Commit 7a47bef5 authored by Dries's avatar Dries

- Patch #162381 by Heine et al: properly escape strings.

parent 673aba15
......@@ -537,7 +537,7 @@ function blogapi_blogger_title(&$contents) {
}
function blogapi_admin_settings() {
$node_types = node_get_types('names');
$node_types = array_map('check_plain', node_get_types('names'));
$defaults = isset($node_types['blog']) ? array('blog' => 1) : array();
$form['blogapi_node_types'] = array(
'#type' => 'checkboxes',
......
......@@ -17,7 +17,7 @@ function filter_schema() {
'type' => 'int',
'not null' => TRUE,
'default' => 0,
'description' => t('Foreign Key: The {filter_formats}.format to which this filter is assigned.'),
'description' => t('Foreign key: The {filter_formats}.format to which this filter is assigned.'),
),
'module' => array(
'type' => 'varchar',
......
......@@ -18,7 +18,6 @@ function node_overview_types() {
foreach ($names as $key => $name) {
$type = $types[$key];
if (node_hook($type, 'form')) {
$name = check_plain($name);
$type_url_str = str_replace('_', '-', $type->type);
$row = array(
l($name, 'admin/content/types/'. $type_url_str),
......
......@@ -385,7 +385,7 @@ function node_admin_nodes() {
while ($node = db_fetch_object($result)) {
$nodes[$node->nid] = '';
$form['title'][$node->nid] = array('#value' => l($node->title, 'node/'. $node->nid) .' '. theme('mark', node_mark($node->nid, $node->changed)));
$form['name'][$node->nid] = array('#value' => node_get_types('name', $node));
$form['name'][$node->nid] = array('#value' => check_plain(node_get_types('name', $node)));
$form['username'][$node->nid] = array('#value' => theme('username', $node));
$form['status'][$node->nid] = array('#value' => ($node->status ? t('published') : t('not published')));
if ($multilanguage) {
......
......@@ -1078,7 +1078,7 @@ function node_search($op = 'search', $keys = NULL) {
$form = array();
// Output form for defining rank factor weights.
$form['content_ranking'] = array(
'#type' => 'fieldset',
'#type' => 'fieldset',
'#title' => t('Content ranking'),
);
$form['content_ranking']['#theme'] = 'node_search_admin';
......@@ -1099,9 +1099,9 @@ function node_search($op = 'search', $keys = NULL) {
$options = drupal_map_assoc(range(0, 10));
foreach ($ranking as $var => $title) {
$form['content_ranking']['factors'][$var] = array(
'#title' => $title,
'#type' => 'select',
'#options' => $options,
'#title' => $title,
'#type' => 'select',
'#options' => $options,
'#default_value' => variable_get($var, 5),
);
}
......@@ -1199,7 +1199,7 @@ function node_search($op = 'search', $keys = NULL) {
$extra = node_invoke_nodeapi($node, 'search result');
$results[] = array('link' => url('node/'. $item->sid, array('absolute' => TRUE)),
'type' => node_get_types('name', $node),
'type' => check_plain(node_get_types('name', $node)),
'title' => $node->title,
'user' => theme('username', $node),
'date' => $node->changed,
......@@ -1699,7 +1699,7 @@ function node_form_alter(&$form, $form_state, $form_id) {
}
// Node types:
$types = node_get_types('names');
$types = array_map('check_plain', node_get_types('names'));
$form['advanced']['type'] = array(
'#type' => 'checkboxes',
'#title' => t('Only of the type(s)'),
......
......@@ -116,14 +116,14 @@ function node_form(&$form_state, $node) {
*/
foreach (array('nid', 'vid', 'uid', 'created', 'type', 'language') as $key) {
$form[$key] = array(
'#type' => 'value',
'#type' => 'value',
'#value' => isset($node->$key) ? $node->$key : NULL,
);
}
// Changed must be sent to the client, for later overwrite error checking.
