Commit ee691c59 authored by Dries's avatar Dries

- Patch #887102 by Heine: trigger and action escaping issues. Critical bug fix.

parent c72614b0
......@@ -292,7 +292,7 @@ function actions_synchronize($delete_orphans = FALSE) {
'label' => $array['label'],
))
->execute();
watchdog('actions', "Action '%action' added.", array('%action' => filter_xss_admin($array['label'])));
watchdog('actions', "Action '%action' added.", array('%action' => $array['label']));
}
}
}
......@@ -305,7 +305,7 @@ function actions_synchronize($delete_orphans = FALSE) {
$actions = db_query('SELECT aid, label FROM {actions} WHERE callback IN (:orphaned)', array(':orphaned' => $orphaned))->fetchAll();
foreach ($actions as $action) {
actions_delete($action->aid);
watchdog('actions', "Removed orphaned action '%action' from database.", array('%action' => filter_xss_admin($action->label)));
watchdog('actions', "Removed orphaned action '%action' from database.", array('%action' => $action->label));
}
}
else {
......
......@@ -3174,9 +3174,8 @@ function system_actions_delete_form_submit($form, &$form_state) {
$aid = $form_state['values']['aid'];
$action = actions_load($aid);
actions_delete($aid);
$label = check_plain($action->label);
watchdog('user', 'Deleted action %aid (%action)', array('%aid' => $aid, '%action' => $label));
drupal_set_message(t('Action %action was deleted', array('%action' => $label)));
watchdog('user', 'Deleted action %aid (%action)', array('%aid' => $aid, '%action' => $action->label));
drupal_set_message(t('Action %action was deleted', array('%action' => $action->label)));
$form_state['redirect'] = 'admin/config/system/actions/manage';
}
......
......@@ -3062,7 +3062,7 @@ function system_message_action(&$entity, $context = array()) {
$context['node'] = $entity;
}
$context['message'] = token_replace($context['message'], $context);
$context['message'] = token_replace(filter_xss_admin($context['message']), $context);
drupal_set_message($context['message']);
}
......
......@@ -90,7 +90,7 @@ function trigger_unassign_submit($form, &$form_state) {
->condition('aid', $aid)
->execute();
$actions = actions_get_all_actions();
watchdog('actions', 'Action %action has been unassigned.', array('%action' => check_plain($actions[$aid]['label'])));
watchdog('actions', 'Action %action has been unassigned.', array('%action' => $actions[$aid]['label']));
drupal_set_message(t('Action %action has been unassigned.', array('%action' => $actions[$aid]['label'])));
$form_state['redirect'] = 'admin/structure/trigger/' . $form_state['values']['module'];
}
......@@ -291,7 +291,7 @@ function theme_trigger_display($variables) {
$rows = array();
foreach ($element['assigned']['#value'] as $aid => $info) {
$rows[] = array(
$info['label'],
check_plain($info['label']),
$info['link']
);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment