diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/batch.inc | 8 | ||||
| -rw-r--r-- | includes/bootstrap.inc | 20 | ||||
| -rw-r--r-- | includes/common.inc | 21 | ||||
| -rw-r--r-- | includes/form.inc | 5 | ||||
| -rw-r--r-- | includes/path.inc | 9 |
5 files changed, 27 insertions, 36 deletions
diff --git a/includes/batch.inc b/includes/batch.inc index 2cc41a922..ad5630368 100644 --- a/includes/batch.inc +++ b/includes/batch.inc @@ -80,10 +80,10 @@ function _batch_start() { function _batch_progress_page_js() { $batch = batch_get(); - // The first batch set gets to set the page title and the initialization and - // error messages. Only safe strings should be passed in to batch_set(). + // The first batch set gets to set the page title + // and the initialization and error messages. $current_set = _batch_current_set(); - drupal_set_title($current_set['title'], PASS_THROUGH); + drupal_set_title($current_set['title']); drupal_add_js('misc/progress.js', 'core', 'header', FALSE, FALSE); $url = url($batch['url'], array('query' => array('id' => $batch['id']))); @@ -126,7 +126,7 @@ function _batch_progress_page_nojs() { $batch =& batch_get(); $current_set = _batch_current_set(); - drupal_set_title($current_set['title'], PASS_THROUGH); + drupal_set_title($current_set['title']); $new_op = 'do_nojs'; diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index fc60b951b..90f16f818 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -186,26 +186,6 @@ define('LANGUAGE_NEGOTIATION_DOMAIN', 3); define('REQUEST_TIME', $_SERVER['REQUEST_TIME']); /** - * @name Title text filtering flags - * @{ - * Flags for use in drupal_set_title(). - */ - -/** - * Flag for drupal_set_title(); text is not sanitized, so run check_plain(). - */ -define('CHECK_PLAIN', 0); - -/** - * Flag for drupal_set_title(); text has already been sanitized. - */ -define('PASS_THROUGH', -1); - -/** - * @} End of "Title text filtering flags". - */ - -/** * Start the timer with the specified name. If you start and stop * the same timer multiple times, the measured intervals will be * accumulated. diff --git a/includes/common.inc b/includes/common.inc index 7830e4015..0310514ad 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -25,6 +25,27 @@ define('SAVED_UPDATED', 2); define('SAVED_DELETED', 3); /** + * @name Title text filtering flags + * @{ + * Flags for use in drupal_set_title(). + */ + +/** + * Flag for drupal_set_title(); text is not sanitized, so run check_plain(). + */ +define('CHECK_PLAIN', 0); + +/** + * Flag for drupal_set_title(); text has already been sanitized. + */ +define('PASS_THROUGH', -1); + +/** + * @} End of "Title text filtering flags". + */ + + +/** * Set content for a specified region. * * @param $region diff --git a/includes/form.inc b/includes/form.inc index 037bb9ee6..4a0b737ff 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -2379,11 +2379,6 @@ function form_clean_id($id = NULL, $flush = FALSE) { * batch_process(); * @endcode * - * Note - if the batch 'title', 'init_message', 'progress_message', - * or 'error_message' could contain any user input, it is the responsibility of - * the code calling batch_set() to sanitize them first with a function like - * check_plain() or filter_xss(). - * * Sample batch operations: * @code * // Simple and artificial: load a node of a given type for a given user diff --git a/includes/path.inc b/includes/path.inc index 159920e87..617e69a23 100644 --- a/includes/path.inc +++ b/includes/path.inc @@ -196,20 +196,15 @@ function drupal_get_title() { * @param $title * Optional string value to assign to the page title; or if set to NULL * (default), leaves the current title unchanged. - * @param $output - * Optional flag - normally should be left as CHECK_PLAIN. Only set to - * PASS_THROUGH if you have already removed any possibly dangerous code - * from $title using a function like check_plain() or filter_xss(). With this - * flag the string will be passed through unchanged. * * @return * The updated title of the current page. */ -function drupal_set_title($title = NULL, $output = CHECK_PLAIN) { +function drupal_set_title($title = NULL) { static $stored_title; if (isset($title)) { - $stored_title = ($output == PASS_THROUGH) ? $title : check_plain($title); + $stored_title = $title; } return $stored_title; } |