- Patch #162381 by Heine et al: properly escape strings.

modules/blogapi/blogapi.module

@@ -537,7 +537,7 @@ function blogapi_blogger_title(&$contents) {
 }
 
 function blogapi_admin_settings() {
-  $node_types = node_get_types('names');
+  $node_types = array_map('check_plain', node_get_types('names'));
   $defaults = isset($node_types['blog']) ? array('blog' => 1) : array();
   $form['blogapi_node_types'] = array(
     '#type' => 'checkboxes',

modules/filter/filter.install

@@ -17,7 +17,7 @@ function filter_schema() {
         'type' => 'int',
         'not null' => TRUE,
         'default' => 0,
-        'description' => t('Foreign Key: The {filter_formats}.format to which this filter is assigned.'),
+        'description' => t('Foreign key: The {filter_formats}.format to which this filter is assigned.'),
       ),
       'module' => array(
         'type' => 'varchar',

modules/node/content_types.inc

@@ -18,7 +18,6 @@ function node_overview_types() {
   foreach ($names as $key => $name) {
     $type = $types[$key];
     if (node_hook($type, 'form')) {
-      $name = check_plain($name);
       $type_url_str = str_replace('_', '-', $type->type);
       $row = array(
         l($name, 'admin/content/types/'. $type_url_str),

modules/node/node.admin.inc

@@ -385,7 +385,7 @@ function node_admin_nodes() {
   while ($node = db_fetch_object($result)) {
     $nodes[$node->nid] = '';
     $form['title'][$node->nid] = array('#value' => l($node->title, 'node/'. $node->nid) .' '. theme('mark', node_mark($node->nid, $node->changed)));
-    $form['name'][$node->nid] =  array('#value' => node_get_types('name', $node));
+    $form['name'][$node->nid] =  array('#value' => check_plain(node_get_types('name', $node)));
     $form['username'][$node->nid] = array('#value' => theme('username', $node));
     $form['status'][$node->nid] =  array('#value' =>  ($node->status ? t('published') : t('not published')));
     if ($multilanguage) {

modules/node/node.module

@@ -1078,7 +1078,7 @@ function node_search($op = 'search', $keys = NULL) {
       $form = array();
       // Output form for defining rank factor weights.
       $form['content_ranking'] = array(
-        '#type' => 'fieldset', 
+        '#type' => 'fieldset',
         '#title' => t('Content ranking'),
       );
       $form['content_ranking']['#theme'] = 'node_search_admin';
@@ -1099,9 +1099,9 @@ function node_search($op = 'search', $keys = NULL) {
       $options = drupal_map_assoc(range(0, 10));
       foreach ($ranking as $var => $title) {
         $form['content_ranking']['factors'][$var] = array(
-          '#title' => $title, 
-          '#type' => 'select', 
-          '#options' => $options, 
+          '#title' => $title,
+          '#type' => 'select',
+          '#options' => $options,
           '#default_value' => variable_get($var, 5),
         );
       }
@@ -1199,7 +1199,7 @@ function node_search($op = 'search', $keys = NULL) {
 
         $extra = node_invoke_nodeapi($node, 'search result');
         $results[] = array('link' => url('node/'. $item->sid, array('absolute' => TRUE)),
-                           'type' => node_get_types('name', $node),
+                           'type' => check_plain(node_get_types('name', $node)),
                            'title' => $node->title,
                            'user' => theme('username', $node),
                            'date' => $node->changed,
@@ -1699,7 +1699,7 @@ function node_form_alter(&$form, $form_state, $form_id) {
     }
 
     // Node types:
-    $types = node_get_types('names');
+    $types = array_map('check_plain', node_get_types('names'));
     $form['advanced']['type'] = array(
       '#type' => 'checkboxes',
       '#title' => t('Only of the type(s)'),

modules/node/node.pages.inc

@@ -116,14 +116,14 @@ function node_form(&$form_state, $node) {
    */
   foreach (array('nid', 'vid', 'uid', 'created', 'type', 'language') as $key) {
     $form[$key] = array(
-      '#type' => 'value', 
+      '#type' => 'value',
       '#value' => isset($node->$key) ? $node->$key : NULL,
     );
   }
 
   // Changed must be sent to the client, for later overwrite error checking.
   $form['changed'] = array(
-    '#type' => 'hidden', 
+    '#type' => 'hidden',
     '#default_value' => isset($node->changed) ? $node->changed : NULL,
   );
   // Get the node-specific bits.
@@ -171,18 +171,18 @@ function node_form(&$form_state, $node) {
     '#weight' => 20,
   );
   $form['author']['name'] = array(
-    '#type' => 'textfield', 
-    '#title' => t('Authored by'), 
-    '#maxlength' => 60, 
-    '#autocomplete_path' => 'user/autocomplete', 
-    '#default_value' => $node->name ? $node->name : '', 
-    '#weight' => -1, 
+    '#type' => 'textfield',
+    '#title' => t('Authored by'),
+    '#maxlength' => 60,
+    '#autocomplete_path' => 'user/autocomplete',
+    '#default_value' => $node->name ? $node->name : '',
+    '#weight' => -1,
     '#description' => t('Leave blank for %anonymous.', array('%anonymous' => variable_get('anonymous', t('Anonymous')))),
   );
   $form['author']['date'] = array(
-    '#type' => 'textfield', 
-    '#title' => t('Authored on'), 
-    '#maxlength' => 25, 
+    '#type' => 'textfield',
+    '#title' => t('Authored on'),
+    '#maxlength' => 25,
     '#description' => t('Format: %time. Leave blank to use the time of form submission.', array('%time' => !empty($node->date) ? $node->date : format_date($node->created, 'custom', 'Y-m-d H:i:s O'))),
   );
 
@@ -200,25 +200,25 @@ function node_form(&$form_state, $node) {
     '#weight' => 25,
   );
   $form['options']['status'] = array(
-    '#type' => 'checkbox', 
-    '#title' => t('Published'), 
+    '#type' => 'checkbox',
+    '#title' => t('Published'),
     '#default_value' => $node->status,
   );
   $form['options']['promote'] = array(
-    '#type' => 'checkbox', 
-    '#title' => t('Promoted to front page'), 
+    '#type' => 'checkbox',
+    '#title' => t('Promoted to front page'),
     '#default_value' => $node->promote,
   );
   $form['options']['sticky'] = array(
-    '#type' => 'checkbox', 
-    '#title' => t('Sticky at top of lists'), 
+    '#type' => 'checkbox',
+    '#title' => t('Sticky at top of lists'),
     '#default_value' => $node->sticky,
   );
 
   // These values are used when the user has no administrator access.
   foreach (array('uid', 'created') as $key) {
     $form[$key] = array(
-      '#type' => 'value', 
+      '#type' => 'value',
       '#value' => $node->$key,
     );
   }
@@ -465,7 +465,7 @@ function node_form_submit_build_node($form, &$form_state) {
  */
 function node_delete_confirm(&$form_state, $node) {
   $form['nid'] = array(
-    '#type' => 'value', 
+    '#type' => 'value',
     '#value' => $node->nid,
   );
 
@@ -473,7 +473,7 @@ function node_delete_confirm(&$form_state, $node) {
     t('Are you sure you want to delete %title?', array('%title' => $node->title)),
     isset($_GET['destination']) ? $_GET['destination'] : 'node/'. $node->nid,
     t('This action cannot be undone.'),
-    t('Delete'), 
+    t('Delete'),
     t('Cancel')
   );
 }

modules/poll/poll.module

@@ -522,7 +522,9 @@ function poll_teaser($node) {
   $teaser = NULL;
   if (is_array($node->choice)) {
     foreach ($node->choice as $k => $choice) {
-      $teaser .= '* '. $choice['chtext'] .'\n';
+      if ($choice['chtext'] != '') {
+        $teaser .= '* '. check_plain($choice['chtext']) ."\n";
+      }
     }
   }
   return $teaser;

modules/profile/profile.admin.inc

@@ -14,7 +14,7 @@ function profile_admin_overview() {
   $result = db_query('SELECT title, name, type, category, fid FROM {profile_fields} ORDER BY category, weight');
   $rows = array();
   while ($field = db_fetch_object($result)) {
-    $rows[] = array(check_plain($field->title), $field->name, _profile_field_types($field->type), $field->category, l(t('edit'), "admin/user/profile/edit/$field->fid"), l(t('delete'), "admin/user/profile/delete/$field->fid"));
+    $rows[] = array(check_plain($field->title), check_plain($field->name), _profile_field_types($field->type), check_plain($field->category), l(t('edit'), "admin/user/profile/edit/$field->fid"), l(t('delete'), "admin/user/profile/delete/$field->fid"));
   }
   if (count($rows) == 0) {
     $rows[] = array(array('data' => t('No fields defined.'), 'colspan' => '6'));

