From eed07e55dd0f4598979c1de79df0ca804a3cdcda Mon Sep 17 00:00:00 2001 From: Angie Byron Date: Sun, 14 Nov 2010 22:15:39 +0000 Subject: #938536 by David_Rothstein: Fixed User account tokens in _user_mail_text() should not be sanitized. --- modules/user/user.module | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'modules/user/user.module') diff --git a/modules/user/user.module b/modules/user/user.module index d7a3be123..8592e0155 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -2649,7 +2649,9 @@ Your account on [site:name] has been canceled. } if ($replace) { - return token_replace($text, $variables, array('language' => $language, 'callback' => 'user_mail_tokens')); + // We do not sanitize the token replacement, since the output of this + // replacement is intended for an e-mail message, not a web browser. + return token_replace($text, $variables, array('language' => $language, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE)); } return $text; -- cgit v1.2.3