From 7a47bef51436381e4c41a9d291f0eb9b88e63474 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Wed, 28 Nov 2007 10:29:21 +0000
Subject: [PATCH] - Patch #162381 by Heine et al: properly escape strings.
---
modules/blogapi/blogapi.module | 2 +-
modules/filter/filter.install | 2 +-
modules/node/content_types.inc | 1 -
modules/node/node.admin.inc | 2 +-
modules/node/node.module | 12 ++++-----
modules/node/node.pages.inc | 40 ++++++++++++++---------------
modules/poll/poll.module | 4 ++-
modules/profile/profile.admin.inc | 2 +-
modules/profile/profile.module | 6 ++---
modules/system/system-rtl.css | 4 +--
modules/taxonomy/taxonomy.admin.inc | 40 ++++++++++++++---------------
modules/taxonomy/taxonomy.module | 4 +--
modules/tracker/tracker.pages.inc | 2 +-
modules/user/user.pages.inc | 2 +-
themes/pushbutton/style-rtl.css | 22 ++++++++--------
15 files changed, 73 insertions(+), 72 deletions(-)
diff --git a/modules/blogapi/blogapi.module b/modules/blogapi/blogapi.module
index a246cf04bfdb..22e15dda408e 100644
--- a/modules/blogapi/blogapi.module
+++ b/modules/blogapi/blogapi.module
@@ -537,7 +537,7 @@ function blogapi_blogger_title(&$contents) {
}
function blogapi_admin_settings() {
- $node_types = node_get_types('names');
+ $node_types = array_map('check_plain', node_get_types('names'));
$defaults = isset($node_types['blog']) ? array('blog' => 1) : array();
$form['blogapi_node_types'] = array(
'#type' => 'checkboxes',
diff --git a/modules/filter/filter.install b/modules/filter/filter.install
index 4d7202551fb6..3a446f76b5ac 100644
--- a/modules/filter/filter.install
+++ b/modules/filter/filter.install
@@ -17,7 +17,7 @@ function filter_schema() {
'type' => 'int',
'not null' => TRUE,
'default' => 0,
- 'description' => t('Foreign Key: The {filter_formats}.format to which this filter is assigned.'),
+ 'description' => t('Foreign key: The {filter_formats}.format to which this filter is assigned.'),
),
'module' => array(
'type' => 'varchar',
diff --git a/modules/node/content_types.inc b/modules/node/content_types.inc
index e7cd96097be7..e813a3b5e8b2 100644
--- a/modules/node/content_types.inc
+++ b/modules/node/content_types.inc
@@ -18,7 +18,6 @@ function node_overview_types() {
foreach ($names as $key => $name) {
$type = $types[$key];
if (node_hook($type, 'form')) {
- $name = check_plain($name);
$type_url_str = str_replace('_', '-', $type->type);
$row = array(
l($name, 'admin/content/types/'. $type_url_str),
diff --git a/modules/node/node.admin.inc b/modules/node/node.admin.inc
index 138881a34ecb..f4b7e85aa116 100644
--- a/modules/node/node.admin.inc
+++ b/modules/node/node.admin.inc
@@ -385,7 +385,7 @@ function node_admin_nodes() {
while ($node = db_fetch_object($result)) {
$nodes[$node->nid] = '';
$form['title'][$node->nid] = array('#value' => l($node->title, 'node/'. $node->nid) .' '. theme('mark', node_mark($node->nid, $node->changed)));
- $form['name'][$node->nid] = array('#value' => node_get_types('name', $node));
+ $form['name'][$node->nid] = array('#value' => check_plain(node_get_types('name', $node)));
$form['username'][$node->nid] = array('#value' => theme('username', $node));
$form['status'][$node->nid] = array('#value' => ($node->status ? t('published') : t('not published')));
if ($multilanguage) {
diff --git a/modules/node/node.module b/modules/node/node.module
index 4433a1084b0a..0a3696753989 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -1078,7 +1078,7 @@ function node_search($op = 'search', $keys = NULL) {
$form = array();
// Output form for defining rank factor weights.
$form['content_ranking'] = array(
- '#type' => 'fieldset',
+ '#type' => 'fieldset',
'#title' => t('Content ranking'),
);
$form['content_ranking']['#theme'] = 'node_search_admin';
@@ -1099,9 +1099,9 @@ function node_search($op = 'search', $keys = NULL) {
$options = drupal_map_assoc(range(0, 10));
foreach ($ranking as $var => $title) {
$form['content_ranking']['factors'][$var] = array(
- '#title' => $title,
- '#type' => 'select',
- '#options' => $options,
+ '#title' => $title,
+ '#type' => 'select',
+ '#options' => $options,
'#default_value' => variable_get($var, 5),
);
}
@@ -1199,7 +1199,7 @@ function node_search($op = 'search', $keys = NULL) {
$extra = node_invoke_nodeapi($node, 'search result');
$results[] = array('link' => url('node/'. $item->sid, array('absolute' => TRUE)),
- 'type' => node_get_types('name', $node),
+ 'type' => check_plain(node_get_types('name', $node)),
'title' => $node->title,
'user' => theme('username', $node),
'date' => $node->changed,
@@ -1699,7 +1699,7 @@ function node_form_alter(&$form, $form_state, $form_id) {
}
// Node types:
- $types = node_get_types('names');
+ $types = array_map('check_plain', node_get_types('names'));
$form['advanced']['type'] = array(
'#type' => 'checkboxes',
'#title' => t('Only of the type(s)'),
diff --git a/modules/node/node.pages.inc b/modules/node/node.pages.inc
index 7fee7e4812b5..8b994a4f7550 100644
--- a/modules/node/node.pages.inc
+++ b/modules/node/node.pages.inc
@@ -116,14 +116,14 @@ function node_form(&$form_state, $node) {
*/
foreach (array('nid', 'vid', 'uid', 'created', 'type', 'language') as $key) {
$form[$key] = array(
- '#type' => 'value',
+ '#type' => 'value',
'#value' => isset($node->$key) ? $node->$key : NULL,
);
}
// Changed must be sent to the client, for later overwrite error checking.
$form['changed'] = array(
- '#type' => 'hidden',
+ '#type' => 'hidden',
'#default_value' => isset($node->changed) ? $node->changed : NULL,
);
// Get the node-specific bits.
@@ -171,18 +171,18 @@ function node_form(&$form_state, $node) {
'#weight' => 20,
);
$form['author']['name'] = array(
- '#type' => 'textfield',
- '#title' => t('Authored by'),
- '#maxlength' => 60,
- '#autocomplete_path' => 'user/autocomplete',
- '#default_value' => $node->name ? $node->name : '',
- '#weight' => -1,
+ '#type' => 'textfield',
+ '#title' => t('Authored by'),
+ '#maxlength' => 60,
+ '#autocomplete_path' => 'user/autocomplete',
+ '#default_value' => $node->name ? $node->name : '',
+ '#weight' => -1,
'#description' => t('Leave blank for %anonymous.', array('%anonymous' => variable_get('anonymous', t('Anonymous')))),
);
$form['author']['date'] = array(
- '#type' => 'textfield',
- '#title' => t('Authored on'),
- '#maxlength' => 25,
+ '#type' => 'textfield',
+ '#title' => t('Authored on'),
+ '#maxlength' => 25,
'#description' => t('Format: %time. Leave blank to use the time of form submission.', array('%time' => !empty($node->date) ? $node->date : format_date($node->created, 'custom', 'Y-m-d H:i:s O'))),
);
@@ -200,25 +200,25 @@ function node_form(&$form_state, $node) {
'#weight' => 25,
);
$form['options']['status'] = array(
- '#type' => 'checkbox',
- '#title' => t('Published'),
+ '#type' => 'checkbox',
+ '#title' => t('Published'),
'#default_value' => $node->status,
);
$form['options']['promote'] = array(
- '#type' => 'checkbox',
- '#title' => t('Promoted to front page'),
+ '#type' => 'checkbox',
+ '#title' => t('Promoted to front page'),
'#default_value' => $node->promote,
);
$form['options']['sticky'] = array(
- '#type' => 'checkbox',
- '#title' => t('Sticky at top of lists'),
+ '#type' => 'checkbox',
+ '#title' => t('Sticky at top of lists'),
'#default_value' => $node->sticky,
);
// These values are used when the user has no administrator access.
foreach (array('uid', 'created') as $key) {
$form[$key] = array(
- '#type' => 'value',
+ '#type' => 'value',
'#value' => $node->$key,
);
}
@@ -465,7 +465,7 @@ function node_form_submit_build_node($form, &$form_state) {
*/
function node_delete_confirm(&$form_state, $node) {
$form['nid'] = array(
- '#type' => 'value',
+ '#type' => 'value',
'#value' => $node->nid,
);
@@ -473,7 +473,7 @@ function node_delete_confirm(&$form_state, $node) {
t('Are you sure you want to delete %title?', array('%title' => $node->title)),
isset($_GET['destination']) ? $_GET['destination'] : 'node/'. $node->nid,
t('This action cannot be undone.'),
- t('Delete'),
+ t('Delete'),
t('Cancel')
);
}
diff --git a/modules/poll/poll.module b/modules/poll/poll.module
index 311d732a1def..dca6d09a92d8 100644
--- a/modules/poll/poll.module
+++ b/modules/poll/poll.module
@@ -522,7 +522,9 @@ function poll_teaser($node) {
$teaser = NULL;
if (is_array($node->choice)) {
foreach ($node->choice as $k => $choice) {
- $teaser .= '* '. $choice['chtext'] .'\n';
+ if ($choice['chtext'] != '') {
+ $teaser .= '* '. check_plain($choice['chtext']) ."\n";
+ }
}
}
return $teaser;
diff --git a/modules/profile/profile.admin.inc b/modules/profile/profile.admin.inc
index d19b6e01c9dc..ab309c147423 100644
--- a/modules/profile/profile.admin.inc
+++ b/modules/profile/profile.admin.inc
@@ -14,7 +14,7 @@ function profile_admin_overview() {
$result = db_query('SELECT title, name, type, category, fid FROM {profile_fields} ORDER BY category, weight');
$rows = array();
while ($field = db_fetch_object($result)) {
- $rows[] = array(check_plain($field->title), $field->name, _profile_field_types($field->type), $field->category, l(t('edit'), "admin/user/profile/edit/$field->fid"), l(t('delete'), "admin/user/profile/delete/$field->fid"));
+ $rows[] = array(check_plain($field->title), check_plain($field->name), _profile_field_types($field->type), check_plain($field->category), l(t('edit'), "admin/user/profile/edit/$field->fid"), l(t('delete'), "admin/user/profile/delete/$field->fid"));
}
if (count($rows) == 0) {
$rows[] = array(array('data' => t('No fields defined.'), 'colspan' => '6'));
diff --git a/modules/profile/profile.module b/modules/profile/profile.module
index 33ba23ea69e8..746b379b5dc2 100644
--- a/modules/profile/profile.module
+++ b/modules/profile/profile.module
@@ -140,7 +140,7 @@ function profile_block($op = 'list', $delta = 0, $edit = array()) {
$fields = array();
$result = db_query('SELECT name, title, weight, visibility FROM {profile_fields} WHERE visibility IN (%d, %d) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS);
while ($record = db_fetch_object($result)) {
- $fields[$record->name] = $record->title;
+ $fields[$record->name] = check_plain($record->title);
}
$fields['user_profile'] = t('Link to full user profile');
$form['profile_block_author_fields'] = array('#type' => 'checkboxes',
@@ -342,7 +342,7 @@ function profile_form_profile($edit, $user, $category, $register = FALSE) {
while ($field = db_fetch_object($result)) {
$category = $field->category;
if (!isset($fields[$category])) {
- $fields[$category] = array('#type' => 'fieldset', '#title' => $category, '#weight' => $weight++);
+ $fields[$category] = array('#type' => 'fieldset', '#title' => check_plain($category), '#weight' => $w++);
}
switch ($field->type) {
case 'textfield':
@@ -482,7 +482,7 @@ function template_preprocess_profile_block(&$variables) {
// Supply filtered version of $fields that have values.
