From c5f767073efcf455bacd9b8c90634b76e9265e77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=A1bor=20Hojtsy?= <gabor@hojtsy.hu>
Date: Fri, 16 Nov 2007 09:52:37 +0000
Subject: #189409 follow up note by Steven Wittens: administrator entered text
 should be filtered with filter_xss_admin(), not the less permissive
 filter_xss()

---
 modules/node/content_types.inc | 2 +-
 modules/node/node.pages.inc    | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

(limited to 'modules/node')

diff --git a/modules/node/content_types.inc b/modules/node/content_types.inc
index c5950815b..e7cd96097 100644
--- a/modules/node/content_types.inc
+++ b/modules/node/content_types.inc
@@ -23,7 +23,7 @@ function node_overview_types() {
       $row = array(
         l($name, 'admin/content/types/'. $type_url_str),
         check_plain($type->type),
-        filter_xss($type->description),
+        filter_xss_admin($type->description),
       );
       // Set the edit column.
       $row[] = array('data' => l(t('edit'), 'admin/content/types/'. $type_url_str));
diff --git a/modules/node/node.pages.inc b/modules/node/node.pages.inc
index cceb6bdf8..809f14555 100644
--- a/modules/node/node.pages.inc
+++ b/modules/node/node.pages.inc
@@ -11,7 +11,6 @@
  * Menu callback; presents the node editing form, or redirects to delete confirmation.
  */
 function node_page_edit($node) {
-
   drupal_set_title(t('Edit %title', array('%title' => $node->title)));
   return drupal_get_form($node->type .'_node_form', $node);
 }
@@ -29,7 +28,7 @@ function theme_node_add_list($content) {
     $output = '<dl class="node-type-list">';
     foreach ($content as $item) {
       $output .= '<dt>'. l($item['title'], $item['href'], $item['options']) .'</dt>';
-      $output .= '<dd>'. filter_xss($item['description']) .'</dd>';
+      $output .= '<dd>'. filter_xss_admin($item['description']) .'</dd>';
     }
     $output .= '</dl>';
   }
-- 
cgit v1.2.3