Commit 9176d082 authored by merlinofchaos's avatar merlinofchaos

#119463: Double check_plain on breadcrumbs for Views' titles.

parent 3b218b09
......@@ -124,6 +124,7 @@ Views 4.7.x-dev
o #113332: NULL entries for vocabulary summaries with nodes without terms.
o #119082: Fixed a problem with view titles on the admin page.
o #119921: Recent comments block had incorrect filter, causing nodes with just 1 comment not to show up.
o #119463: Double check_plain on breadcrumbs for Views' titles.
New features:
o #105620: (Attempt 2) allow modules to alter views tables + arguments
......
......@@ -483,7 +483,7 @@ function _views_create_menu_item(&$items, $view, $path, $local_task_type = MENU_
global $user;
$roles = array_keys($user->roles);
}
$title = views_get_title($view, 'menu');
$title = filter_xss_admin(views_get_title($view, 'menu'));
$type = _views_menu_type($view);
if ($type == MENU_LOCAL_TASK || $type == MENU_DEFAULT_LOCAL_TASK) {
$weight = $view->menu_tab_weight;
......@@ -1579,7 +1579,7 @@ function views_set_breadcrumb($view) {
$where = 1;
foreach ($view->args as $level => $arg) {
if ($view->argument[$level]['argdefault'] != 1) {
$breadcrumb[] = l(views_get_title($view, 'page', $args), $url);
$breadcrumb[] = l(filter_xss_admin(views_get_title($view, 'page', $args)), $url, NULL, NULL, NULL, NULL, TRUE);
// For next round.
}
$args[] = $arg;
......@@ -1620,7 +1620,7 @@ function theme_views_view($view, $type, $nodes, $level = NULL, $args = NULL) {
$num_nodes = count($nodes);
if ($type == 'page') {
drupal_set_title(views_get_title($view, 'page'));
drupal_set_title(filter_xss_admin(views_get_title($view, 'page')));
views_set_breadcrumb($view);
}
......
......@@ -105,7 +105,7 @@ function views_rss_views_feed_argument($op, &$view, $arg, $argdata = NULL) {
else if ($op == 'post_view') {
$args = views_post_view_make_args($view, $arg, 'feed');
$url = views_get_url($view, $args);
$title = views_get_title($view, 'page', $args);
$title = filter_xss_admin(views_get_title($view, 'page', $args));
if ($view->used_filters) {
$filters = drupal_query_string_encode($view->used_filters);
......@@ -131,7 +131,7 @@ function theme_views_rss_feed($view, $nodes, $type) {
global $base_url;
$channel = array(
'title' => views_get_title($view, 'page'),
'title' => filter_xss_admin(views_get_title($view, 'page')),
'link' => url($view->feed_url ? $view->feed_url : $view->real_url, NULL, NULL, true),
'description' => $view->description,
);
......
......@@ -209,7 +209,7 @@ function views_ui_admin_page() {
$items[] = array(
$view->name,
views_get_title($view, 'admin'),
filter_xss_admin(views_get_title($view, 'admin')),
$view->description,
implode(', ', $provides),
$url,
......@@ -281,7 +281,7 @@ function views_ui_admin_page() {
$links[] = l(t('enable'), "admin/views/enable/$view->name");
}
$items[] = array($view->name, views_get_title($view, 'menu'), $view->description, implode(', ', $provides), $url, $status, theme('links', $links));
$items[] = array($view->name, filter_xss_admin(views_get_title($view, 'menu')), $view->description, implode(', ', $provides), $url, $status, theme('links', $links));
}
if ($items) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment