From afe3f4318ddee5e6273f6b84f8969006ffa58dc4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=A1bor=20Hojtsy?= <gabor@hojtsy.hu>
Date: Wed, 5 Dec 2007 19:12:59 +0000
Subject: security fixes forward ported from Drupal 5.2 - previously not
 committed parts of http://drupal.org/cvs?commit=74833

---
 modules/node/node.module        | 3 +--
 modules/search/search.pages.inc | 2 +-
 modules/system/system.admin.inc | 4 ++--
 3 files changed, 4 insertions(+), 5 deletions(-)

(limited to 'modules')

diff --git a/modules/node/node.module b/modules/node/node.module
index e6ca5eb91..c4ea1336e 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -1373,10 +1373,9 @@ function node_menu() {
     'type' => MENU_CALLBACK,
   );
   foreach (node_get_types('types', NULL, TRUE) as $type) {
-    $name = check_plain($type->name);
     $type_url_str = str_replace('_', '-', $type->type);
     $items['node/add/'. $type_url_str] = array(
-      'title' => drupal_ucfirst($name),
+      'title' => drupal_ucfirst($type->name),
       'page callback' => 'node_add',
       'page arguments' => array(2),
       'access callback' => 'node_access',
diff --git a/modules/search/search.pages.inc b/modules/search/search.pages.inc
index f566223ec..4fea80cb5 100644
--- a/modules/search/search.pages.inc
+++ b/modules/search/search.pages.inc
@@ -84,7 +84,7 @@ function template_preprocess_search_result(&$variables) {
 
   $info = array();
   if (!empty($result['type'])) {
-    $info['type'] = $result['type'];
+    $info['type'] = check_plain($result['type']);
   }
   if (!empty($result['user'])) {
     $info['user'] = $result['user'];
diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc
index bc354c77a..72f49b9a4 100644
--- a/modules/system/system.admin.inc
+++ b/modules/system/system.admin.inc
@@ -172,7 +172,7 @@ function system_admin_theme_settings() {
  * Menu callback; displays a listing of all themes.
  *
  * @ingroup forms
- * @see system_themes_form_submt().
+ * @see system_themes_form_submit().
  */
 function system_themes_form() {
 
@@ -405,7 +405,7 @@ function system_theme_settings(&$form_state, $key = '') {
         '#suffix' => '</div>',
       );
       foreach ($node_types as $type => $name) {
-        $form['node_info']["toggle_node_info_$type"] = array('#type' => 'checkbox', '#title' => $name, '#default_value' => $settings["toggle_node_info_$type"]);
+        $form['node_info']["toggle_node_info_$type"] = array('#type' => 'checkbox', '#title' => check_plain($name), '#default_value' => $settings["toggle_node_info_$type"]);
       }
     }
   }
-- 
cgit v1.2.3