#189409 follow up note by Steven Wittens: administrator entered text should be filtered with filter_xss_admin(), not the less permissive filter_xss()

2 files changed, 2 insertions, 3 deletions

diff --git a/modules/node/content_types.inc b/modules/node/content_types.inc
index c5950815b..e7cd96097 100644
--- a/modules/node/content_types.inc
+++ b/modules/node/content_types.inc
@@ -23,7 +23,7 @@ function node_overview_types() {
       $row = array(
         l($name, 'admin/content/types/'. $type_url_str),
         check_plain($type->type),
-        filter_xss($type->description),
+        filter_xss_admin($type->description),
       );
       // Set the edit column.
       $row[] = array('data' => l(t('edit'), 'admin/content/types/'. $type_url_str));
diff --git a/modules/node/node.pages.inc b/modules/node/node.pages.inc
index cceb6bdf8..809f14555 100644
--- a/modules/node/node.pages.inc
+++ b/modules/node/node.pages.inc
@@ -11,7 +11,6 @@
  * Menu callback; presents the node editing form, or redirects to delete confirmation.
  */
 function node_page_edit($node) {
-
   drupal_set_title(t('Edit %title', array('%title' => $node->title)));
   return drupal_get_form($node->type .'_node_form', $node);
 }
@@ -29,7 +28,7 @@ function theme_node_add_list($content) {
     $output = '<dl class="node-type-list">';
     foreach ($content as $item) {
       $output .= '<dt>'. l($item['title'], $item['href'], $item['options']) .'</dt>';
-      $output .= '<dd>'. filter_xss($item['description']) .'</dd>';
+      $output .= '<dd>'. filter_xss_admin($item['description']) .'</dd>';
     }
     $output .= '</dl>';
   }