From 2dd6e4e0dfdd8d652fac3e394de8d93efef0cc83 Mon Sep 17 00:00:00 2001
From: Angie Byron <webchick@24967.no-reply.drupal.org>
Date: Tue, 14 Oct 2008 11:01:08 +0000
Subject: #242873 follow-up: Missed a couple files with drupal_set_title().

---
 includes/path.inc | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'includes/path.inc')

diff --git a/includes/path.inc b/includes/path.inc
index 83a7f5b39..2a7c3eac0 100644
--- a/includes/path.inc
+++ b/includes/path.inc
@@ -197,15 +197,20 @@ function drupal_get_title() {
  * @param $title
  *   Optional string value to assign to the page title; or if set to NULL
  *   (default), leaves the current title unchanged.
+ * @param $output
+ *   Optional flag - normally should be left as CHECK_PLAIN. Only set to
+ *   PASS_THROUGH if you have already removed any possibly dangerous code
+ *   from $title using a function like check_plain() or filter_xss(). With this
+ *   flag the string will be passed through unchanged.
  *
  * @return
  *   The updated title of the current page.
  */
-function drupal_set_title($title = NULL) {
+function drupal_set_title($title = NULL, $output = CHECK_PLAIN) {
   static $stored_title;
 
   if (isset($title)) {
-    $stored_title = $title;
+    $stored_title = ($output == PASS_THROUGH) ? $title : check_plain($title);
   }
   return $stored_title;
 }
-- 
cgit v1.2.3