- Patch #461938 by c960657, Kars-T, Garrett Albright, dsdeiz, JamesAn,...

- Patch #461938 by c960657, Kars-T, Garrett Albright, dsdeiz, JamesAn, grendzy: Fixed inconsistent use of filter_xss_admin() on () and ().

- Patch #461938 by c960657, Kars-T, Garrett Albright, dsdeiz, JamesAn,...
- Patch #461938 by c960657, Kars-T, Garrett Albright, dsdeiz, JamesAn, grendzy: Fixed inconsistent use of filter_xss_admin() on () and ().
12ef20ce · Dries · f82ad874 · 12ef20ce · 12ef20ce · 12ef20ce
Commit 12ef20ce authored Jul 29, 2012 by Dries
4 changed files
--- a/core/includes/theme.inc
+++ b/core/includes/theme.inc
@@ -2485,7 +2485,7 @@ function template_preprocess_html(&$variables) {
  else {
    $head_title = array('name' => check_plain($site_config->get('name')));
    if ($site_config->get('slogan')) {
-      $head_title['slogan'] = filter_xss_admin($site_config->get('slogan'));
+      $head_title['slogan'] = strip_tags(filter_xss_admin($site_config->get('slogan')));
    }
  }
  $variables['head_title_array'] = $head_title;
@@ -2580,7 +2580,7 @@ function template_preprocess_page(&$variables) {
  $variables['main_menu']         = theme_get_setting('toggle_main_menu') ? menu_main_menu() : array();
  $variables['secondary_menu']    = theme_get_setting('toggle_secondary_menu') ? menu_secondary_menu() : array();
  $variables['action_links']      = menu_local_actions();
-  $variables['site_name']         = (theme_get_setting('toggle_name') ? filter_xss_admin($site_config->get('name')) : '');
+  $variables['site_name']         = (theme_get_setting('toggle_name') ? check_plain($site_config->get('name')) : '');
  $variables['site_slogan']       = (theme_get_setting('toggle_slogan') ? filter_xss_admin($site_config->get('slogan')) : '');
  $variables['tabs']              = menu_local_tabs();

@@ -2771,13 +2771,13 @@ function template_preprocess_maintenance_page(&$variables) {
  if (drupal_get_title()) {
    $head_title = array(
      'title' => strip_tags(drupal_get_title()),
-      'name' => $site_name,
+      'name' => check_plain($site_name),
    );
  }
  else {
-    $head_title = array('name' => $site_name);
+    $head_title = array('name' => check_plain($site_name));
    if ($site_slogan) {
-      $head_title['slogan'] = $site_slogan;
+      $head_title['slogan'] = strip_tags(filter_xss_admin($site_slogan));
    }
  }

@@ -2794,8 +2794,8 @@ function template_preprocess_maintenance_page(&$variables) {
  $variables['messages']          = $variables['show_messages'] ? theme('status_messages') : '';
  $variables['main_menu']         = array();
  $variables['secondary_menu']    = array();
-  $variables['site_name']         = (theme_get_setting('toggle_name') ? $site_name : '');
-  $variables['site_slogan']       = (theme_get_setting('toggle_slogan') ? $site_slogan : '');
+  $variables['site_name']         = (theme_get_setting('toggle_name') ? check_plain($site_name) : '');
+  $variables['site_slogan']       = (theme_get_setting('toggle_slogan') ? filter_xss_admin($site_slogan) : '');
  $variables['tabs']              = '';
  $variables['title']             = drupal_get_title();


--- a/core/modules/system/lib/Drupal/system/Tests/System/TokenReplaceTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/System/TokenReplaceTest.php
@@ -119,7 +119,7 @@ function testSystemSiteTokenReplacement() {
    // Generate and test sanitized tokens.
    $tests = array();
    $tests['[site:name]'] = check_plain(config('system.site')->get('name'));
-    $tests['[site:slogan]'] = check_plain(config('system.site')->get('slogan'));
+    $tests['[site:slogan]'] = filter_xss_admin(config('system.site')->get('slogan'));
    $tests['[site:mail]'] = 'simpletest@example.com';
    $tests['[site:url]'] = url('<front>', $url_options);
    $tests['[site:url-brief]'] = preg_replace(array('!^https?://!', '!/$!'), '', url('<front>', $url_options));

--- a/core/modules/system/system.tokens.inc
+++ b/core/modules/system/system.tokens.inc
@@ -151,7 +151,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a

        case 'slogan':
          $slogan = config('system.site')->get('slogan');
-          $replacements[$original] = $sanitize ? check_plain($slogan) : $slogan;
+          $replacements[$original] = $sanitize ? filter_xss_admin($slogan) : $slogan;
          break;

        case 'mail':

--- a/core/themes/bartik/template.php
+++ b/core/themes/bartik/template.php
@@ -54,7 +54,7 @@ function bartik_process_page(&$variables) {
  $variables['hide_site_slogan'] = theme_get_setting('toggle_slogan') ? FALSE : TRUE;
  if ($variables['hide_site_name']) {
    // If toggle_name is FALSE, the site_name will be empty, so we rebuild it.
-    $variables['site_name'] = filter_xss_admin($site_config->get('name'));
+    $variables['site_name'] = check_plain($site_config->get('name'));
  }
  if ($variables['hide_site_slogan']) {
    // If toggle_site_slogan is FALSE, the site_slogan will be empty, so we rebuild it.
@@ -102,7 +102,7 @@ function bartik_process_maintenance_page(&$variables) {
  $variables['hide_site_slogan'] = theme_get_setting('toggle_slogan') ? FALSE : TRUE;
  if ($variables['hide_site_name']) {
    // If toggle_name is FALSE, the site_name will be empty, so we rebuild it.
-    $variables['site_name'] = filter_xss_admin($site_config->get('name'));
+    $variables['site_name'] = check_plain($site_config->get('name'));
  }
  if ($variables['hide_site_slogan']) {
    // If toggle_site_slogan is FALSE, the site_slogan will be empty, so we rebuild it.