diff options
author | Steven Wittens <steven@10.no-reply.drupal.org> | 2006-03-13 21:42:35 +0000 |
---|---|---|
committer | Steven Wittens <steven@10.no-reply.drupal.org> | 2006-03-13 21:42:35 +0000 |
commit | 16fd8c89a59f7851626eb939d33a50703a07ba2b (patch) | |
tree | 52fa8b2ecb6e96378bebf0dc2a3e2d24723896eb /includes | |
parent | 2fb572d0026b8b5bf88f744abbc27b3429f0493b (diff) | |
download | brdo-16fd8c89a59f7851626eb939d33a50703a07ba2b.tar.gz brdo-16fd8c89a59f7851626eb939d33a50703a07ba2b.tar.bz2 |
- sa-2006-002: XSS issues with username log and mission
Diffstat (limited to 'includes')
-rw-r--r-- | includes/theme.inc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/includes/theme.inc b/includes/theme.inc index ee499b65a..c0e4f3b0c 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -958,7 +958,7 @@ function theme_username($object) { $output = l($name, 'user/'. $object->uid, array('title' => t('View user profile.'))); } else { - $output = $name; + $output = check_plain($name); } } else if ($object->name) { @@ -967,10 +967,10 @@ function theme_username($object) { // aggregator modules). This clause enables modules to display // the true author of the content. if ($object->homepage) { - $output = '<a href="'. $object->homepage .'">'. $object->name .'</a>'; + $output = l($object->name, $object->homepage); } else { - $output = $object->name; + $output = check_plain($object->name); } $output .= ' ('. t('not verified') .')'; |