From ee691c593adfaf4c8046cf6ee2bc9796a28a1448 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 22 Aug 2010 11:04:09 +0000
Subject: - Patch #887102 by Heine: trigger and action escaping issues.
 Critical bug fix.

---
 modules/system/system.module | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/system/system.module')

diff --git a/modules/system/system.module b/modules/system/system.module
index d19c02912..85175c9f0 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -3062,7 +3062,7 @@ function system_message_action(&$entity, $context = array()) {
     $context['node'] = $entity;
   }
 
-  $context['message'] = token_replace($context['message'], $context);
+  $context['message'] = token_replace(filter_xss_admin($context['message']), $context);
   drupal_set_message($context['message']);
 }
 
-- 
cgit v1.2.3