diff options
author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-12-30 22:52:24 +0000 |
---|---|---|
committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-12-30 22:52:24 +0000 |
commit | 75a7c31c337127dea4c64d77508d921a7a52889f (patch) | |
tree | d8a3d0343e31014922a8472b58ea35707863ed6f /includes | |
parent | 540ce2b461ee6cef5ff0c7b6dd9d768b1338c229 (diff) | |
download | brdo-75a7c31c337127dea4c64d77508d921a7a52889f.tar.gz brdo-75a7c31c337127dea4c64d77508d921a7a52889f.tar.bz2 |
#971120 by bec, dereine, bojanz, chx: Fixed Radio button values get run through check_plain() twice
Diffstat (limited to 'includes')
-rw-r--r-- | includes/form.inc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/includes/form.inc b/includes/form.inc index 9018931ef..4f907dd8f 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -2658,6 +2658,9 @@ function theme_fieldset($variables) { /** * Returns HTML for a radio button form element. * + * Note: The input "name" attribute needs to be sanitized before output, which + * is currently done by passing all attributes to drupal_attributes(). + * * @param $variables * An associative array containing: * - element: An associative array containing the properties of the element. @@ -2671,7 +2674,7 @@ function theme_radio($variables) { $element['#attributes']['type'] = 'radio'; element_set_attributes($element, array('id', 'name', '#return_value' => 'value')); - if (isset($element['#return_value']) && check_plain($element['#value']) == $element['#return_value']) { + if (isset($element['#return_value']) && $element['#value'] !== FALSE && $element['#value'] == $element['#return_value']) { $element['#attributes']['checked'] = 'checked'; } _form_set_class($element, array('form-radio')); @@ -2890,7 +2893,9 @@ function form_process_radios($element) { $element[$key] += array( '#type' => 'radio', '#title' => $choice, - '#return_value' => check_plain($key), + // The key is sanitized in drupal_attributes() during output from the + // theme function. + '#return_value' => $key, '#default_value' => isset($element['#default_value']) ? $element['#default_value'] : NULL, '#attributes' => $element['#attributes'], '#parents' => $element['#parents'], |