From 33234ac2df45783eb6d730bb40cda84c250a66fe Mon Sep 17 00:00:00 2001 From: webchick Date: Wed, 5 Sep 2012 22:58:31 -0700 Subject: Issue #1555294 by Pol, tim.plunkett, oriol_e9g, cristinawithout, gagarine, dcam: Fixed Vocabulary title HTML entities are double encoded. --- modules/taxonomy/taxonomy.module | 12 +++++++++--- modules/taxonomy/taxonomy.test | 12 ++++++++++++ 2 files changed, 21 insertions(+), 3 deletions(-) (limited to 'modules/taxonomy') diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module index 5e58f4930..63bbb2d64 100644 --- a/modules/taxonomy/taxonomy.module +++ b/modules/taxonomy/taxonomy.module @@ -323,8 +323,8 @@ function taxonomy_menu() { ); $items['admin/structure/taxonomy/%taxonomy_vocabulary_machine_name'] = array( - 'title callback' => 'taxonomy_admin_vocabulary_title_callback', - 'title arguments' => array(3), + 'title callback' => 'entity_label', + 'title arguments' => array('taxonomy_vocabulary', 3), 'page callback' => 'drupal_get_form', 'page arguments' => array('taxonomy_overview_terms', 3), 'access arguments' => array('administer taxonomy'), @@ -375,7 +375,13 @@ function taxonomy_term_edit_access($term) { } /** - * Return the vocabulary name given the vocabulary object. + * Returns the sanitized name of a vocabulary. + * + * Deprecated. This function was previously used as a menu item title callback + * but has been replaced by using entity_label() (which does not + * sanitize the title, since the menu system does that automatically). In + * Drupal 7, use that function for title callbacks, and call check_plain() + * directly if you need a sanitized title. */ function taxonomy_admin_vocabulary_title_callback($vocabulary) { return check_plain($vocabulary->name); diff --git a/modules/taxonomy/taxonomy.test b/modules/taxonomy/taxonomy.test index 32ae84d66..2a7f36bbb 100644 --- a/modules/taxonomy/taxonomy.test +++ b/modules/taxonomy/taxonomy.test @@ -98,6 +98,18 @@ class TaxonomyVocabularyFunctionalTest extends TaxonomyWebTestCase { $edit['machine_name'] = '!&^%'; $this->drupalPost('admin/structure/taxonomy/add', $edit, t('Save')); $this->assertText(t('The machine-readable name must contain only lowercase letters, numbers, and underscores.')); + + // Ensure that vocabulary titles are escaped properly. + $edit = array(); + $edit['name'] = 'Don\'t Panic'; + $edit['description'] = $this->randomName(); + $edit['machine_name'] = 'don_t_panic'; + $this->drupalPost('admin/structure/taxonomy/add', $edit, t('Save')); + + $site_name = variable_get('site_name', 'Drupal'); + $this->drupalGet('admin/structure/taxonomy/don_t_panic'); + $this->assertTitle(t('Don\'t Panic | @site-name', array('@site-name' => $site_name))); + $this->assertNoTitle(t('Don't Panic | @site-name', array('@site-name' => $site_name))); } /** -- cgit v1.2.3