Commit c5cb3059 authored by Steven Wittens's avatar Steven Wittens
Browse files

- Menu titles were not escaped properly

parent c706d11a
...@@ -120,14 +120,14 @@ function menu_block($op = 'list', $delta = 0) { ...@@ -120,14 +120,14 @@ function menu_block($op = 'list', $delta = 0) {
foreach ($root_menus as $mid => $title) { foreach ($root_menus as $mid => $title) {
// Default "Navigation" block is handled by user.module. // Default "Navigation" block is handled by user.module.
if ($mid != 1) { if ($mid != 1) {
$blocks[$mid]['info'] = $title; $blocks[$mid]['info'] = check_plain($title);
} }
} }
return $blocks; return $blocks;
} }
else if ($op == 'view') { else if ($op == 'view') {
$item = menu_get_item($delta); $item = menu_get_item($delta);
$data['subject'] = $item['title']; $data['subject'] = check_plain($item['title']);
$data['content'] = theme('menu_tree', $delta); $data['content'] = theme('menu_tree', $delta);
return $data; return $data;
} }
...@@ -611,7 +611,7 @@ function menu_overview_tree() { ...@@ -611,7 +611,7 @@ function menu_overview_tree() {
$operations[] = l(t('add item'), 'admin/menu/item/add/'. $mid); $operations[] = l(t('add item'), 'admin/menu/item/add/'. $mid);
$table = theme('item_list', $operations); $table = theme('item_list', $operations);
$table .= theme('table', $header, menu_overview_tree_rows($mid)); $table .= theme('table', $header, menu_overview_tree_rows($mid));
$output .= theme('box', $title, $table); $output .= theme('box', check_plain($title), $table);
} }
return $output; return $output;
} }
...@@ -628,7 +628,7 @@ function menu_overview_tree_rows($pid = 0, $depth = 0) { ...@@ -628,7 +628,7 @@ function menu_overview_tree_rows($pid = 0, $depth = 0) {
$title = ''; $title = '';
if ($pid == 0) { if ($pid == 0) {
// Top-level items are menu names, and don't have an associated path. // Top-level items are menu names, and don't have an associated path.
$title .= $item['title']; $title .= check_plain($item['title']);
} }
else { else {
$title .= l($item['title'], $item['path']); $title .= l($item['title'], $item['path']);
......
...@@ -120,14 +120,14 @@ function menu_block($op = 'list', $delta = 0) { ...@@ -120,14 +120,14 @@ function menu_block($op = 'list', $delta = 0) {
foreach ($root_menus as $mid => $title) { foreach ($root_menus as $mid => $title) {
// Default "Navigation" block is handled by user.module. // Default "Navigation" block is handled by user.module.
if ($mid != 1) { if ($mid != 1) {
$blocks[$mid]['info'] = $title; $blocks[$mid]['info'] = check_plain($title);
} }
} }
return $blocks; return $blocks;
} }
else if ($op == 'view') { else if ($op == 'view') {
$item = menu_get_item($delta); $item = menu_get_item($delta);
$data['subject'] = $item['title']; $data['subject'] = check_plain($item['title']);
$data['content'] = theme('menu_tree', $delta); $data['content'] = theme('menu_tree', $delta);
return $data; return $data;
} }
...@@ -611,7 +611,7 @@ function menu_overview_tree() { ...@@ -611,7 +611,7 @@ function menu_overview_tree() {
$operations[] = l(t('add item'), 'admin/menu/item/add/'. $mid); $operations[] = l(t('add item'), 'admin/menu/item/add/'. $mid);
$table = theme('item_list', $operations); $table = theme('item_list', $operations);
$table .= theme('table', $header, menu_overview_tree_rows($mid)); $table .= theme('table', $header, menu_overview_tree_rows($mid));
$output .= theme('box', $title, $table); $output .= theme('box', check_plain($title), $table);
} }
return $output; return $output;
} }
...@@ -628,7 +628,7 @@ function menu_overview_tree_rows($pid = 0, $depth = 0) { ...@@ -628,7 +628,7 @@ function menu_overview_tree_rows($pid = 0, $depth = 0) {
$title = ''; $title = '';
if ($pid == 0) { if ($pid == 0) {
// Top-level items are menu names, and don't have an associated path. // Top-level items are menu names, and don't have an associated path.
$title .= $item['title']; $title .= check_plain($item['title']);
} }
else { else {
$title .= l($item['title'], $item['path']); $title .= l($item['title'], $item['path']);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment