diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-01-28 07:34:30 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-01-28 07:34:30 +0000 |
| commit | f16eccbe9d0199385e0334b1692d6a1ec7225917 (patch) | |
| tree | d59bf23172fe91c2f7017c39250a5b611d6279c1 /modules/node/node.module | |
| parent | 8fa274af765bb74a520fdb4211321ee489d9fec1 (diff) | |
| download | brdo-f16eccbe9d0199385e0334b1692d6a1ec7225917.tar.gz brdo-f16eccbe9d0199385e0334b1692d6a1ec7225917.tar.bz2 | |
#365183 by Eaton: Fix for node_feed() silently discards ->content (with tests).
Diffstat (limited to 'modules/node/node.module')
| -rw-r--r-- | modules/node/node.module | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/modules/node/node.module b/modules/node/node.module index 3629e2209..afea14b39 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -1864,8 +1864,23 @@ function node_feed($nids = FALSE, $channel = array()) { $item = node_prepare($item, $teaser); } - // Allow modules to change $node->teaser before viewing. + // Allow modules to change $node->content before the node is rendered. node_invoke_nodeapi($item, 'view', $teaser, FALSE); + + // Set the proper node property, then unset unused $node property so that a + // bad theme can not open a security hole. + $content = drupal_render($item->content); + if ($teaser) { + $item->teaser = $content; + unset($item->body); + } + else { + $item->body = $content; + unset($item->teaser); + } + + // Allow modules to modify the fully-built node. + node_invoke_nodeapi($item, 'alter', $teaser, FALSE); } // Allow modules to add additional item fields and/or modify $item |