$form['changed'] = array(
'#type' => 'hidden',
'#type' => 'hidden',
'#default_value' => isset($node->changed) ? $node->changed : NULL,
);
// Get the node-specific bits.
......@@ -171,18 +171,18 @@ function node_form(&$form_state, $node) {
'#weight' => 20,
);
$form['author']['name'] = array(
'#type' => 'textfield',
'#title' => t('Authored by'),
'#maxlength' => 60,
'#autocomplete_path' => 'user/autocomplete',
'#default_value' => $node->name ? $node->name : '',
'#weight' => -1,
'#type' => 'textfield',
'#title' => t('Authored by'),
'#maxlength' => 60,
'#autocomplete_path' => 'user/autocomplete',
'#default_value' => $node->name ? $node->name : '',
'#weight' => -1,
'#description' => t('Leave blank for %anonymous.', array('%anonymous' => variable_get('anonymous', t('Anonymous')))),
);
$form['author']['date'] = array(
'#type' => 'textfield',
'#title' => t('Authored on'),
'#maxlength' => 25,
'#type' => 'textfield',
'#title' => t('Authored on'),
'#maxlength' => 25,
'#description' => t('Format: %time. Leave blank to use the time of form submission.', array('%time' => !empty($node->date) ? $node->date : format_date($node->created, 'custom', 'Y-m-d H:i:s O'))),
);
......@@ -200,25 +200,25 @@ function node_form(&$form_state, $node) {
'#weight' => 25,
);
$form['options']['status'] = array(
'#type' => 'checkbox',
'#title' => t('Published'),
'#type' => 'checkbox',
'#title' => t('Published'),
'#default_value' => $node->status,
);
$form['options']['promote'] = array(
'#type' => 'checkbox',
'#title' => t('Promoted to front page'),
'#type' => 'checkbox',
'#title' => t('Promoted to front page'),
'#default_value' => $node->promote,
);
$form['options']['sticky'] = array(
'#type' => 'checkbox',
'#title' => t('Sticky at top of lists'),
'#type' => 'checkbox',
'#title' => t('Sticky at top of lists'),
'#default_value' => $node->sticky,
);
// These values are used when the user has no administrator access.
foreach (array('uid', 'created') as $key) {
$form[$key] = array(
'#type' => 'value',
'#type' => 'value',
'#value' => $node->$key,
);
}
......@@ -465,7 +465,7 @@ function node_form_submit_build_node($form, &$form_state) {
*/
function node_delete_confirm(&$form_state, $node) {
$form['nid'] = array(
'#type' => 'value',
'#type' => 'value',
'#value' => $node->nid,
);
......@@ -473,7 +473,7 @@ function node_delete_confirm(&$form_state, $node) {
t('Are you sure you want to delete %title?', array('%title' => $node->title)),
isset($_GET['destination']) ? $_GET['destination'] : 'node/'. $node->nid,
t('This action cannot be undone.'),
t('Delete'),
t('Delete'),
t('Cancel')
);
}
......
......@@ -522,7 +522,9 @@ function poll_teaser($node) {
$teaser = NULL;
if (is_array($node->choice)) {
foreach ($node->choice as $k => $choice) {
$teaser .= '* '. $choice['chtext'] .'\n';
if ($choice['chtext'] != '') {
$teaser .= '* '. check_plain($choice['chtext']) ."\n";
}
}
}
return $teaser;
......
......@@ -14,7 +14,7 @@ function profile_admin_overview() {
$result = db_query('SELECT title, name, type, category, fid FROM {profile_fields} ORDER BY category, weight');
$rows = array();
while ($field = db_fetch_object($result)) {
$rows[] = array(check_plain($field->title), $field->name, _profile_field_types($field->type), $field->category, l(t('edit'), "admin/user/profile/edit/$field->fid"), l(t('delete'), "admin/user/profile/delete/$field->fid"));
$rows[] = array(check_plain($field->title), check_plain($field->name), _profile_field_types($field->type), check_plain($field->category), l(t('edit'), "admin/user/profile/edit/$field->fid"), l(t('delete'), "admin/user/profile/delete/$field->fid"));
}
if (count($rows) == 0) {
$rows[] = array(array('data' => t('No fields defined.'), 'colspan' => '6'));
......
