Commit 7a47bef5 authored by Dries's avatar Dries

- Patch #162381 by Heine et al: properly escape strings.

parent 673aba15
......@@ -537,7 +537,7 @@ function blogapi_blogger_title(&$contents) {
}
function blogapi_admin_settings() {
$node_types = node_get_types('names');
$node_types = array_map('check_plain', node_get_types('names'));
$defaults = isset($node_types['blog']) ? array('blog' => 1) : array();
$form['blogapi_node_types'] = array(
'#type' => 'checkboxes',
......
......@@ -17,7 +17,7 @@ function filter_schema() {
'type' => 'int',
'not null' => TRUE,
'default' => 0,
'description' => t('Foreign Key: The {filter_formats}.format to which this filter is assigned.'),
'description' => t('Foreign key: The {filter_formats}.format to which this filter is assigned.'),
),
'module' => array(
'type' => 'varchar',
......
......@@ -18,7 +18,6 @@ function node_overview_types() {
foreach ($names as $key => $name) {
$type = $types[$key];
if (node_hook($type, 'form')) {
$name = check_plain($name);
$type_url_str = str_replace('_', '-', $type->type);
$row = array(
l($name, 'admin/content/types/'. $type_url_str),
......
......@@ -385,7 +385,7 @@ function node_admin_nodes() {
while ($node = db_fetch_object($result)) {
$nodes[$node->nid] = '';
$form['title'][$node->nid] = array('#value' => l($node->title, 'node/'. $node->nid) .' '. theme('mark', node_mark($node->nid, $node->changed)));
$form['name'][$node->nid] = array('#value' => node_get_types('name', $node));
$form['name'][$node->nid] = array('#value' => check_plain(node_get_types('name', $node)));
$form['username'][$node->nid] = array('#value' => theme('username', $node));
$form['status'][$node->nid] = array('#value' => ($node->status ? t('published') : t('not published')));
if ($multilanguage) {
......
......@@ -1199,7 +1199,7 @@ function node_search($op = 'search', $keys = NULL) {
$extra = node_invoke_nodeapi($node, 'search result');
$results[] = array('link' => url('node/'. $item->sid, array('absolute' => TRUE)),
'type' => node_get_types('name', $node),
'type' => check_plain(node_get_types('name', $node)),
'title' => $node->title,
'user' => theme('username', $node),
'date' => $node->changed,
......@@ -1699,7 +1699,7 @@ function node_form_alter(&$form, $form_state, $form_id) {
}
// Node types:
$types = node_get_types('names');
$types = array_map('check_plain', node_get_types('names'));
$form['advanced']['type'] = array(
'#type' => 'checkboxes',
'#title' => t('Only of the type(s)'),
......
......@@ -522,7 +522,9 @@ function poll_teaser($node) {
$teaser = NULL;
if (is_array($node->choice)) {
foreach ($node->choice as $k => $choice) {
$teaser .= '* '. $choice['chtext'] .'\n';
if ($choice['chtext'] != '') {
$teaser .= '* '. check_plain($choice['chtext']) ."\n";
}
}
}
return $teaser;
......
......@@ -14,7 +14,7 @@ function profile_admin_overview() {
$result = db_query('SELECT title, name, type, category, fid FROM {profile_fields} ORDER BY category, weight');
$rows = array();
while ($field = db_fetch_object($result)) {
$rows[] = array(check_plain($field->title), $field->name, _profile_field_types($field->type), $field->category, l(t('edit'), "admin/user/profile/edit/$field->fid"), l(t('delete'), "admin/user/profile/delete/$field->fid"));
$rows[] = array(check_plain($field->title), check_plain($field->name), _profile_field_types($field->type), check_plain($field->category), l(t('edit'), "admin/user/profile/edit/$field->fid"), l(t('delete'), "admin/user/profile/delete/$field->fid"));
}
if (count($rows) == 0) {
$rows[] = array(array('data' => t('No fields defined.'), 'colspan' => '6'));
......
......@@ -140,7 +140,7 @@ function profile_block($op = 'list', $delta = 0, $edit = array()) {
$fields = array();
$result = db_query('SELECT name, title, weight, visibility FROM {profile_fields} WHERE visibility IN (%d, %d) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS);
while ($record = db_fetch_object($result)) {
$fields[$record->name] = $record->title;
$fields[$record->name] = check_plain($record->title);
}
$fields['user_profile'] = t('Link to full user profile');
$form['profile_block_author_fields'] = array('#type' => 'checkboxes',
......@@ -342,7 +342,7 @@ function profile_form_profile($edit, $user, $category, $register = FALSE) {
while ($field = db_fetch_object($result)) {
$category = $field->category;
if (!isset($fields[$category])) {
$fields[$category] = array('#type' => 'fieldset', '#title' => $category, '#weight' => $weight++);
$fields[$category] = array('#type' => 'fieldset', '#title' => check_plain($category), '#weight' => $w++);
}
switch ($field->type) {
case 'textfield':
......@@ -482,7 +482,7 @@ function template_preprocess_profile_block(&$variables) {
// Supply filtered version of $fields that have values.
foreach ($variables['fields'] as $field) {
if ($field->value) {
$variables['profile'][$field->name]->title = $field->title;
$variables['profile'][$field->name]->title = check_plain($field->title);
$variables['profile'][$field->name]->value = $field->value;
$variables['profile'][$field->name]->type = $field->type;
}
......
......@@ -20,7 +20,7 @@ function taxonomy_overview_vocabularies() {
$types = array();
foreach ($vocabulary->nodes as $type) {
$node_type = node_get_types('name', $type);
$types[] = $node_type ? $node_type : $type;
$types[] = $node_type ? check_plain($node_type) : check_plain($type);
}
$form[$vocabulary->vid]['#vocabulary'] = (array)$vocabulary;
$form[$vocabulary->vid]['name'] = array('#value' => check_plain($vocabulary->name));
......@@ -144,7 +144,7 @@ function taxonomy_form_vocabulary(&$form_state, $edit = array()) {
$form['content_types']['nodes'] = array('#type' => 'checkboxes',
'#title' => t('Content types'),
'#default_value' => $edit['nodes'],
'#options' => node_get_types('names'),
'#options' => array_map('check_plain', node_get_types('names')),
'#description' => t('Select content types to categorize using this vocabulary.'),
);
$form['settings'] = array(
......
......@@ -50,7 +50,7 @@ function tracker_page($account = NULL, $set_title = FALSE) {
}
$rows[] = array(
node_get_types('name', $node->type),
check_plain(node_get_types('name', $node->type)),
l($node->title, "node/$node->nid") .' '. theme('mark', node_mark($node->nid, $node->changed)),
theme('username', $node),
array('class' => 'replies', 'data' => $comments),
......
......@@ -206,7 +206,7 @@ function template_preprocess_user_profile_item(&$variables) {
* @see user-profile-category.tpl.php
*/
function template_preprocess_user_profile_category(&$variables) {
$variables['title'] = $variables['element']['#title'];
$variables['title'] = check_plain($variables['element']['#title']);
$variables['profile_items'] = $variables['element']['#children'];
$variables['attributes'] = '';
if (isset($variables['element']['#attributes'])) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment