diff options
author | webchick <webchick@24967.no-reply.drupal.org> | 2011-05-25 13:07:13 -0700 |
---|---|---|
committer | webchick <webchick@24967.no-reply.drupal.org> | 2011-05-25 13:07:13 -0700 |
commit | 316bd96ebff36284f5f3e33268760ff9c672b6f8 (patch) | |
tree | 9cf884400848933c21eb03d90631b04c97f7543d /modules/color | |
parent | 497914920385b7016ac9c9367e0198530787adf2 (diff) | |
download | brdo-316bd96ebff36284f5f3e33268760ff9c672b6f8.tar.gz brdo-316bd96ebff36284f5f3e33268760ff9c672b6f8.tar.bz2 |
Drupal 7.1
Diffstat (limited to 'modules/color')
-rw-r--r-- | modules/color/color.install | 15 | ||||
-rw-r--r-- | modules/color/color.module | 13 |
2 files changed, 28 insertions, 0 deletions
diff --git a/modules/color/color.install b/modules/color/color.install index 0655e797e..ff1e835a4 100644 --- a/modules/color/color.install +++ b/modules/color/color.install @@ -41,3 +41,18 @@ function color_requirements($phase) { return $requirements; } + +/** + * Warn site administrator if unsafe CSS color codes are found in the database. + */ +function color_update_7001() { + $theme_palettes = db_query("SELECT name FROM {variable} WHERE name LIKE 'color_%_palette'")->fetchCol(); + foreach ($theme_palettes as $name) { + $palette = variable_get($name, array()); + foreach ($palette as $key => $color) { + if (!preg_match('/^#([a-f0-9]{3}){1,2}$/iD', $color)) { + drupal_set_message('Some of the custom CSS color codes specified via the color module are invalid. Please examine the themes which are making use of the color module at the <a href="'. url('admin/appearance/settings') .'">Appearance settings</a> page to verify their CSS color values.', 'warning'); + } + } + } +} diff --git a/modules/color/color.module b/modules/color/color.module index d94cadc33..ab8fb9b79 100644 --- a/modules/color/color.module +++ b/modules/color/color.module @@ -43,6 +43,7 @@ function color_form_system_theme_settings_alter(&$form, &$form_state) { '#theme' => 'color_scheme_form', ); $form['color'] += color_scheme_form($form, $form_state, $theme); + $form['#validate'][] = 'color_scheme_form_validate'; $form['#submit'][] = 'color_scheme_form_submit'; } } @@ -272,6 +273,18 @@ function theme_color_scheme_form($variables) { } /** + * Validation handler for color change form. + */ +function color_scheme_form_validate($form, &$form_state) { + // Only accept hexadecimal CSS color strings to avoid XSS upon use. + foreach ($form_state['values']['palette'] as $key => $color) { + if (!preg_match('/^#([a-f0-9]{3}){1,2}$/iD', $color)) { + form_set_error('palette][' . $key, t('%name must be a valid hexadecimal CSS color value.', array('%name' => $form['color']['palette'][$key]['#title']))); + } + } +} + +/** * Submit handler for color change form. */ function color_scheme_form_submit($form, &$form_state) { |