diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-04-23 04:32:16 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-04-23 04:32:16 +0000 |
| commit | 630d473c8e395d30393696ca6d01435c54f7c382 (patch) | |
| tree | fd7a3dc2ffdf9b3e7e90f5bbe652ed6e9aab4c20 /modules/profile/profile.module | |
| parent | e82edd5758b26883381f5a95c248f2c48d9b42b4 (diff) | |
| download | brdo-630d473c8e395d30393696ca6d01435c54f7c382.tar.gz brdo-630d473c8e395d30393696ca6d01435c54f7c382.tar.bz2 | |
#611532 by mr.baileys, scor: Fixed XSS Vulnerability in profile.module.
Diffstat (limited to 'modules/profile/profile.module')
| -rw-r--r-- | modules/profile/profile.module | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/profile/profile.module b/modules/profile/profile.module index 9e907f64f..5aabb3d7d 100644 --- a/modules/profile/profile.module +++ b/modules/profile/profile.module @@ -360,7 +360,7 @@ function profile_user_view($account) { } function _profile_form_explanation($field) { - $output = $field->explanation; + $output = filter_xss_admin($field->explanation); if ($field->type == 'list') { $output .= ' ' . t('Put each item on a separate line or separate them by commas. No HTML allowed.'); |