- Patch #887102 by Heine: trigger and action escaping issues. Critical bug fix.

ee691c59 · Dries · c72614b0 · ee691c59 · ee691c59 · ee691c59
Commit ee691c59 authored Aug 22, 2010 by Dries
4 changed files
--- a/includes/actions.inc
+++ b/includes/actions.inc
@@ -292,7 +292,7 @@ function actions_synchronize($delete_orphans = FALSE) {
            'label' => $array['label'],
            ))
          ->execute();
-        watchdog('actions', "Action '%action' added.", array('%action' => filter_xss_admin($array['label'])));
+        watchdog('actions', "Action '%action' added.", array('%action' => $array['label']));
      }
    }
  }
@@ -305,7 +305,7 @@ function actions_synchronize($delete_orphans = FALSE) {
      $actions = db_query('SELECT aid, label FROM {actions} WHERE callback IN (:orphaned)', array(':orphaned' => $orphaned))->fetchAll();
      foreach ($actions as $action) {
        actions_delete($action->aid);
-        watchdog('actions', "Removed orphaned action '%action' from database.", array('%action' => filter_xss_admin($action->label)));
+        watchdog('actions', "Removed orphaned action '%action' from database.", array('%action' => $action->label));
      }
    }
    else {

--- a/modules/system/system.admin.inc
+++ b/modules/system/system.admin.inc
@@ -3174,9 +3174,8 @@ function system_actions_delete_form_submit($form, &$form_state) {
  $aid = $form_state['values']['aid'];
  $action = actions_load($aid);
  actions_delete($aid);
-  $label = check_plain($action->label);
-  watchdog('user', 'Deleted action %aid (%action)', array('%aid' => $aid, '%action' => $label));
-  drupal_set_message(t('Action %action was deleted', array('%action' => $label)));
+  watchdog('user', 'Deleted action %aid (%action)', array('%aid' => $aid, '%action' => $action->label));
+  drupal_set_message(t('Action %action was deleted', array('%action' => $action->label)));
  $form_state['redirect'] = 'admin/config/system/actions/manage';
 }


--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -3062,7 +3062,7 @@ function system_message_action(&$entity, $context = array()) {
    $context['node'] = $entity;
  }

-  $context['message'] = token_replace($context['message'], $context);
+  $context['message'] = token_replace(filter_xss_admin($context['message']), $context);
  drupal_set_message($context['message']);
 }


--- a/modules/trigger/trigger.admin.inc
+++ b/modules/trigger/trigger.admin.inc
@@ -90,7 +90,7 @@ function trigger_unassign_submit($form, &$form_state) {
      ->condition('aid', $aid)
      ->execute();
    $actions = actions_get_all_actions();
-    watchdog('actions', 'Action %action has been unassigned.',  array('%action' => check_plain($actions[$aid]['label'])));
+    watchdog('actions', 'Action %action has been unassigned.',  array('%action' => $actions[$aid]['label']));
    drupal_set_message(t('Action %action has been unassigned.', array('%action' => $actions[$aid]['label'])));
    $form_state['redirect'] = 'admin/structure/trigger/' . $form_state['values']['module'];
  }
@@ -291,7 +291,7 @@ function theme_trigger_display($variables) {
    $rows = array();
    foreach ($element['assigned']['#value'] as $aid => $info) {
      $rows[] = array(
-        $info['label'],
+        check_plain($info['label']),
        $info['link']
      );
    }