modules/profile/profile.module

@@ -140,7 +140,7 @@ function profile_block($op = 'list', $delta = 0, $edit = array()) {
     $fields = array();
     $result = db_query('SELECT name, title, weight, visibility FROM {profile_fields} WHERE visibility IN (%d, %d) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS);
     while ($record = db_fetch_object($result)) {
-      $fields[$record->name] = $record->title;
+      $fields[$record->name] = check_plain($record->title);
     }
     $fields['user_profile'] = t('Link to full user profile');
     $form['profile_block_author_fields'] = array('#type' => 'checkboxes',
@@ -342,7 +342,7 @@ function profile_form_profile($edit, $user, $category, $register = FALSE) {
   while ($field = db_fetch_object($result)) {
     $category = $field->category;
     if (!isset($fields[$category])) {
-      $fields[$category] = array('#type' => 'fieldset', '#title' => $category, '#weight' => $weight++);
+      $fields[$category] = array('#type' => 'fieldset', '#title' => check_plain($category), '#weight' => $w++);
     }
     switch ($field->type) {
       case 'textfield':
@@ -482,7 +482,7 @@ function template_preprocess_profile_block(&$variables) {
   // Supply filtered version of $fields that have values.
   foreach ($variables['fields'] as $field) {
     if ($field->value) {
-      $variables['profile'][$field->name]->title = $field->title;
+      $variables['profile'][$field->name]->title = check_plain($field->title);
       $variables['profile'][$field->name]->value = $field->value;
       $variables['profile'][$field->name]->type = $field->type;
     }

modules/system/system-rtl.css

 /* $Id$ */
 
 thead th {
-  text-align: right; 
-  padding-left: 1em; 
+  text-align: right;
+  padding-left: 1em;
   padding-right: 0.5em;
 }
 

modules/taxonomy/taxonomy.admin.inc

@@ -8,7 +8,7 @@
 
 /**
  * Form builder to list and manage vocabularies.
- * 
+ *
  * @ingroup forms
  * @see taxonomy_overview_vocabularies_submit().
  * @see theme_taxonomy_overview_vocabularies().
@@ -20,7 +20,7 @@ function taxonomy_overview_vocabularies() {
     $types = array();
     foreach ($vocabulary->nodes as $type) {
       $node_type = node_get_types('name', $type);
-      $types[] = $node_type ? $node_type : $type;
+      $types[] = $node_type ? check_plain($node_type) : check_plain($type);
     }
     $form[$vocabulary->vid]['#vocabulary'] = (array)$vocabulary;
     $form[$vocabulary->vid]['name'] = array('#value' => check_plain($vocabulary->name));
@@ -44,7 +44,7 @@ function taxonomy_overview_vocabularies() {
 
 /**
  * Submit handler for vocabularies overview. Updates changed vocabulary weights.
- * 
+ *
  * @see taxonomy_overview_vocabularies().
  */
 function taxonomy_overview_vocabularies_submit($form, &$form_state) {
@@ -58,7 +58,7 @@ function taxonomy_overview_vocabularies_submit($form, &$form_state) {
 
 /**
  * Theme the vocabulary overview as a sortable list of vocabularies.
- * 
+ *
  * @ingroup themeable
  * @see taxonomy_overview_vocabularies().
  */
@@ -91,7 +91,7 @@ function theme_taxonomy_overview_vocabularies($form) {
     drupal_add_tabledrag('taxonomy', 'order', 'sibling', 'vocabulary-weight');
   }
   $header[] = array('data' => t('Operations'), 'colspan' => '3');
-  return theme('table', $header, $rows, array('id' => 'taxonomy')) . drupal_render($form);  
+  return theme('table', $header, $rows, array('id' => 'taxonomy')) . drupal_render($form);
 }
 
 /**
@@ -144,7 +144,7 @@ function taxonomy_form_vocabulary(&$form_state, $edit = array()) {
   $form['content_types']['nodes'] = array('#type' => 'checkboxes',
     '#title' => t('Content types'),
     '#default_value' => $edit['nodes'],
-    '#options' => node_get_types('names'),
+    '#options' => array_map('check_plain', node_get_types('names')),
     '#description' => t('Select content types to categorize using this vocabulary.'),
   );
   $form['settings'] = array(
@@ -235,10 +235,10 @@ function taxonomy_admin_term_edit($tid) {
 
