diff options
| -rw-r--r-- | modules/contact/contact.module | 6 | ||||
| -rw-r--r-- | modules/forum/forum.module | 2 | ||||
| -rw-r--r-- | modules/profile/profile.module | 4 | ||||
| -rw-r--r-- | modules/statistics/statistics.module | 2 | ||||
| -rw-r--r-- | modules/tracker/tracker.module | 2 | ||||
| -rw-r--r-- | modules/user/user.module | 6 |
6 files changed, 11 insertions, 11 deletions
diff --git a/modules/contact/contact.module b/modules/contact/contact.module index 132e69e14..f3f9c96b4 100644 --- a/modules/contact/contact.module +++ b/modules/contact/contact.module @@ -310,7 +310,7 @@ function contact_user_page() { $output = t('You cannot contact more than %number users per hour. Please try again later.', array('%number' => variable_get('contact_hourly_threshold', 3))); } else { - drupal_set_title($account->name); + drupal_set_title(check_plain($account->name)); $output = drupal_get_form('contact_mail_user', $account); } @@ -326,11 +326,11 @@ function contact_mail_user($recipient) { $form['#token'] = $user->name . $user->mail; $form['from'] = array('#type' => 'item', '#title' => t('From'), - '#value' => $user->name .' <'. $user->mail .'>', + '#value' => check_plain($user->name) .' <'. check_plain($user->mail) .'>', ); $form['to'] = array('#type' => 'item', '#title' => t('To'), - '#value' => $recipient->name, + '#value' => check_plain($recipient->name), ); $form['subject'] = array('#type' => 'textfield', '#title' => t('Subject'), diff --git a/modules/forum/forum.module b/modules/forum/forum.module index d25e27508..d87de83c2 100644 --- a/modules/forum/forum.module +++ b/modules/forum/forum.module @@ -895,7 +895,7 @@ function theme_forum_display($forums, $topics, $parents, $tid, $sortby, $forum_p } } - drupal_set_title($title); + drupal_set_title(check_plain($title)); $breadcrumb[] = array('path' => $_GET['q']); menu_set_location($breadcrumb); diff --git a/modules/profile/profile.module b/modules/profile/profile.module index 2994838d7..35bf7e1ab 100644 --- a/modules/profile/profile.module +++ b/modules/profile/profile.module @@ -477,10 +477,10 @@ function profile_browse() { $output .= theme('pager', NULL, 20); if ($field->type == 'selection' || $field->type == 'list' || $field->type == 'textfield') { - $title = strtr($field->page, array('%value' => theme('placeholder', $value))); + $title = strtr(check_plain($field->page), array('%value' => theme('placeholder', $value))); } else { - $title = $field->page; + $title = check_plain($field->page); } $output .= '</div>'; diff --git a/modules/statistics/statistics.module b/modules/statistics/statistics.module index aca21b6ad..60fdf2662 100644 --- a/modules/statistics/statistics.module +++ b/modules/statistics/statistics.module @@ -242,7 +242,7 @@ function statistics_user_tracker() { l(t('details'), "admin/logs/access/$log->aid")); } - drupal_set_title($account->name); + drupal_set_title(check_plain($account->name)); $output = theme('table', $header, $rows); $output .= theme('pager', NULL, 30, 0); return $output; diff --git a/modules/tracker/tracker.module b/modules/tracker/tracker.module index 14cc25265..7f158d65b 100644 --- a/modules/tracker/tracker.module +++ b/modules/tracker/tracker.module @@ -57,7 +57,7 @@ function tracker_menu($may_cache) { function tracker_track_user() { if ($account = user_load(array('uid' => arg(1)))) { if ($account->status || user_access('administer users')) { - drupal_set_title($account->name); + drupal_set_title(check_plain($account->name)); return tracker_page($account->uid); } else { diff --git a/modules/user/user.module b/modules/user/user.module index 34e935daa..f2ffe0fac 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -554,7 +554,7 @@ function user_block($op = 'list', $delta = 0, $edit = array()) { case 1: if ($menu = theme('menu_tree')) { - $block['subject'] = $user->uid ? $user->name : t('Navigation'); + $block['subject'] = $user->uid ? check_plain($user->name) : t('Navigation'); $block['content'] = $menu; } return $block; @@ -1431,7 +1431,7 @@ function user_edit($category = 'account') { } $form['#attributes']['enctype'] = 'multipart/form-data'; - drupal_set_title($account->name); + drupal_set_title(check_plain($account->name)); return $form; } @@ -1517,7 +1517,7 @@ function user_view($uid = 0) { $function($account, $fields); } - drupal_set_title($account->name); + drupal_set_title(check_plain($account->name)); return theme('user_profile', $account, $fields); } |