diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-12-28 20:51:18 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-12-28 20:51:18 +0000 |
| commit | e174039d6fc745c851e8ca5ce37a38dafd34cfe8 (patch) | |
| tree | e8ce0c758b5b01da8804d22304b8c18176c4e5e4 /modules/system/system.admin.inc | |
| parent | 13dacbc27fd8e6db86171454ea6133eb6d7c41a7 (diff) | |
| download | brdo-e174039d6fc745c851e8ca5ce37a38dafd34cfe8.tar.gz brdo-e174039d6fc745c851e8ca5ce37a38dafd34cfe8.tar.bz2 | |
- Patch #669062 by Damien Tournoud and security team: fixed SA-CORE-2009-009: menu description XSS.
Diffstat (limited to 'modules/system/system.admin.inc')
| -rw-r--r-- | modules/system/system.admin.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc index 9f9567337..655de366a 100644 --- a/modules/system/system.admin.inc +++ b/modules/system/system.admin.inc @@ -2342,7 +2342,7 @@ function theme_admin_block_content($variables) { $output = '<dl class="admin-list">'; foreach ($content as $item) { $output .= '<dt>' . l($item['title'], $item['href'], $item['localized_options']) . '</dt>'; - $output .= '<dd>' . $item['description'] . '</dd>'; + $output .= '<dd>' . filter_xss_admin($item['description']) . '</dd>'; } $output .= '</dl>'; } |