diff options
| author | Dries Buytaert <dries@buytaert.net> | 2010-08-22 11:04:09 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2010-08-22 11:04:09 +0000 |
| commit | ee691c593adfaf4c8046cf6ee2bc9796a28a1448 (patch) | |
| tree | f9d1237359050e35d9c977fa16b06a99ad3dfe84 /modules/system | |
| parent | c72614b01e595eb52e60905fafa74e05ddbe5f9d (diff) | |
| download | brdo-ee691c593adfaf4c8046cf6ee2bc9796a28a1448.tar.gz brdo-ee691c593adfaf4c8046cf6ee2bc9796a28a1448.tar.bz2 | |
- Patch #887102 by Heine: trigger and action escaping issues. Critical bug fix.
Diffstat (limited to 'modules/system')
| -rw-r--r-- | modules/system/system.admin.inc | 5 | ||||
| -rw-r--r-- | modules/system/system.module | 2 |
2 files changed, 3 insertions, 4 deletions
diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc index b7fb7d38d..be9c63001 100644 --- a/modules/system/system.admin.inc +++ b/modules/system/system.admin.inc @@ -3174,9 +3174,8 @@ function system_actions_delete_form_submit($form, &$form_state) { $aid = $form_state['values']['aid']; $action = actions_load($aid); actions_delete($aid); - $label = check_plain($action->label); - watchdog('user', 'Deleted action %aid (%action)', array('%aid' => $aid, '%action' => $label)); - drupal_set_message(t('Action %action was deleted', array('%action' => $label))); + watchdog('user', 'Deleted action %aid (%action)', array('%aid' => $aid, '%action' => $action->label)); + drupal_set_message(t('Action %action was deleted', array('%action' => $action->label))); $form_state['redirect'] = 'admin/config/system/actions/manage'; } diff --git a/modules/system/system.module b/modules/system/system.module index d19c02912..85175c9f0 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -3062,7 +3062,7 @@ function system_message_action(&$entity, $context = array()) { $context['node'] = $entity; } - $context['message'] = token_replace($context['message'], $context); + $context['message'] = token_replace(filter_xss_admin($context['message']), $context); drupal_set_message($context['message']); } |