foreach ($variables['fields'] as $field) {
if ($field->value) {
- $variables['profile'][$field->name]->title = $field->title;
+ $variables['profile'][$field->name]->title = check_plain($field->title);
$variables['profile'][$field->name]->value = $field->value;
$variables['profile'][$field->name]->type = $field->type;
}
diff --git a/modules/system/system-rtl.css b/modules/system/system-rtl.css
index 190bebf0b36a..a9abc4988365 100644
--- a/modules/system/system-rtl.css
+++ b/modules/system/system-rtl.css
@@ -1,8 +1,8 @@
/* $Id$ */
thead th {
- text-align: right;
- padding-left: 1em;
+ text-align: right;
+ padding-left: 1em;
padding-right: 0.5em;
}
diff --git a/modules/taxonomy/taxonomy.admin.inc b/modules/taxonomy/taxonomy.admin.inc
index 11a3fad09a66..f893147faf7a 100644
--- a/modules/taxonomy/taxonomy.admin.inc
+++ b/modules/taxonomy/taxonomy.admin.inc
@@ -8,7 +8,7 @@
/**
* Form builder to list and manage vocabularies.
- *
+ *
* @ingroup forms
* @see taxonomy_overview_vocabularies_submit().
* @see theme_taxonomy_overview_vocabularies().
@@ -20,7 +20,7 @@ function taxonomy_overview_vocabularies() {
$types = array();
foreach ($vocabulary->nodes as $type) {
$node_type = node_get_types('name', $type);
- $types[] = $node_type ? $node_type : $type;
+ $types[] = $node_type ? check_plain($node_type) : check_plain($type);
}
$form[$vocabulary->vid]['#vocabulary'] = (array)$vocabulary;
$form[$vocabulary->vid]['name'] = array('#value' => check_plain($vocabulary->name));
@@ -44,7 +44,7 @@ function taxonomy_overview_vocabularies() {
/**
* Submit handler for vocabularies overview. Updates changed vocabulary weights.
- *
+ *
* @see taxonomy_overview_vocabularies().
*/
function taxonomy_overview_vocabularies_submit($form, &$form_state) {
@@ -58,7 +58,7 @@ function taxonomy_overview_vocabularies_submit($form, &$form_state) {
/**
* Theme the vocabulary overview as a sortable list of vocabularies.
- *
+ *
* @ingroup themeable
* @see taxonomy_overview_vocabularies().
*/
@@ -91,7 +91,7 @@ function theme_taxonomy_overview_vocabularies($form) {
drupal_add_tabledrag('taxonomy', 'order', 'sibling', 'vocabulary-weight');
}
$header[] = array('data' => t('Operations'), 'colspan' => '3');
- return theme('table', $header, $rows, array('id' => 'taxonomy')) . drupal_render($form);
+ return theme('table', $header, $rows, array('id' => 'taxonomy')) . drupal_render($form);
}
/**
@@ -144,7 +144,7 @@ function taxonomy_form_vocabulary(&$form_state, $edit = array()) {
$form['content_types']['nodes'] = array('#type' => 'checkboxes',
'#title' => t('Content types'),
'#default_value' => $edit['nodes'],
- '#options' => node_get_types('names'),
+ '#options' => array_map('check_plain', node_get_types('names')),
'#description' => t('Select content types to categorize using this vocabulary.'),
);
$form['settings'] = array(
@@ -235,10 +235,10 @@ function taxonomy_admin_term_edit($tid) {
/**
* Form builder for the taxonomy terms overview.
- *
+ *
* Display a tree of all the terms in a vocabulary, with options to edit
* each one. The form is made drag and drop by the theme function.
- *
+ *
* @ingroup forms
* @see taxonomy_overview_terms_submit().
* @see theme_taxonomy_overview_terms().
@@ -428,17 +428,17 @@ function taxonomy_overview_terms(&$form_state, $vocabulary) {
/**
* Submit handler for terms overview form.
