From 5154c3aca4c9362cbd0fb236e0ea9dd5c7c0aa78 Mon Sep 17 00:00:00 2001
From: Steven Wittens <steven@10.no-reply.drupal.org>
Date: Wed, 18 May 2005 21:12:17 +0000
Subject: - Fixing some plain/url check calls.

---
 modules/drupal.module                | 4 +++-
 modules/drupal/drupal.module         | 4 +++-
 modules/statistics.module            | 2 +-
 modules/statistics/statistics.module | 2 +-
 modules/upload.module                | 2 +-
 modules/upload/upload.module         | 2 +-
 6 files changed, 10 insertions(+), 6 deletions(-)

(limited to 'modules')

diff --git a/modules/drupal.module b/modules/drupal.module
index 8295d8778..143ee798a 100644
--- a/modules/drupal.module
+++ b/modules/drupal.module
@@ -114,8 +114,10 @@ function drupal_directory_ping($arguments) {
 function drupal_directory_page($sort = 'name') {
   $result = db_query('SELECT * FROM {directory} ORDER BY '. $sort);
 
+  // Note: All fields except the mission are treated as plain-text.
+  // The mission is stripped of any HTML tags to keep the output simple and consistent.
   while ($site = db_fetch_object($result)) {
-    $output .= "<a href=\"$site->link\">$site->name</a> - $site->slogan<div style=\"padding-left: 20px;\">$site->mission</div><br />";
+    $output .= '<a href="'. check_url($site->link) .'">'. check_plain($site->name) .'</a> - '. check_plain($site->slogan) .'<div style="padding-left: 20px;">'. strip_tags($site->mission) .'</div><br />';
   }
 
   return $output;
diff --git a/modules/drupal/drupal.module b/modules/drupal/drupal.module
index 8295d8778..143ee798a 100644
--- a/modules/drupal/drupal.module
+++ b/modules/drupal/drupal.module
@@ -114,8 +114,10 @@ function drupal_directory_ping($arguments) {
 function drupal_directory_page($sort = 'name') {
   $result = db_query('SELECT * FROM {directory} ORDER BY '. $sort);
 
+  // Note: All fields except the mission are treated as plain-text.
+  // The mission is stripped of any HTML tags to keep the output simple and consistent.
   while ($site = db_fetch_object($result)) {
-    $output .= "<a href=\"$site->link\">$site->name</a> - $site->slogan<div style=\"padding-left: 20px;\">$site->mission</div><br />";
+    $output .= '<a href="'. check_url($site->link) .'">'. check_plain($site->name) .'</a> - '. check_plain($site->slogan) .'<div style="padding-left: 20px;">'. strip_tags($site->mission) .'</div><br />';
   }
 
   return $output;
diff --git a/modules/statistics.module b/modules/statistics.module
index 692eee327..20bc687fb 100644
--- a/modules/statistics.module
+++ b/modules/statistics.module
@@ -316,7 +316,7 @@ function statistics_top_referrers() {
   $result = pager_query($query, 30, 0, $query_cnt, $_SERVER['HTTP_HOST']);
 
   while ($referrer = db_fetch_object($result)) {
-    $rows[] = array($referrer->hits, '<a href="'. $referrer->url .'">'. _statistics_column_width($referrer->url) .'</a>', t('%time ago', array('%time' => format_interval(time() - $referrer->last))));
+    $rows[] = array($referrer->hits, '<a href="'. check_url($referrer->url) .'">'. check_plain(_statistics_column_width($referrer->url)) .'</a>', t('%time ago', array('%time' => format_interval(time() - $referrer->last))));
   }
   if ($pager = theme('pager', NULL, 30, 0, tablesort_pager())) {
     $rows[] = array(array('data' => $pager, 'colspan' => '3'));
diff --git a/modules/statistics/statistics.module b/modules/statistics/statistics.module
index 692eee327..20bc687fb 100644
--- a/modules/statistics/statistics.module
+++ b/modules/statistics/statistics.module
@@ -316,7 +316,7 @@ function statistics_top_referrers() {
   $result = pager_query($query, 30, 0, $query_cnt, $_SERVER['HTTP_HOST']);
 
   while ($referrer = db_fetch_object($result)) {
-    $rows[] = array($referrer->hits, '<a href="'. $referrer->url .'">'. _statistics_column_width($referrer->url) .'</a>', t('%time ago', array('%time' => format_interval(time() - $referrer->last))));
+    $rows[] = array($referrer->hits, '<a href="'. check_url($referrer->url) .'">'. check_plain(_statistics_column_width($referrer->url)) .'</a>', t('%time ago', array('%time' => format_interval(time() - $referrer->last))));
   }
   if ($pager = theme('pager', NULL, 30, 0, tablesort_pager())) {
     $rows[] = array(array('data' => $pager, 'colspan' => '3'));
diff --git a/modules/upload.module b/modules/upload.module
index 5302d5ac3..c0c7c6b86 100644
--- a/modules/upload.module
+++ b/modules/upload.module
@@ -247,7 +247,7 @@ function upload_nodeapi(&$node, $op, $arg) {
         foreach ($node->files as $file) {
           if ($file->list) {
             $rows[] = array(
-              '<a href="'. ($file->fid ? file_create_url($file->filepath) : url(file_create_filename($file->filename, file_create_path()))) . '">'. $file->filename .'</a>',
+              '<a href="'. check_url(($file->fid ? file_create_url($file->filepath) : url(file_create_filename($file->filename, file_create_path())))) .'">'. check_plain($file->filename) .'</a>',
               format_size($file->filesize)
             );
             // We save the list of files still in preview for later
diff --git a/modules/upload/upload.module b/modules/upload/upload.module
index 5302d5ac3..c0c7c6b86 100644
--- a/modules/upload/upload.module
+++ b/modules/upload/upload.module
@@ -247,7 +247,7 @@ function upload_nodeapi(&$node, $op, $arg) {
         foreach ($node->files as $file) {
           if ($file->list) {
             $rows[] = array(
-              '<a href="'. ($file->fid ? file_create_url($file->filepath) : url(file_create_filename($file->filename, file_create_path()))) . '">'. $file->filename .'</a>',
+              '<a href="'. check_url(($file->fid ? file_create_url($file->filepath) : url(file_create_filename($file->filename, file_create_path())))) .'">'. check_plain($file->filename) .'</a>',
               format_size($file->filesize)
             );
             // We save the list of files still in preview for later
-- 
cgit v1.2.3