Commit f5dd4a8b authored by dsnopek's avatar dsnopek Committed by dsnopek

Issue #3085302 by dsnopek: [ubercart] Update for SA-CONTRIB-2019-070

parent 2aba929c
diff --git a/uc_order/uc_order.module b/uc_order/uc_order.module
index 9fcf32a6..84c1947d 100644
--- a/uc_order/uc_order.module
+++ b/uc_order/uc_order.module
@@ -1638,6 +1638,10 @@ function template_preprocess_uc_order(&$variables) {
break;
}
+ foreach ($variables['order']->products as $product) {
+ $product->title = check_plain($product->title);
+ $product->model = check_plain($product->model);
+ }
$variables['products'] = $variables['order']->products;
if (!is_array($variables['products'])) {
$variables['products'] = array();
@@ -1664,6 +1668,9 @@ function template_preprocess_uc_order(&$variables) {
if (!is_array($variables['line_items'])) {
$variables['line_items'] = array();
}
+ foreach ($variables['line_items'] as &$line_item) {
+ $line_item['title'] = check_plain($line_item['title']);
+ }
usort($variables['line_items'], 'uc_weight_sort');
// Generate tokens to use as template variables.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment