Commit e556e9ac authored by merlinofchaos's avatar merlinofchaos

#83478: Properly encode block titles & block descriptions.

parent 71fcaf90
......@@ -68,6 +68,7 @@ Views 4.7.x-dev
o 88343: $arg in urls (foo/$arg/bar) had locale problems.
o 97497: rss feed did not call module_invoke_all('exit') as it should.
o 89332: Don't default tables to MyISAM type
o 83478: Properly encode block titles & block descriptions.
New features:
o 101324: New op for views_build_view: 'queries'
......@@ -497,7 +497,7 @@ function views_block($op = 'list', $delta = 0) {
// Grab views from the database and provide them as blocks.
$result = db_query("SELECT vid, block_title, page_title, name FROM {view_view} WHERE block = 1");
while ($view = db_fetch_object($result)) {
$block[$view->name]['info'] = views_get_title($view, 'block-info');
$block[$view->name]['info'] = filter_xss_admin(views_get_title($view, 'block-info'));
}
$default_views = _views_get_default_views();
......@@ -506,7 +506,7 @@ function views_block($op = 'list', $delta = 0) {
foreach ($default_views as $name => $view) {
if (!isset($block[$name]) && $view->block &&
($views_status[$name] == 'enabled' || (!$view->disabled && $views_status[$name] != 'disabled'))) {
$block[$name]['info'] = views_get_title($view, 'block');
$block[$name]['info'] = filter_xss_admin(views_get_title($view, 'block'));
}
}
return $block;
......@@ -608,7 +608,7 @@ function views_view_block($vid) {
$content = views_build_view('block', $view, array(), false, $view->nodes_per_block);
if ($content) {
$block['content'] = $content;
$block['subject'] = views_get_title($view, 'block');
$block['subject'] = filter_xss_admin(views_get_title($view, 'block'));
return $block;
}
else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment