/eu_cookie_compliance.module
@@ -43,10 +43,10 @@ function eu_cookie_compliance_footer() {
$popup_settings = eu_cookie_compliance_get_settings();
if (!empty($popup_settings['popup_enabled']) && user_access( 'see EU Cookie Compliance popup' )) {
global $language;
- $popup_text_info = str_replace(array("\r", "\n"), '', $popup_settings['popup_info']['value']);
- $popup_text_agreed = str_replace(array("\r", "\n"), '', $popup_settings['popup_agreed']['value']);
- $html_info = theme('eu_cookie_compliance_popup_info', check_markup($popup_text_info, $popup_settings['popup_info']['format'], FALSE),$popup_settings['popup_agree_button_message'],$popup_settings['popup_disagree_button_message']);
- $html_agreed = theme('eu_cookie_compliance_popup_agreed', check_markup($popup_text_agreed, $popup_settings['popup_agreed']['format'], FALSE),$popup_settings['popup_hide_button_message'],$popup_settings['popup_find_more_button_message']);
+ $popup_text_info = str_replace(array("\r", "\n"), '', filter_xss($popup_settings['popup_info']['value']));
+ $popup_text_agreed = str_replace(array("\r", "\n"), '', filter_xss($popup_settings['popup_agreed']['value']));
+ $html_info = theme('eu_cookie_compliance_popup_info', check_markup($popup_text_info, $popup_settings['popup_info']['format'], FALSE), filter_xss($popup_settings['popup_agree_button_message']), filter_xss($popup_settings['popup_disagree_button_message']));
+ $html_agreed = theme('eu_cookie_compliance_popup_agreed', check_markup($popup_text_agreed, $popup_settings['popup_agreed']['format'], FALSE), filter_xss($popup_settings['popup_hide_button_message']), filter_xss($popup_settings['popup_find_more_button_message']));
$clicking_confirmation = (isset($popup_settings['popup_clicking_confirmation']))? $popup_settings['popup_clicking_confirmation'] : TRUE ;
$variables = array(
'popup_enabled' => $popup_settings['popup_enabled'],
@@ -60,7 +60,7 @@ function eu_cookie_compliance_footer() {
'popup_height' => ($popup_settings['popup_height']) ? (int) $popup_settings['popup_height'] : 'auto',
'popup_width' => (drupal_substr($popup_settings['popup_width'], -1) == '%') ? $popup_settings['popup_width'] : (int) $popup_settings['popup_width'],
'popup_delay' => (int) ($popup_settings['popup_delay'] * 1000),
- 'popup_link' => empty($popup_settings['popup_link']) ? FALSE : $popup_settings['popup_link'],
+ 'popup_link' => empty($popup_settings['popup_link']) ? FALSE : url($popup_settings['popup_link']),
'popup_position' => empty($popup_settings['popup_position']) ? NULL : $popup_settings['popup_position'],
'popup_language' => $language->language,
);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment