diff options
| -rw-r--r-- | includes/theme.inc | 6 | ||||
| -rw-r--r-- | themes/engines/phptemplate/phptemplate.engine | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/includes/theme.inc b/includes/theme.inc index ee499b65a..c0e4f3b0c 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -958,7 +958,7 @@ function theme_username($object) { $output = l($name, 'user/'. $object->uid, array('title' => t('View user profile.'))); } else { - $output = $name; + $output = check_plain($name); } } else if ($object->name) { @@ -967,10 +967,10 @@ function theme_username($object) { // aggregator modules). This clause enables modules to display // the true author of the content. if ($object->homepage) { - $output = '<a href="'. $object->homepage .'">'. $object->name .'</a>'; + $output = l($object->name, $object->homepage); } else { - $output = $object->name; + $output = check_plain($object->name); } $output .= ' ('. t('not verified') .')'; diff --git a/themes/engines/phptemplate/phptemplate.engine b/themes/engines/phptemplate/phptemplate.engine index 3c7c7f89b..ebc18e9cd 100644 --- a/themes/engines/phptemplate/phptemplate.engine +++ b/themes/engines/phptemplate/phptemplate.engine @@ -143,7 +143,7 @@ function phptemplate_page($content) { /* Set title and breadcrumb to declared values */ if (drupal_get_path_alias($_GET['q']) == variable_get('site_frontpage', 'node')) { - $mission = theme_get_setting('mission'); + $mission = filter_xss(theme_get_setting('mission')); } /* Add favicon */ |