diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2008-10-11 21:11:02 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2008-10-11 21:11:02 +0000 |
| commit | ecf7ad41d0c3b8d4ea12e3883d3b5c9060eb2963 (patch) | |
| tree | 264c817491a1484683e8adb2a2f47e344ef44717 /includes/path.inc | |
| parent | 4002681267044ab1d226ffeade7b8f6fface18ae (diff) | |
| download | brdo-ecf7ad41d0c3b8d4ea12e3883d3b5c9060eb2963.tar.gz brdo-ecf7ad41d0c3b8d4ea12e3883d3b5c9060eb2963.tar.bz2 | |
#242873 by pwolanin and bjaspan: Make drupal_set_title() do check_plain() by default.
Diffstat (limited to 'includes/path.inc')
| -rw-r--r-- | includes/path.inc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/includes/path.inc b/includes/path.inc index 617e69a23..159920e87 100644 --- a/includes/path.inc +++ b/includes/path.inc @@ -196,15 +196,20 @@ function drupal_get_title() { * @param $title * Optional string value to assign to the page title; or if set to NULL * (default), leaves the current title unchanged. + * @param $output + * Optional flag - normally should be left as CHECK_PLAIN. Only set to + * PASS_THROUGH if you have already removed any possibly dangerous code + * from $title using a function like check_plain() or filter_xss(). With this + * flag the string will be passed through unchanged. * * @return * The updated title of the current page. */ -function drupal_set_title($title = NULL) { +function drupal_set_title($title = NULL, $output = CHECK_PLAIN) { static $stored_title; if (isset($title)) { - $stored_title = $title; + $stored_title = ($output == PASS_THROUGH) ? $title : check_plain($title); } return $stored_title; } |