- *
+ *
* Rather than using a textfield or weight field, this form depends entirely
* upon the order of form elements on the page to determine new weights.
- *
+ *
* Because there might be hundreds or thousands of taxonomy terms that need to
* be ordered, terms are weighted from 0 to the number of terms in the
* vocabulary, rather than the standard -10 to 10 scale. Numbers are sorted
* lowest to highest, but are not necessarily sequential. Numbers may be skipped
* when a term has children so that reordering is minimal when a child is
* added or removed from a term.
- *
+ *
* @see taxonomy_overview_terms().
*/
function taxonomy_overview_terms_submit($form, &$form_state) {
@@ -533,7 +533,7 @@ function taxonomy_overview_terms_submit($form, &$form_state) {
/**
* Theme the terms overview as a sortable list of terms.
- *
+ *
* @ingroup themeable
* @see taxonomy_overview_terms().
*/
@@ -732,7 +732,7 @@ function taxonomy_form_term(&$form_state, $vocabulary, $edit = array()) {
/**
* Validation handler for the term edit form. Ensure numeric weight values.
- *
+ *
* @see taxonomy_form_term().
*/
function taxonomy_form_term_validate($form, &$form_state) {
@@ -743,7 +743,7 @@ function taxonomy_form_term_validate($form, &$form_state) {
/**
* Submit handler to insert or update a term.
- *
+ *
* @see taxonomy_form_term().
*/
function taxonomy_form_term_submit($form, &$form_state) {
@@ -783,7 +783,7 @@ function taxonomy_form_term_submit($form, &$form_state) {
$current_parent_count = 0;
$form_state['values']['parent'] = array();
}
-
+
// If the number of parents has been reduced to one or none, do a check on the
// parents of every term in the vocabulary value.
if ($current_parent_count < $previous_parent_count && $current_parent_count < 2) {
@@ -804,7 +804,7 @@ function taxonomy_form_term_submit($form, &$form_state) {
/**
* Form builder for the confirmation of multiple term parents.
- *
+ *
* @ingroup forms
* @see taxonomy_form_term().
*/
@@ -846,7 +846,7 @@ function taxonomy_term_confirm_delete(&$form_state, $tid) {
/**
* Submit handler to delete a term after confirmation.
- *
+ *
* @see taxonomy_term_confirm_delete().
*/
function taxonomy_term_confirm_delete_submit($form, &$form_state) {
@@ -881,7 +881,7 @@ function taxonomy_vocabulary_confirm_delete(&$form_state, $vid) {
/**
* Submit handler to delete a vocabulary after confirmation.
- *
+ *
* @see taxonomy_vocabulary_confirm_delete().
*/
function taxonomy_vocabulary_confirm_delete_submit($form, &$form_state) {
@@ -894,7 +894,7 @@ function taxonomy_vocabulary_confirm_delete_submit($form, &$form_state) {
/**
* Form builder to confirm reseting a vocabulary to alphabetical order.
- *
+ *
* @ingroup forms
* @see taxonomy_vocabulary_confirm_reset_alphabetical_submit().
*/
@@ -916,7 +916,7 @@ function taxonomy_vocabulary_confirm_reset_alphabetical(&$form_state, $vid) {
/**
* Submit handler to reset a vocabulary to alphabetical order after confirmation.
- *
+ *
* @see taxonomy_vocabulary_confirm_reset_alphabetical().
*/
function taxonomy_vocabulary_confirm_reset_alphabetical_submit($form, &$form_state) {
diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module
index 0857e169b9ec..dd203c2e33fe 100644
--- a/modules/taxonomy/taxonomy.module
+++ b/modules/taxonomy/taxonomy.module
@@ -250,14 +250,14 @@ function taxonomy_del_vocabulary($vid) {
/**
* Dynamicly check and update the hierarachy flag of a vocabulary.
- *
+ *
* Checks the current parents of all terms in a vocabulary and updates the
* vocabularies hierarchy setting to the lowest possible level. A hierarchy with
* no parents in any of its terms will be given a hierarchy of 0. If terms
* contain at most a single parent, the vocabulary will be given a hierarchy of
* 1. If any term contain multiple parents, the vocabulary will be given a
* hieararchy of 2.
- *
+ *
* @param $vocabulary
* An array of the vocabulary structure.
* @param $changed_term
diff --git a/modules/tracker/tracker.pages.inc b/modules/tracker/tracker.pages.inc
index d0efde9cd4a6..c82fed67f3a4 100644
--- a/modules/tracker/tracker.pages.inc
+++ b/modules/tracker/tracker.pages.inc
@@ -50,7 +50,7 @@ function tracker_page($account = NULL, $set_title = FALSE) {
}
$rows[] = array(
- node_get_types('name', $node->type),
+ check_plain(node_get_types('name', $node->type)),
l($node->title, "node/$node->nid") .' '. theme('mark', node_mark($node->nid, $node->changed)),
theme('username', $node),
array('class' => 'replies', 'data' => $comments),
diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc
index 7d0400d960c0..8fc4d2a8e0e0 100644
--- a/modules/user/user.pages.inc
+++ b/modules/user/user.pages.inc
@@ -206,7 +206,7 @@ function template_preprocess_user_profile_item(&$variables) {
* @see user-profile-category.tpl.php
*/
function template_preprocess_user_profile_category(&$variables) {
- $variables['title'] = $variables['element']['#title'];
+ $variables['title'] = check_plain($variables['element']['#title']);
$variables['profile_items'] = $variables['element']['#children'];
$variables['attributes'] = '';
if (isset($variables['element']['#attributes'])) {
diff --git a/themes/pushbutton/style-rtl.css b/themes/pushbutton/style-rtl.css
index 3987b8bd776a..ef49f5313250 100644
--- a/themes/pushbutton/style-rtl.css
+++ b/themes/pushbutton/style-rtl.css
@@ -20,11 +20,11 @@ td#home {
}
td#home a:link img, td#home a:visited img {
- background: transparent url(logo-active-rtl.jpg) repeat;
+ background: transparent url(logo-active-rtl.jpg) repeat;
}
td#home a:hover img {
- background: transparent url(logo-hover-rtl.jpg) repeat;
+ background: transparent url(logo-hover-rtl.jpg) repeat;
}
#primary-menu .primary-links {
@@ -47,7 +47,7 @@ ul.links li {
}
.tabs ul.primary {
- padding: 0 10px 3px 0;
+ padding: 0 10px 3px 0;
height: 1.2em; /* FF hack, see float below */
line-height: 1em; /* FF hack, see float below */
}
@@ -57,13 +57,13 @@ ul.links li {
/* @end FF hacks */
.tabs ul.primary li a {
- background: #fff url(tabs-off-rtl.png) right top no-repeat;
- border-style: none none none solid;
+ background: #fff url(tabs-off-rtl.png) right top no-repeat;
+ border-style: none none none solid;
margin-left: 10px;
margin-right: 0;
}
.tabs ul.primary li.active a {
- background: #369 url(tabs-on-rtl.png) right top no-repeat;
+ background: #369 url(tabs-on-rtl.png) right top no-repeat;
border-right: none;
border-left: 2px solid #369;
}
@@ -89,7 +89,7 @@ ul.links li {
}
.tabs ul.secondary li a.active {
- background: #fff url(tabs-option-on.png) right center no-repeat;
+ background: #fff url(tabs-option-on.png) right center no-repeat;
}
.tabs ul.secondary li a:hover {
@@ -97,11 +97,11 @@ ul.links li {
}
#menu {
- text-align: left;
+ text-align: left;
}
.node .content {
- text-align: right;
+ text-align: right;
}
.comment .content {
@@ -110,7 +110,7 @@ ul.links li {
.block .title h3 {
padding: 10px 30px 10px 5px;
- background: transparent url(icon-block-rtl.png) right center no-repeat;
+ background: transparent url(icon-block-rtl.png) right center no-repeat;
}
.node .picture {
@@ -128,7 +128,7 @@ ul.links li {
}
.comment .picture {
- float: left;
+ float: left;
}
.nav .links .next a:link {
--
GitLab