diff options
author | Dries Buytaert <dries@buytaert.net> | 2010-08-17 21:31:13 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2010-08-17 21:31:13 +0000 |
commit | 2d3af8fe80715bb8b682f00272e731619d3102a8 (patch) | |
tree | 6e5bf36733e4b8d70af8afd24310694d4d0aabaf /modules/system/system.tokens.inc | |
parent | 946a8d5967f30282b5fc899ee4ea7ae3708d9398 (diff) | |
download | brdo-2d3af8fe80715bb8b682f00272e731619d3102a8.tar.gz brdo-2d3af8fe80715bb8b682f00272e731619d3102a8.tar.bz2 |
- Patch #829822 by pwolanin, tstoeckler: check Drupal 7 core for vulnerabilities in SA-CONTRIB-2010-066.
Diffstat (limited to 'modules/system/system.tokens.inc')
-rw-r--r-- | modules/system/system.tokens.inc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/modules/system/system.tokens.inc b/modules/system/system.tokens.inc index e13a4a2ab..f57daf2da 100644 --- a/modules/system/system.tokens.inc +++ b/modules/system/system.tokens.inc @@ -202,7 +202,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a break; case 'raw': - $replacements[$original] = filter_xss($date); + $replacements[$original] = $sanitize ? check_plain($date) : $date; break; } } @@ -230,15 +230,15 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a break; case 'description': - $replacements[$original] = $sanitize ? filter_xss($file->description) : $file->description; + $replacements[$original] = $sanitize ? check_plain($file->description) : $file->description; break; case 'path': - $replacements[$original] = $sanitize ? filter_xss($file->uri) : $file->uri; + $replacements[$original] = $sanitize ? check_plain($file->uri) : $file->uri; break; case 'mime': - $replacements[$original] = $sanitize ? filter_xss($file->filemime) : $file->filemime; + $replacements[$original] = $sanitize ? check_plain($file->filemime) : $file->filemime; break; case 'size': @@ -246,7 +246,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a break; case 'url': - $replacements[$original] = url(file_create_url($file->uri), $url_options); + $replacements[$original] = $sanitize ? check_plain(file_create_url($file->uri)) : file_create_url($file->uri); break; // These tokens are default variations on the chained tokens handled below. @@ -256,7 +256,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a case 'owner': $account = user_load($file->uid); - $replacements[$original] = $sanitize ? filter_xss($account->name) : $account->name; + $replacements[$original] = $sanitize ? check_plain($account->name) : $account->name; break; } } |