- sa-2006-002: XSS issues with username log and mission

author: Steven Wittens <steven@10.no-reply.drupal.org> 2006-03-13 21:42:35 +0000
committer: Steven Wittens <steven@10.no-reply.drupal.org> 2006-03-13 21:42:35 +0000
commit: 16fd8c89a59f7851626eb939d33a50703a07ba2b (patch)
tree: 52fa8b2ecb6e96378bebf0dc2a3e2d24723896eb /themes/engines/phptemplate/phptemplate.engine
parent: 2fb572d0026b8b5bf88f744abbc27b3429f0493b (diff)
download: brdo-16fd8c89a59f7851626eb939d33a50703a07ba2b.tar.gz
brdo-16fd8c89a59f7851626eb939d33a50703a07ba2b.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/themes/engines/phptemplate/phptemplate.engine b/themes/engines/phptemplate/phptemplate.engine
index 3c7c7f89b..ebc18e9cd 100644
--- a/themes/engines/phptemplate/phptemplate.engine
+++ b/themes/engines/phptemplate/phptemplate.engine
@@ -143,7 +143,7 @@ function phptemplate_page($content) {
 
   /* Set title and breadcrumb to declared values */
   if (drupal_get_path_alias($_GET['q']) == variable_get('site_frontpage', 'node')) {
-    $mission = theme_get_setting('mission');
+    $mission = filter_xss(theme_get_setting('mission'));
   }
 
   /* Add favicon */
author	Steven Wittens <steven@10.no-reply.drupal.org>	2006-03-13 21:42:35 +0000
committer	Steven Wittens <steven@10.no-reply.drupal.org>	2006-03-13 21:42:35 +0000
commit	16fd8c89a59f7851626eb939d33a50703a07ba2b (patch)
tree	52fa8b2ecb6e96378bebf0dc2a3e2d24723896eb /themes/engines/phptemplate/phptemplate.engine
parent	2fb572d0026b8b5bf88f744abbc27b3429f0493b (diff)
download	brdo-16fd8c89a59f7851626eb939d33a50703a07ba2b.tar.gz brdo-16fd8c89a59f7851626eb939d33a50703a07ba2b.tar.bz2