......@@ -140,7 +140,7 @@ function profile_block($op = 'list', $delta = 0, $edit = array()) {
$fields = array();
$result = db_query('SELECT name, title, weight, visibility FROM {profile_fields} WHERE visibility IN (%d, %d) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS);
while ($record = db_fetch_object($result)) {
$fields[$record->name] = $record->title;
$fields[$record->name] = check_plain($record->title);
}
$fields['user_profile'] = t('Link to full user profile');
$form['profile_block_author_fields'] = array('#type' => 'checkboxes',
......@@ -342,7 +342,7 @@ function profile_form_profile($edit, $user, $category, $register = FALSE) {
while ($field = db_fetch_object($result)) {
$category = $field->category;
if (!isset($fields[$category])) {
$fields[$category] = array('#type' => 'fieldset', '#title' => $category, '#weight' => $weight++);
$fields[$category] = array('#type' => 'fieldset', '#title' => check_plain($category), '#weight' => $w++);
}
switch ($field->type) {
case 'textfield':
......@@ -482,7 +482,7 @@ function template_preprocess_profile_block(&$variables) {
// Supply filtered version of $fields that have values.
foreach ($variables['fields'] as $field) {
if ($field->value) {
$variables['profile'][$field->name]->title = $field->title;
$variables['profile'][$field->name]->title = check_plain($field->title);
$variables['profile'][$field->name]->value = $field->value;
$variables['profile'][$field->name]->type = $field->type;
}
......
/* $Id$ */
thead th {
text-align: right;
padding-left: 1em;
text-align: right;
padding-left: 1em;
padding-right: 0.5em;
}
......
......@@ -8,7 +8,7 @@
/**
* Form builder to list and manage vocabularies.
*
*
* @ingroup forms
* @see taxonomy_overview_vocabularies_submit().
* @see theme_taxonomy_overview_vocabularies().
......@@ -20,7 +20,7 @@ function taxonomy_overview_vocabularies() {
$types = array();
foreach ($vocabulary->nodes as $type) {
$node_type = node_get_types('name', $type);
$types[] = $node_type ? $node_type : $type;
$types[] = $node_type ? check_plain($node_type) : check_plain($type);
}
$form[$vocabulary->vid]['#vocabulary'] = (array)$vocabulary;
$form[$vocabulary->vid]['name'] = array('#value' => check_plain($vocabulary->name));
......@@ -44,7 +44,7 @@ function taxonomy_overview_vocabularies() {
/**
* Submit handler for vocabularies overview. Updates changed vocabulary weights.
*
*
* @see taxonomy_overview_vocabularies().
*/
function taxonomy_overview_vocabularies_submit($form, &$form_state) {
......@@ -58,7 +58,7 @@ function taxonomy_overview_vocabularies_submit($form, &$form_state) {
/**
* Theme the vocabulary overview as a sortable list of vocabularies.
*
*
* @ingroup themeable
* @see taxonomy_overview_vocabularies().
*/
......@@ -91,7 +91,7 @@ function theme_taxonomy_overview_vocabularies($form) {
drupal_add_tabledrag('taxonomy', 'order', 'sibling', 'vocabulary-weight');
}
$header[] = array('data' => t('Operations'), 'colspan' => '3');
return theme('table', $header, $rows, array('id' => 'taxonomy')) . drupal_render($form);
return theme('table', $header, $rows, array('id' => 'taxonomy')) . drupal_render($form);
}
/**
......@@ -144,7 +144,7 @@ function taxonomy_form_vocabulary(&$form_state, $edit = array()) {
$form['content_types']['nodes'] = array('#type' => 'checkboxes',
'#title' => t('Content types'),
'#default_value' => $edit['nodes'],
'#options' => node_get_types('names'),
'#options' => array_map('check_plain', node_get_types('names')),
'#description' => t('Select content types to categorize using this vocabulary.'),
);
$form['settings'] = array(
......@@ -235,10 +235,10 @@ function taxonomy_admin_term_edit($tid) {
/**
* Form builder for the taxonomy terms overview.
*
*
* Display a tree of all the terms in a vocabulary, with options to edit
* each one. The form is made drag and drop by the theme function.
*
*
* @ingroup forms
* @see taxonomy_overview_terms_submit().
* @see theme_taxonomy_overview_terms().
......@@ -428,17 +428,17 @@ function taxonomy_overview_terms(&$form_state, $vocabulary) {
/**
* Submit handler for terms overview form.
*
*
* Rather than using a textfield or weight field, this form depends entirely
* upon the order of form elements on the page to determine new weights.
*
*
* Because there might be hundreds or thousands of taxonomy terms that need to
* be ordered, terms are weighted from 0 to the number of terms in the
* vocabulary, rather than the standard -10 to 10 scale. Numbers are sorted
* lowest to highest, but are not necessarily sequential. Numbers may be skipped
* when a term has children so that reordering is minimal when a child is
* added or removed from a term.
*
*
* @see taxonomy_overview_terms().
*/
function taxonomy_overview_terms_submit($form, &$form_state) {
......@@ -533,7 +533,7 @@ function taxonomy_overview_terms_submit($form, &$form_state) {
/**
* Theme the terms overview as a sortable list of terms.
*
*
* @ingroup themeable
* @see taxonomy_overview_terms().
*/
......@@ -732,7 +732,7 @@ function taxonomy_form_term(&$form_state, $vocabulary, $edit = array()) {
/**
* Validation handler for the term edit form. Ensure numeric weight values.
*
*
* @see taxonomy_form_term().
*/
function taxonomy_form_term_validate($form, &$form_state) {
......@@ -743,7 +743,7 @@ function taxonomy_form_term_validate($form, &$form_state) {
/**
* Submit handler to insert or update a term.
*
*
* @see taxonomy_form_term().
*/
function taxonomy_form_term_submit($form, &$form_state) {
......@@ -783,7 +783,7 @@ function taxonomy_form_term_submit($form, &$form_state) {
$current_parent_count = 0;
$form_state['values']['parent'] = array();
}
// If the number of parents has been reduced to one or none, do a check on the
// parents of every term in the vocabulary value.
if ($current_parent_count < $previous_parent_count && $current_parent_count < 2) {
......@@ -804,7 +804,7 @@ function taxonomy_form_term_submit($form, &$form_state) {
/**
* Form builder for the confirmation of multiple term parents.
*
*
* @ingroup forms
* @see taxonomy_form_term().
*/
......@@ -846,7 +846,7 @@ function taxonomy_term_confirm_delete(&$form_state, $tid) {
/**
* Submit handler to delete a term after confirmation.
*
*
* @see taxonomy_term_confirm_delete().
*/
function taxonomy_term_confirm_delete_submit($form, &$form_state) {
......@@ -881,7 +881,7 @@ function taxonomy_vocabulary_confirm_delete(&$form_state, $vid) {
/**
* Submit handler to delete a vocabulary after confirmation.
*
*
* @see taxonomy_vocabulary_confirm_delete().
*/
function taxonomy_vocabulary_confirm_delete_submit($form, &$form_state) {
......@@ -894,7 +894,7 @@ function taxonomy_vocabulary_confirm_delete_submit($form, &$form_state) {
/**
* Form builder to confirm reseting a vocabulary to alphabetical order.
*
*
* @ingroup forms
* @see taxonomy_vocabulary_confirm_reset_alphabetical_submit().
*/
......@@ -916,7 +916,7 @@ function taxonomy_vocabulary_confirm_reset_alphabetical(&$form_state, $vid) {
/**
* Submit handler to reset a vocabulary to alphabetical order after confirmation.
