Commit c0739dfb authored by drumm's avatar drumm

Drupal 5.18

parent fcb2880c
// $Id$
Drupal 5.18, 2009-05-13
-----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2009-006.
- Fixed a variety of small bugs.
Drupal 5.17, 2009-04-29
-----------------------
- Fixed security issues (Cross site scripting and limited information
......
......@@ -170,7 +170,7 @@ function theme() {
if ($functions[$function]) {
$output = call_user_func_array($functions[$function], $args);
// Add final markup to the full page.
if ($function == 'page') {
if ($function == 'page' || $function == 'book_export_html') {
$output = drupal_final_markup($output);
}
return $output;
......
......@@ -702,8 +702,9 @@ function theme_book_export_html($title, $content) {
global $base_url;
$html = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
$html .= '<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">';
$html .= "<head>\n<title>". $title ."</title>\n";
$html .= "\n<head>\n";
$html .= '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
$html .= "\n<title>". $title ."</title>\n";
$html .= '<base href="'. $base_url .'/" />' . "\n";
$html .= "<style type=\"text/css\">\n@import url(misc/print.css);\n</style>\n";
$html .= "</head>\n<body>\n". $content ."\n</body>\n</html>\n";
......
......@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
define('VERSION', '5.17');
define('VERSION', '5.18');
/**
* Implementation of hook_help().
......
......@@ -621,7 +621,7 @@ function taxonomy_term_confirm_delete_submit($form_id, $form_values) {
*/
function taxonomy_form($vid, $value = 0, $help = NULL, $name = 'taxonomy') {
$vocabulary = taxonomy_get_vocabulary($vid);
$help = ($help) ? $help : $vocabulary->help;
$help = ($help) ? $help : filter_xss_admin($vocabulary->help);
if (!$vocabulary->multiple) {
$blank = ($vocabulary->required) ? t('- Please choose -') : t('- None selected -');
......@@ -718,7 +718,7 @@ function taxonomy_form_alter($form_id, &$form) {
$typed_string = implode(', ', $typed_terms) . (array_key_exists('tags', $terms) ? $terms['tags'][$vocabulary->vid] : NULL);
if ($vocabulary->help) {
$help = $vocabulary->help;
$help = filter_xss_admin($vocabulary->help);
}
else {
$help = t('A comma-separated list of terms describing this content. Example: funny, bungee jumping, "Company, Inc.".');
......@@ -741,7 +741,7 @@ function taxonomy_form_alter($form_id, &$form) {
$default_terms[$term->tid] = $term;
}
}
$form['taxonomy'][$vocabulary->vid] = taxonomy_form($vocabulary->vid, array_keys($default_terms), $vocabulary->help);
$form['taxonomy'][$vocabulary->vid] = taxonomy_form($vocabulary->vid, array_keys($default_terms), filter_xss_admin($vocabulary->help));
$form['taxonomy'][$vocabulary->vid]['#weight'] = $vocabulary->weight;
$form['taxonomy'][$vocabulary->vid]['#required'] = $vocabulary->required;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment