diff options
author | Dries Buytaert <dries@buytaert.net> | 2010-08-22 11:04:09 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2010-08-22 11:04:09 +0000 |
commit | ee691c593adfaf4c8046cf6ee2bc9796a28a1448 (patch) | |
tree | f9d1237359050e35d9c977fa16b06a99ad3dfe84 /modules | |
parent | c72614b01e595eb52e60905fafa74e05ddbe5f9d (diff) | |
download | brdo-ee691c593adfaf4c8046cf6ee2bc9796a28a1448.tar.gz brdo-ee691c593adfaf4c8046cf6ee2bc9796a28a1448.tar.bz2 |
- Patch #887102 by Heine: trigger and action escaping issues. Critical bug fix.
Diffstat (limited to 'modules')
-rw-r--r-- | modules/system/system.admin.inc | 5 | ||||
-rw-r--r-- | modules/system/system.module | 2 | ||||
-rw-r--r-- | modules/trigger/trigger.admin.inc | 4 |
3 files changed, 5 insertions, 6 deletions
diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc index b7fb7d38d..be9c63001 100644 --- a/modules/system/system.admin.inc +++ b/modules/system/system.admin.inc @@ -3174,9 +3174,8 @@ function system_actions_delete_form_submit($form, &$form_state) { $aid = $form_state['values']['aid']; $action = actions_load($aid); actions_delete($aid); - $label = check_plain($action->label); - watchdog('user', 'Deleted action %aid (%action)', array('%aid' => $aid, '%action' => $label)); - drupal_set_message(t('Action %action was deleted', array('%action' => $label))); + watchdog('user', 'Deleted action %aid (%action)', array('%aid' => $aid, '%action' => $action->label)); + drupal_set_message(t('Action %action was deleted', array('%action' => $action->label))); $form_state['redirect'] = 'admin/config/system/actions/manage'; } diff --git a/modules/system/system.module b/modules/system/system.module index d19c02912..85175c9f0 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -3062,7 +3062,7 @@ function system_message_action(&$entity, $context = array()) { $context['node'] = $entity; } - $context['message'] = token_replace($context['message'], $context); + $context['message'] = token_replace(filter_xss_admin($context['message']), $context); drupal_set_message($context['message']); } diff --git a/modules/trigger/trigger.admin.inc b/modules/trigger/trigger.admin.inc index d0e12661c..33a3fc3f8 100644 --- a/modules/trigger/trigger.admin.inc +++ b/modules/trigger/trigger.admin.inc @@ -90,7 +90,7 @@ function trigger_unassign_submit($form, &$form_state) { ->condition('aid', $aid) ->execute(); $actions = actions_get_all_actions(); - watchdog('actions', 'Action %action has been unassigned.', array('%action' => check_plain($actions[$aid]['label']))); + watchdog('actions', 'Action %action has been unassigned.', array('%action' => $actions[$aid]['label'])); drupal_set_message(t('Action %action has been unassigned.', array('%action' => $actions[$aid]['label']))); $form_state['redirect'] = 'admin/structure/trigger/' . $form_state['values']['module']; } @@ -291,7 +291,7 @@ function theme_trigger_display($variables) { $rows = array(); foreach ($element['assigned']['#value'] as $aid => $info) { $rows[] = array( - $info['label'], + check_plain($info['label']), $info['link'] ); } |