Commit 6ad8b01a authored by Dries's avatar Dries
Browse files

- Patch #688100 by mr.baileys, scor: sanitize user-supplied block titles.

parent 053a1664
...@@ -463,7 +463,7 @@ function theme_dashboard_disabled_block($variables) { ...@@ -463,7 +463,7 @@ function theme_dashboard_disabled_block($variables) {
$output .= '<div id="block-' . $block['module'] . '-' . $block['delta'] $output .= '<div id="block-' . $block['module'] . '-' . $block['delta']
. '" class="disabled-block block block-' . $block['module'] . '-' . $block['delta'] . '" class="disabled-block block block-' . $block['module'] . '-' . $block['delta']
. ' module-' . $block['module'] . ' delta-' . $block['delta'] . '">' . ' module-' . $block['module'] . ' delta-' . $block['delta'] . '">'
. '<h2>' . (!empty($block['title']) && $block['title'] != '<none>' ? $block['title'] : $block['info']) . '</h2>' . '<h2>' . (!empty($block['title']) && $block['title'] != '<none>' ? check_plain($block['title']) : check_plain($block['info'])) . '</h2>'
. '<div class="content"></div>' . '<div class="content"></div>'
. '</div>'; . '</div>';
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment