Commit c5cb3059 authored by Steven Wittens's avatar Steven Wittens
Browse files

- Menu titles were not escaped properly

parent c706d11a
......@@ -120,14 +120,14 @@ function menu_block($op = 'list', $delta = 0) {
foreach ($root_menus as $mid => $title) {
// Default "Navigation" block is handled by user.module.
if ($mid != 1) {
$blocks[$mid]['info'] = $title;
$blocks[$mid]['info'] = check_plain($title);
}
}
return $blocks;
}
else if ($op == 'view') {
$item = menu_get_item($delta);
$data['subject'] = $item['title'];
$data['subject'] = check_plain($item['title']);
$data['content'] = theme('menu_tree', $delta);
return $data;
}
......@@ -611,7 +611,7 @@ function menu_overview_tree() {
$operations[] = l(t('add item'), 'admin/menu/item/add/'. $mid);
$table = theme('item_list', $operations);
$table .= theme('table', $header, menu_overview_tree_rows($mid));
$output .= theme('box', $title, $table);
$output .= theme('box', check_plain($title), $table);
}
return $output;
}
......@@ -628,7 +628,7 @@ function menu_overview_tree_rows($pid = 0, $depth = 0) {
$title = '';
if ($pid == 0) {
// Top-level items are menu names, and don't have an associated path.
$title .= $item['title'];
$title .= check_plain($item['title']);
}
else {
$title .= l($item['title'], $item['path']);
......
......@@ -120,14 +120,14 @@ function menu_block($op = 'list', $delta = 0) {
foreach ($root_menus as $mid => $title) {
// Default "Navigation" block is handled by user.module.
if ($mid != 1) {
$blocks[$mid]['info'] = $title;
$blocks[$mid]['info'] = check_plain($title);
}
}
return $blocks;
}
else if ($op == 'view') {
$item = menu_get_item($delta);
$data['subject'] = $item['title'];
$data['subject'] = check_plain($item['title']);
$data['content'] = theme('menu_tree', $delta);
return $data;
}
......@@ -611,7 +611,7 @@ function menu_overview_tree() {
$operations[] = l(t('add item'), 'admin/menu/item/add/'. $mid);
$table = theme('item_list', $operations);
$table .= theme('table', $header, menu_overview_tree_rows($mid));
$output .= theme('box', $title, $table);
$output .= theme('box', check_plain($title), $table);
}
return $output;
}
......@@ -628,7 +628,7 @@ function menu_overview_tree_rows($pid = 0, $depth = 0) {
$title = '';
if ($pid == 0) {
// Top-level items are menu names, and don't have an associated path.
$title .= $item['title'];
$title .= check_plain($item['title']);
}
else {
$title .= l($item['title'], $item['path']);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment