From 3176e66905f2c6da3361b6a8cf1a5a0af7f2aada Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 4 Jan 2004 21:54:13 +0000
Subject: [PATCH] - Patch 4948 by Goba: the poll module uses check_output() on
 the poll options.

---
 modules/poll.module      | 4 ++--
 modules/poll/poll.module | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/poll.module b/modules/poll.module
index 8f17102235..ac1b798bad 100644
--- a/modules/poll.module
+++ b/modules/poll.module
@@ -286,7 +286,7 @@ function poll_view_voting(&$node, $main, $block, $links) {
   if ($node->choice) {
     foreach ($node->choice as $key => $value) {
       if ($value != "") {
-        $output .= "<div><input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" />". check_output($value) ."</div>";
+        $output .= "<div><input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" />". drupal_specialchars($value) ."</div>";
       }
     }
   }
@@ -317,7 +317,7 @@ function poll_view_results(&$node, $main, $block, $links) {
       if ($value != "") {
         $width = round($node->chvotes[$key] * 100 / max($votestotal, 1));
         $percentage = round($node->chvotes[$key] * 100 / max($votestotal, 1));
-        $output .= "<div class=\"text\">". check_output($value) ."</div>";
+        $output .= "<div class=\"text\">". drupal_specialchars($value) ."</div>";
         $output .= "<div class=\"bar\">";
         $output .= "<div style=\"width: ". $width ."%;\" class=\"foreground\"></div>";
         $output .= "<div style=\"width: ". (100 - $width) ."%;\" class=\"background\"></div>";
diff --git a/modules/poll/poll.module b/modules/poll/poll.module
index 8f17102235..ac1b798bad 100644
--- a/modules/poll/poll.module
+++ b/modules/poll/poll.module
@@ -286,7 +286,7 @@ function poll_view_voting(&$node, $main, $block, $links) {
   if ($node->choice) {
     foreach ($node->choice as $key => $value) {
       if ($value != "") {
-        $output .= "<div><input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" />". check_output($value) ."</div>";
+        $output .= "<div><input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" />". drupal_specialchars($value) ."</div>";
       }
     }
   }
@@ -317,7 +317,7 @@ function poll_view_results(&$node, $main, $block, $links) {
       if ($value != "") {
         $width = round($node->chvotes[$key] * 100 / max($votestotal, 1));
         $percentage = round($node->chvotes[$key] * 100 / max($votestotal, 1));
-        $output .= "<div class=\"text\">". check_output($value) ."</div>";
+        $output .= "<div class=\"text\">". drupal_specialchars($value) ."</div>";
         $output .= "<div class=\"bar\">";
         $output .= "<div style=\"width: ". $width ."%;\" class=\"foreground\"></div>";
         $output .= "<div style=\"width: ". (100 - $width) ."%;\" class=\"background\"></div>";
-- 
GitLab