diff options
| -rw-r--r-- | includes/node.inc | 8 | ||||
| -rw-r--r-- | modules/node.module | 12 | ||||
| -rw-r--r-- | modules/node/node.module | 12 |
3 files changed, 26 insertions, 6 deletions
diff --git a/includes/node.inc b/includes/node.inc index e3c04db98..a020cb724 100644 --- a/includes/node.inc +++ b/includes/node.inc @@ -170,7 +170,9 @@ function node_save($node, $filter) { foreach ($node as $key => $value) { if (in_array($key, $fields)) { $k[] = check_query($key); - $v[] = "'". check_query($value) ."'"; + $v[] = "'". check_input($value) ."'"; + // NOTE: for the values we use 'check_input()' such that we apply + // the filters } } @@ -192,7 +194,9 @@ function node_save($node, $filter) { // prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $q[] = check_query($key) ." = '". check_query($value) ."'"; + $q[] = check_query($key) ." = '". check_input($value) ."'"; + // NOTE: for the values we use 'check_input()' such that we apply + // the filters } } diff --git a/modules/node.module b/modules/node.module index f0b0a5111..ecbc2dfce 100644 --- a/modules/node.module +++ b/modules/node.module @@ -90,7 +90,7 @@ function node_filter_link($text) { function node_filter($text) { if (variable_get("filter_html", 0)) $text = node_filter_html($text); if (variable_get("filter_link", 0)) $text = node_filter_link($text); - return $text; + return trim($text); } function node_link($type, $node = 0) { @@ -672,10 +672,18 @@ function node_preview($edit) { } /* + ** Apply the required filters: + */ + + foreach ($edit as $key => $value) { + $node->$key = check_input($value); + } + + /* ** Display a preview of the node: */ - node_view($edit); + node_view($node); return node_form($edit); } diff --git a/modules/node/node.module b/modules/node/node.module index f0b0a5111..ecbc2dfce 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -90,7 +90,7 @@ function node_filter_link($text) { function node_filter($text) { if (variable_get("filter_html", 0)) $text = node_filter_html($text); if (variable_get("filter_link", 0)) $text = node_filter_link($text); - return $text; + return trim($text); } function node_link($type, $node = 0) { @@ -672,10 +672,18 @@ function node_preview($edit) { } /* + ** Apply the required filters: + */ + + foreach ($edit as $key => $value) { + $node->$key = check_input($value); + } + + /* ** Display a preview of the node: */ - node_view($edit); + node_view($node); return node_form($edit); } |