From e174039d6fc745c851e8ca5ce37a38dafd34cfe8 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Mon, 28 Dec 2009 20:51:18 +0000
Subject: - Patch #669062 by Damien Tournoud and security team: fixed
 SA-CORE-2009-009: menu description XSS.

---
 modules/system/system.admin.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/system/system.admin.inc')

diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc
index 9f9567337..655de366a 100644
--- a/modules/system/system.admin.inc
+++ b/modules/system/system.admin.inc
@@ -2342,7 +2342,7 @@ function theme_admin_block_content($variables) {
     $output = '<dl class="admin-list">';
     foreach ($content as $item) {
       $output .= '<dt>' . l($item['title'], $item['href'], $item['localized_options']) . '</dt>';
-      $output .= '<dd>' . $item['description'] . '</dd>';
+      $output .= '<dd>' . filter_xss_admin($item['description']) . '</dd>';
     }
     $output .= '</dl>';
   }
-- 
cgit v1.2.3