#189409 follow up note by Steven Wittens: administrator entered text should be filtered with filter_xss_admin(), not the less permissive filter_xss()

author: Gábor Hojtsy <gabor@hojtsy.hu> 2007-11-16 09:52:37 +0000
committer: Gábor Hojtsy <gabor@hojtsy.hu> 2007-11-16 09:52:37 +0000
commit: c5f767073efcf455bacd9b8c90634b76e9265e77 (patch)
tree: 1e7f104541a0502de2987c19a60d609c6b37fee7 /modules/node/node.pages.inc
parent: ad6f9ba7bd9e33d88610989faecfb6f911a34a13 (diff)
download: brdo-c5f767073efcf455bacd9b8c90634b76e9265e77.tar.gz
brdo-c5f767073efcf455bacd9b8c90634b76e9265e77.tar.bz2
1 files changed, 1 insertions, 2 deletions
diff --git a/modules/node/node.pages.inc b/modules/node/node.pages.inc
index cceb6bdf8..809f14555 100644
--- a/modules/node/node.pages.inc
+++ b/modules/node/node.pages.inc
@@ -11,7 +11,6 @@
  * Menu callback; presents the node editing form, or redirects to delete confirmation.
  */
 function node_page_edit($node) {
-
   drupal_set_title(t('Edit %title', array('%title' => $node->title)));
   return drupal_get_form($node->type .'_node_form', $node);
 }
@@ -29,7 +28,7 @@ function theme_node_add_list($content) {
     $output = '<dl class="node-type-list">';
     foreach ($content as $item) {
       $output .= '<dt>'. l($item['title'], $item['href'], $item['options']) .'</dt>';
-      $output .= '<dd>'. filter_xss($item['description']) .'</dd>';
+      $output .= '<dd>'. filter_xss_admin($item['description']) .'</dd>';
     }
     $output .= '</dl>';
   }
author	Gábor Hojtsy <gabor@hojtsy.hu>	2007-11-16 09:52:37 +0000
committer	Gábor Hojtsy <gabor@hojtsy.hu>	2007-11-16 09:52:37 +0000
commit	c5f767073efcf455bacd9b8c90634b76e9265e77 (patch)
tree	1e7f104541a0502de2987c19a60d609c6b37fee7 /modules/node/node.pages.inc
parent	ad6f9ba7bd9e33d88610989faecfb6f911a34a13 (diff)
download	brdo-c5f767073efcf455bacd9b8c90634b76e9265e77.tar.gz brdo-c5f767073efcf455bacd9b8c90634b76e9265e77.tar.bz2