Commit a001325d authored by merlinofchaos's avatar merlinofchaos

more check_plain on arguments to ensure safety.

parent 8fec1ada
...@@ -110,7 +110,7 @@ function views_handler_arg_book_parent($op, & $query, $argtype, $arg = '') { ...@@ -110,7 +110,7 @@ function views_handler_arg_book_parent($op, & $query, $argtype, $arg = '') {
if ($query) if ($query)
{ {
$term = db_fetch_object(db_query("SELECT title FROM {node} WHERE nid = '%d'", $query)); $term = db_fetch_object(db_query("SELECT title FROM {node} WHERE nid = '%d'", $query));
return $term->title; return check_plain($term->title);
} }
} }
} }
......
...@@ -476,7 +476,7 @@ function views_handler_arg_nodeletter($op, &$query, $argtype, $arg = '') { ...@@ -476,7 +476,7 @@ function views_handler_arg_nodeletter($op, &$query, $argtype, $arg = '') {
case 'link': case 'link':
return l(strtoupper($query->letter), "$arg/$query->letter"); return l(strtoupper($query->letter), "$arg/$query->letter");
case 'title': case 'title':
return strtoupper($query); return check_plain(strtoupper($query));
} }
} }
...@@ -500,7 +500,7 @@ function views_handler_arg_year($op, &$query, $argtype, $arg = '') { ...@@ -500,7 +500,7 @@ function views_handler_arg_year($op, &$query, $argtype, $arg = '') {
case 'link': case 'link':
return l($query->year, "$arg/$query->year"); return l($query->year, "$arg/$query->year");
case 'title': case 'title':
return $query; return check_plain($query);
} }
} }
function views_handler_arg_month($op, &$query, $argtype, $arg = '') { function views_handler_arg_month($op, &$query, $argtype, $arg = '') {
...@@ -549,7 +549,7 @@ function views_handler_arg_week($op, &$query, $argtype, $arg = '') { ...@@ -549,7 +549,7 @@ function views_handler_arg_week($op, &$query, $argtype, $arg = '') {
case 'link': case 'link':
return l("Week $query->name", "$arg/$query->name"); return l("Week $query->name", "$arg/$query->name");
case 'title': case 'title':
return $query; return check_plain($query);
} }
} }
function views_handler_arg_monthyear($op, &$query, $argtype, $arg = '') { function views_handler_arg_monthyear($op, &$query, $argtype, $arg = '') {
...@@ -614,7 +614,7 @@ function views_handler_arg_nid($op, &$query, $argtype, $arg = '') { ...@@ -614,7 +614,7 @@ function views_handler_arg_nid($op, &$query, $argtype, $arg = '') {
return l($query->title, "$arg/$query->nid"); return l($query->title, "$arg/$query->nid");
case 'title': case 'title':
$node = db_fetch_object(db_query("SELECT title FROM {node} WHERE nid=%d", $query)); $node = db_fetch_object(db_query("SELECT title FROM {node} WHERE nid=%d", $query));
return $node->title; return check_plain($node->title);
} }
} }
...@@ -714,7 +714,7 @@ function views_handler_arg_node_feed($op, &$query, $argtype, $arg = '') { ...@@ -714,7 +714,7 @@ function views_handler_arg_node_feed($op, &$query, $argtype, $arg = '') {
case 'title': case 'title':
break; break;
case 'filter': case 'filter':
// Can't use node_invoke_all because we're using a reference to // Can't use node_invoke_all because we're using a reference to
// $view. // $view.
foreach (module_implements('views_feed_argument') as $name) { foreach (module_implements('views_feed_argument') as $name) {
$function = $name .'_views_feed_argument'; $function = $name .'_views_feed_argument';
......
...@@ -340,8 +340,7 @@ function views_handler_arg_vocid($op, &$query, $argtype, $arg = '') { ...@@ -340,8 +340,7 @@ function views_handler_arg_vocid($op, &$query, $argtype, $arg = '') {
case 'title': case 'title':
$result = db_query("SELECT name FROM {vocabulary} WHERE vid = %d", $query); $result = db_query("SELECT name FROM {vocabulary} WHERE vid = %d", $query);
$voc = db_fetch_object($result); $voc = db_fetch_object($result);
$title = check_plain($voc->name); return check_plain($voc->name);
return $title;
} }
} }
......
...@@ -225,7 +225,7 @@ function views_handler_arg_uid($op, &$query, $argtype, $arg = '') { ...@@ -225,7 +225,7 @@ function views_handler_arg_uid($op, &$query, $argtype, $arg = '') {
return variable_get('anonymous', 'Anonymous'); return variable_get('anonymous', 'Anonymous');
} }
$user = db_fetch_object(db_query("SELECT name FROM {users} WHERE uid = '%d'", $query)); $user = db_fetch_object(db_query("SELECT name FROM {users} WHERE uid = '%d'", $query));
return $user->name; return check_plain($user->name);
} }
} }
...@@ -260,7 +260,7 @@ function views_handler_arg_uid_touch($op, &$query, $argtype, $arg = '') { ...@@ -260,7 +260,7 @@ function views_handler_arg_uid_touch($op, &$query, $argtype, $arg = '') {
return variable_get('anonymous', 'Anonymous'); return variable_get('anonymous', 'Anonymous');
} }
$user = db_fetch_object(db_query("SELECT name FROM {users} WHERE uid = '%d'", $query)); $user = db_fetch_object(db_query("SELECT name FROM {users} WHERE uid = '%d'", $query));
return $user->name; return check_plain($user->name);
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment