Commit 16fd8c89 authored by Steven Wittens's avatar Steven Wittens

- sa-2006-002: XSS issues with username log and mission

parent 2fb572d0
......@@ -958,7 +958,7 @@ function theme_username($object) {
$output = l($name, 'user/'. $object->uid, array('title' => t('View user profile.')));
}
else {
$output = $name;
$output = check_plain($name);
}
}
else if ($object->name) {
......@@ -967,10 +967,10 @@ function theme_username($object) {
// aggregator modules). This clause enables modules to display
// the true author of the content.
if ($object->homepage) {
$output = '<a href="'. $object->homepage .'">'. $object->name .'</a>';
$output = l($object->name, $object->homepage);
}
else {
$output = $object->name;
$output = check_plain($object->name);
}
$output .= ' ('. t('not verified') .')';
......
......@@ -143,7 +143,7 @@ function phptemplate_page($content) {
/* Set title and breadcrumb to declared values */
if (drupal_get_path_alias($_GET['q']) == variable_get('site_frontpage', 'node')) {
$mission = theme_get_setting('mission');
$mission = filter_xss(theme_get_setting('mission'));
}
/* Add favicon */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment