Commit c5f76707 authored by Gábor Hojtsy's avatar Gábor Hojtsy

#189409 follow up note by Steven Wittens: administrator entered text should be...

#189409 follow up note by Steven Wittens: administrator entered text should be filtered with filter_xss_admin(), not the less permissive filter_xss()
parent ad6f9ba7
......@@ -23,7 +23,7 @@ function node_overview_types() {
$row = array(
l($name, 'admin/content/types/'. $type_url_str),
check_plain($type->type),
filter_xss($type->description),
filter_xss_admin($type->description),
);
// Set the edit column.
$row[] = array('data' => l(t('edit'), 'admin/content/types/'. $type_url_str));
......
......@@ -11,7 +11,6 @@
* Menu callback; presents the node editing form, or redirects to delete confirmation.
*/
function node_page_edit($node) {
drupal_set_title(t('Edit %title', array('%title' => $node->title)));
return drupal_get_form($node->type .'_node_form', $node);
}
......@@ -29,7 +28,7 @@ function theme_node_add_list($content) {
$output = '<dl class="node-type-list">';
foreach ($content as $item) {
$output .= '<dt>'. l($item['title'], $item['href'], $item['options']) .'</dt>';
$output .= '<dd>'. filter_xss($item['description']) .'</dd>';
$output .= '<dd>'. filter_xss_admin($item['description']) .'</dd>';
}
$output .= '</dl>';
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment