diff options
author | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-11-16 09:52:37 +0000 |
---|---|---|
committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-11-16 09:52:37 +0000 |
commit | c5f767073efcf455bacd9b8c90634b76e9265e77 (patch) | |
tree | 1e7f104541a0502de2987c19a60d609c6b37fee7 /modules | |
parent | ad6f9ba7bd9e33d88610989faecfb6f911a34a13 (diff) | |
download | brdo-c5f767073efcf455bacd9b8c90634b76e9265e77.tar.gz brdo-c5f767073efcf455bacd9b8c90634b76e9265e77.tar.bz2 |
#189409 follow up note by Steven Wittens: administrator entered text should be filtered with filter_xss_admin(), not the less permissive filter_xss()
Diffstat (limited to 'modules')
-rw-r--r-- | modules/node/content_types.inc | 2 | ||||
-rw-r--r-- | modules/node/node.pages.inc | 3 |
2 files changed, 2 insertions, 3 deletions
diff --git a/modules/node/content_types.inc b/modules/node/content_types.inc index c5950815b..e7cd96097 100644 --- a/modules/node/content_types.inc +++ b/modules/node/content_types.inc @@ -23,7 +23,7 @@ function node_overview_types() { $row = array( l($name, 'admin/content/types/'. $type_url_str), check_plain($type->type), - filter_xss($type->description), + filter_xss_admin($type->description), ); // Set the edit column. $row[] = array('data' => l(t('edit'), 'admin/content/types/'. $type_url_str)); diff --git a/modules/node/node.pages.inc b/modules/node/node.pages.inc index cceb6bdf8..809f14555 100644 --- a/modules/node/node.pages.inc +++ b/modules/node/node.pages.inc @@ -11,7 +11,6 @@ * Menu callback; presents the node editing form, or redirects to delete confirmation. */ function node_page_edit($node) { - drupal_set_title(t('Edit %title', array('%title' => $node->title))); return drupal_get_form($node->type .'_node_form', $node); } @@ -29,7 +28,7 @@ function theme_node_add_list($content) { $output = '<dl class="node-type-list">'; foreach ($content as $item) { $output .= '<dt>'. l($item['title'], $item['href'], $item['options']) .'</dt>'; - $output .= '<dd>'. filter_xss($item['description']) .'</dd>'; + $output .= '<dd>'. filter_xss_admin($item['description']) .'</dd>'; } $output .= '</dl>'; } |