 /**
  * Form builder for the taxonomy terms overview.
- * 
+ *
  * Display a tree of all the terms in a vocabulary, with options to edit
  * each one. The form is made drag and drop by the theme function.
- * 
+ *
  * @ingroup forms
  * @see taxonomy_overview_terms_submit().
  * @see theme_taxonomy_overview_terms().
@@ -428,17 +428,17 @@ function taxonomy_overview_terms(&$form_state, $vocabulary) {
 
 /**
  * Submit handler for terms overview form.
- * 
+ *
  * Rather than using a textfield or weight field, this form depends entirely
  * upon the order of form elements on the page to determine new weights.
- * 
+ *
  * Because there might be hundreds or thousands of taxonomy terms that need to
  * be ordered, terms are weighted from 0 to the number of terms in the
  * vocabulary, rather than the standard -10 to 10 scale. Numbers are sorted
  * lowest to highest, but are not necessarily sequential. Numbers may be skipped
  * when a term has children so that reordering is minimal when a child is
  * added or removed from a term.
- * 
+ *
  * @see taxonomy_overview_terms().
  */
 function taxonomy_overview_terms_submit($form, &$form_state) {
@@ -533,7 +533,7 @@ function taxonomy_overview_terms_submit($form, &$form_state) {
 
 /**
  * Theme the terms overview as a sortable list of terms.
- * 
+ *
  * @ingroup themeable
  * @see taxonomy_overview_terms().
  */
@@ -732,7 +732,7 @@ function taxonomy_form_term(&$form_state, $vocabulary, $edit = array()) {
 
 /**
  * Validation handler for the term edit form. Ensure numeric weight values.
- * 
+ *
  * @see taxonomy_form_term().
  */
 function taxonomy_form_term_validate($form, &$form_state) {
@@ -743,7 +743,7 @@ function taxonomy_form_term_validate($form, &$form_state) {
 
 /**
  * Submit handler to insert or update a term.
- * 
+ *
  * @see taxonomy_form_term().
  */
 function taxonomy_form_term_submit($form, &$form_state) {
@@ -783,7 +783,7 @@ function taxonomy_form_term_submit($form, &$form_state) {
       $current_parent_count = 0;
       $form_state['values']['parent'] = array();
     }
-  
+
     // If the number of parents has been reduced to one or none, do a check on the
     // parents of every term in the vocabulary value.
     if ($current_parent_count < $previous_parent_count && $current_parent_count < 2) {
@@ -804,7 +804,7 @@ function taxonomy_form_term_submit($form, &$form_state) {
 
 /**
  * Form builder for the confirmation of multiple term parents.
- * 
+ *
  * @ingroup forms
  * @see taxonomy_form_term().
  */
@@ -846,7 +846,7 @@ function taxonomy_term_confirm_delete(&$form_state, $tid) {
 
 /**
  * Submit handler to delete a term after confirmation.
- * 
+ *
  * @see taxonomy_term_confirm_delete().
  */
 function taxonomy_term_confirm_delete_submit($form, &$form_state) {
@@ -881,7 +881,7 @@ function taxonomy_vocabulary_confirm_delete(&$form_state, $vid) {
 
 /**
  * Submit handler to delete a vocabulary after confirmation.
- * 
+ *
  * @see taxonomy_vocabulary_confirm_delete().
  */
 function taxonomy_vocabulary_confirm_delete_submit($form, &$form_state) {
@@ -894,7 +894,7 @@ function taxonomy_vocabulary_confirm_delete_submit($form, &$form_state) {
 
 /**
  * Form builder to confirm reseting a vocabulary to alphabetical order.
- * 
+ *
  * @ingroup forms
  * @see taxonomy_vocabulary_confirm_reset_alphabetical_submit().
  */
@@ -916,7 +916,7 @@ function taxonomy_vocabulary_confirm_reset_alphabetical(&$form_state, $vid) {
 
 /**
  * Submit handler to reset a vocabulary to alphabetical order after confirmation.
- * 
+ *
  * @see taxonomy_vocabulary_confirm_reset_alphabetical().
  */
 function taxonomy_vocabulary_confirm_reset_alphabetical_submit($form, &$form_state) {

modules/taxonomy/taxonomy.module

@@ -250,14 +250,14 @@ function taxonomy_del_vocabulary($vid) {
 
 /**
  * Dynamicly check and update the hierarachy flag of a vocabulary.
- * 
+ *
  * Checks the current parents of all terms in a vocabulary and updates the
  * vocabularies hierarchy setting to the lowest possible level. A hierarchy with
  * no parents in any of its terms will be given a hierarchy of 0. If terms
  * contain at most a single parent, the vocabulary will be given a hierarchy of
  * 1. If any term contain multiple parents, the vocabulary will be given a
  * hieararchy of 2.
- * 
+ *
  * @param $vocabulary
  *   An array of the vocabulary structure.
  * @param $changed_term

modules/tracker/tracker.pages.inc

@@ -50,7 +50,7 @@ function tracker_page($account = NULL, $set_title = FALSE) {
     }
 
     $rows[] = array(
-      node_get_types('name', $node->type),
+      check_plain(node_get_types('name', $node->type)),
       l($node->title, "node/$node->nid") .' '. theme('mark', node_mark($node->nid, $node->changed)),
       theme('username', $node),
       array('class' => 'replies', 'data' => $comments),

modules/user/user.pages.inc

@@ -206,7 +206,7 @@ function template_preprocess_user_profile_item(&$variables) {
  * @see user-profile-category.tpl.php
  */
 function template_preprocess_user_profile_category(&$variables) {
-  $variables['title'] = $variables['element']['#title'];
+  $variables['title'] = check_plain($variables['element']['#title']);
   $variables['profile_items'] = $variables['element']['#children'];
   $variables['attributes'] = '';
   if (isset($variables['element']['#attributes'])) {

themes/pushbutton/style-rtl.css

@@ -20,11 +20,11 @@ td#home {
 }
 
 td#home a:link img, td#home a:visited img {
-  background: transparent url(logo-active-rtl.jpg) repeat; 
+  background: transparent url(logo-active-rtl.jpg) repeat;
 }
 
 td#home a:hover img {
-  background: transparent url(logo-hover-rtl.jpg) repeat; 
+  background: transparent url(logo-hover-rtl.jpg) repeat;
 }
 
 #primary-menu .primary-links   {
@@ -47,7 +47,7 @@ ul.links li {
 }
 
 .tabs ul.primary {
-  padding: 0 10px 3px 0; 
+  padding: 0 10px 3px 0;
   height: 1.2em; /* FF hack, see float below */
   line-height: 1em; /* FF hack, see float below */
 }
@@ -57,13 +57,13 @@ ul.links li {
 /* @end FF hacks */
 
 .tabs ul.primary li a {
-  background: #fff url(tabs-off-rtl.png) right top no-repeat; 
-  border-style: none none none solid; 
+  background: #fff url(tabs-off-rtl.png) right top no-repeat;
+  border-style: none none none solid;
   margin-left: 10px;
   margin-right: 0;
 }
 .tabs ul.primary li.active a {
-  background: #369 url(tabs-on-rtl.png) right top no-repeat; 
+  background: #369 url(tabs-on-rtl.png) right top no-repeat;
   border-right: none;
   border-left: 2px solid #369;
 }
@@ -89,7 +89,7 @@ ul.links li {
 }
 
 .tabs ul.secondary li a.active {
-  background: #fff url(tabs-option-on.png) right center no-repeat; 
+  background: #fff url(tabs-option-on.png) right center no-repeat;
 }
 
 .tabs ul.secondary li a:hover {
@@ -97,11 +97,11 @@ ul.links li {
 }
 
 #menu {
-  text-align: left; 
+  text-align: left;
 }
 
 .node .content {
-  text-align: right; 
+  text-align: right;
 }
 
 .comment .content {
@@ -110,7 +110,7 @@ ul.links li {
 
 .block .title h3 {
   padding: 10px 30px 10px 5px;
-  background: transparent url(icon-block-rtl.png) right center no-repeat;  
+  background: transparent url(icon-block-rtl.png) right center no-repeat;
 }
 
 .node .picture {
@@ -128,7 +128,7 @@ ul.links li {
 }
 
 .comment .picture {
-  float: left; 
+  float: left;
 }
 
 .nav .links .next a:link {