*
*
* @see taxonomy_vocabulary_confirm_reset_alphabetical().
*/
function taxonomy_vocabulary_confirm_reset_alphabetical_submit($form, &$form_state) {
......
......@@ -250,14 +250,14 @@ function taxonomy_del_vocabulary($vid) {
/**
* Dynamicly check and update the hierarachy flag of a vocabulary.
*
*
* Checks the current parents of all terms in a vocabulary and updates the
* vocabularies hierarchy setting to the lowest possible level. A hierarchy with
* no parents in any of its terms will be given a hierarchy of 0. If terms
* contain at most a single parent, the vocabulary will be given a hierarchy of
* 1. If any term contain multiple parents, the vocabulary will be given a
* hieararchy of 2.
*
*
* @param $vocabulary
* An array of the vocabulary structure.
* @param $changed_term
......
......@@ -50,7 +50,7 @@ function tracker_page($account = NULL, $set_title = FALSE) {
}
$rows[] = array(
node_get_types('name', $node->type),
check_plain(node_get_types('name', $node->type)),
l($node->title, "node/$node->nid") .' '. theme('mark', node_mark($node->nid, $node->changed)),
theme('username', $node),
array('class' => 'replies', 'data' => $comments),
......
......@@ -206,7 +206,7 @@ function template_preprocess_user_profile_item(&$variables) {
* @see user-profile-category.tpl.php
*/
function template_preprocess_user_profile_category(&$variables) {
$variables['title'] = $variables['element']['#title'];
$variables['title'] = check_plain($variables['element']['#title']);
$variables['profile_items'] = $variables['element']['#children'];
$variables['attributes'] = '';
if (isset($variables['element']['#attributes'])) {
......
......@@ -20,11 +20,11 @@ td#home {
}
td#home a:link img, td#home a:visited img {
background: transparent url(logo-active-rtl.jpg) repeat;
background: transparent url(logo-active-rtl.jpg) repeat;
}
td#home a:hover img {
background: transparent url(logo-hover-rtl.jpg) repeat;
background: transparent url(logo-hover-rtl.jpg) repeat;
}
#primary-menu .primary-links {
......@@ -47,7 +47,7 @@ ul.links li {
}
.tabs ul.primary {
padding: 0 10px 3px 0;
padding: 0 10px 3px 0;
height: 1.2em; /* FF hack, see float below */
line-height: 1em; /* FF hack, see float below */
}
......@@ -57,13 +57,13 @@ ul.links li {
/* @end FF hacks */
.tabs ul.primary li a {
background: #fff url(tabs-off-rtl.png) right top no-repeat;
border-style: none none none solid;
background: #fff url(tabs-off-rtl.png) right top no-repeat;
border-style: none none none solid;
margin-left: 10px;
margin-right: 0;
}
.tabs ul.primary li.active a {
background: #369 url(tabs-on-rtl.png) right top no-repeat;
background: #369 url(tabs-on-rtl.png) right top no-repeat;
border-right: none;
border-left: 2px solid #369;
}
......@@ -89,7 +89,7 @@ ul.links li {
}
.tabs ul.secondary li a.active {
background: #fff url(tabs-option-on.png) right center no-repeat;
background: #fff url(tabs-option-on.png) right center no-repeat;
}
.tabs ul.secondary li a:hover {
......@@ -97,11 +97,11 @@ ul.links li {
}
#menu {
text-align: left;
text-align: left;
}
.node .content {
text-align: right;
text-align: right;
}
.comment .content {
......@@ -110,7 +110,7 @@ ul.links li {
.block .title h3 {
padding: 10px 30px 10px 5px;
background: transparent url(icon-block-rtl.png) right center no-repeat;
background: transparent url(icon-block-rtl.png) right center no-repeat;
}
.node .picture {
......@@ -128,7 +128,7 @@ ul.links li {
}
.comment .picture {
float: left;
float: left;
}
.nav .links .next a:link {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment