Commit e174039d authored by Dries's avatar Dries
Browse files

- Patch #669062 by Damien Tournoud and security team: fixed SA-CORE-2009-009: menu description XSS.

parent 13dacbc2
......@@ -2342,7 +2342,7 @@ function theme_admin_block_content($variables) {
$output = '<dl class="admin-list">';
foreach ($content as $item) {
$output .= '<dt>' . l($item['title'], $item['href'], $item['localized_options']) . '</dt>';
$output .= '<dd>' . $item['description'] . '</dd>';
$output .= '<dd>' . filter_xss_admin($item['description']) . '</dd>';
}
$output .= '</dl>';
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment