Commit 3176e669 authored by Dries's avatar Dries

- Patch 4948 by Goba: the poll module uses check_output() on the poll options.
parent 51ee09cc
...@@ -286,7 +286,7 @@ function poll_view_voting(&$node, $main, $block, $links) { ...@@ -286,7 +286,7 @@ function poll_view_voting(&$node, $main, $block, $links) {
if ($node->choice) { if ($node->choice) {
foreach ($node->choice as $key => $value) { foreach ($node->choice as $key => $value) {
if ($value != "") { if ($value != "") {
$output .= "<div><input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" />". check_output($value) ."</div>"; $output .= "<div><input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" />". drupal_specialchars($value) ."</div>";
} }
} }
} }
...@@ -317,7 +317,7 @@ function poll_view_results(&$node, $main, $block, $links) { ...@@ -317,7 +317,7 @@ function poll_view_results(&$node, $main, $block, $links) {
if ($value != "") { if ($value != "") {
$width = round($node->chvotes[$key] * 100 / max($votestotal, 1)); $width = round($node->chvotes[$key] * 100 / max($votestotal, 1));
$percentage = round($node->chvotes[$key] * 100 / max($votestotal, 1)); $percentage = round($node->chvotes[$key] * 100 / max($votestotal, 1));
$output .= "<div class=\"text\">". check_output($value) ."</div>"; $output .= "<div class=\"text\">". drupal_specialchars($value) ."</div>";
$output .= "<div class=\"bar\">"; $output .= "<div class=\"bar\">";
$output .= "<div style=\"width: ". $width ."%;\" class=\"foreground\"></div>"; $output .= "<div style=\"width: ". $width ."%;\" class=\"foreground\"></div>";
$output .= "<div style=\"width: ". (100 - $width) ."%;\" class=\"background\"></div>"; $output .= "<div style=\"width: ". (100 - $width) ."%;\" class=\"background\"></div>";
......
...@@ -286,7 +286,7 @@ function poll_view_voting(&$node, $main, $block, $links) { ...@@ -286,7 +286,7 @@ function poll_view_voting(&$node, $main, $block, $links) {
if ($node->choice) { if ($node->choice) {
foreach ($node->choice as $key => $value) { foreach ($node->choice as $key => $value) {
if ($value != "") { if ($value != "") {
$output .= "<div><input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" />". check_output($value) ."</div>"; $output .= "<div><input type=\"radio\" name=\"pollvote[$node->nid]\" value=\"$key\" />". drupal_specialchars($value) ."</div>";
} }
} }
} }
...@@ -317,7 +317,7 @@ function poll_view_results(&$node, $main, $block, $links) { ...@@ -317,7 +317,7 @@ function poll_view_results(&$node, $main, $block, $links) {
if ($value != "") { if ($value != "") {
$width = round($node->chvotes[$key] * 100 / max($votestotal, 1)); $width = round($node->chvotes[$key] * 100 / max($votestotal, 1));
$percentage = round($node->chvotes[$key] * 100 / max($votestotal, 1)); $percentage = round($node->chvotes[$key] * 100 / max($votestotal, 1));
$output .= "<div class=\"text\">". check_output($value) ."</div>"; $output .= "<div class=\"text\">". drupal_specialchars($value) ."</div>";
$output .= "<div class=\"bar\">"; $output .= "<div class=\"bar\">";
$output .= "<div style=\"width: ". $width ."%;\" class=\"foreground\"></div>"; $output .= "<div style=\"width: ". $width ."%;\" class=\"foreground\"></div>";
$output .= "<div style=\"width: ". (100 - $width) ."%;\" class=\"background\"></div>"; $output .= "<div style=\"width: ". (100 - $width) ."%;\" class=\"background\"></div>";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment