diff options
| author | Steven Wittens <steven@10.no-reply.drupal.org> | 2006-04-07 15:32:17 +0000 |
|---|---|---|
| committer | Steven Wittens <steven@10.no-reply.drupal.org> | 2006-04-07 15:32:17 +0000 |
| commit | 9794b5538e2baee159d360c9f7125f178591659a (patch) | |
| tree | c73a591ff817a3466ddea66391c664768022aa29 /themes/engines/phptemplate | |
| parent | 77dc67ec9218b9eb6dd8a88f8d81d15312ce3d3c (diff) | |
| download | brdo-9794b5538e2baee159d360c9f7125f178591659a.tar.gz brdo-9794b5538e2baee159d360c9f7125f178591659a.tar.bz2 | |
- #55898: Generic, permissive admin XSS/HTML filtering for mission/footer/...
- Clean up some raw output
Diffstat (limited to 'themes/engines/phptemplate')
| -rw-r--r-- | themes/engines/phptemplate/phptemplate.engine | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/themes/engines/phptemplate/phptemplate.engine b/themes/engines/phptemplate/phptemplate.engine index 97c95adc9..0a136a3ac 100644 --- a/themes/engines/phptemplate/phptemplate.engine +++ b/themes/engines/phptemplate/phptemplate.engine @@ -143,7 +143,7 @@ function phptemplate_page($content) { /* Set title and breadcrumb to declared values */ if (drupal_get_path_alias($_GET['q']) == variable_get('site_frontpage', 'node')) { - $mission = filter_xss(theme_get_setting('mission')); + $mission = filter_xss_admin(theme_get_setting('mission')); } /* Add favicon */ @@ -188,7 +188,7 @@ function phptemplate_page($content) { 'breadcrumb' => theme('breadcrumb', drupal_get_breadcrumb()), 'closure' => theme('closure'), 'content' => '<!-- begin content -->' . $content . '<!-- end content -->', - 'footer_message' => variable_get('site_footer', FALSE) . "\n" . theme('blocks', 'footer'), + 'footer_message' => filter_xss_admin(variable_get('site_footer', FALSE)) . "\n" . theme('blocks', 'footer'), 'head' => drupal_get_html_head(), 'head_title' => implode(' | ', $head_title), 'help' => theme('help'), |