From be14203534c5f09d0c70c2bf59b81b80f2a90b32 Mon Sep 17 00:00:00 2001 From: Steven Wittens Date: Thu, 31 Mar 2005 09:25:33 +0000 Subject: - #18817: Clean up plain-text checking (see drupal-devel!) --- modules/aggregator.module | 48 ++++++++++++++--------------- modules/aggregator/aggregator.module | 48 ++++++++++++++--------------- modules/archive.module | 2 +- modules/archive/archive.module | 2 +- modules/block.module | 8 ++--- modules/block/block.module | 8 ++--- modules/blogapi.module | 4 +-- modules/blogapi/blogapi.module | 4 +-- modules/book.module | 18 +++++------ modules/book/book.module | 18 +++++------ modules/comment.module | 31 ++++++++++--------- modules/comment/comment.module | 31 ++++++++++--------- modules/contact.module | 2 +- modules/contact/contact.module | 2 +- modules/drupal.module | 4 +-- modules/drupal/drupal.module | 4 +-- modules/filter.module | 18 +++++------ modules/filter/filter.module | 18 +++++------ modules/forum.module | 12 ++++---- modules/forum/forum.module | 12 ++++---- modules/locale.module | 9 +++--- modules/locale/locale.module | 9 +++--- modules/menu.module | 14 ++++----- modules/menu/menu.module | 14 ++++----- modules/node.module | 29 +++++++++--------- modules/node/node.module | 29 +++++++++--------- modules/path.module | 6 ++-- modules/path/path.module | 6 ++-- modules/poll.module | 10 +++---- modules/poll/poll.module | 10 +++---- modules/profile.module | 36 +++++++++++----------- modules/profile/profile.module | 36 +++++++++++----------- modules/queue.module | 10 +++---- modules/search.module | 10 +++---- modules/search/search.module | 10 +++---- modules/statistics.module | 2 +- modules/statistics/statistics.module | 2 +- modules/taxonomy.module | 18 +++++------ modules/taxonomy/taxonomy.module | 18 +++++------ modules/upload.module | 8 ++--- modules/upload/upload.module | 8 ++--- modules/user.module | 58 ++++++++++++++++++------------------ modules/user/user.module | 58 ++++++++++++++++++------------------ 43 files changed, 355 insertions(+), 349 deletions(-) (limited to 'modules') diff --git a/modules/aggregator.module b/modules/aggregator.module index edd23ad1e..2374afd9c 100644 --- a/modules/aggregator.module +++ b/modules/aggregator.module @@ -198,11 +198,11 @@ function aggregator_block($op, $delta = 0, $edit = array()) { if ($op == 'list') { $result = db_query('SELECT cid, title FROM {aggregator_category} ORDER BY title'); while ($category = db_fetch_object($result)) { - $block['category:'. $category->cid]['info'] = t('%title category latest items', array('%title' => $category->title)); + $block['category:'. $category->cid]['info'] = t('%title category latest items', array('%title' => theme('placeholder', $category->title))); } $result = db_query('SELECT fid, title FROM {aggregator_feed} ORDER BY fid'); while ($feed = db_fetch_object($result)) { - $block['feed:'. $feed->fid]['info'] = t('%title feed latest items', array('%title' => $feed->title)); + $block['feed:'. $feed->fid]['info'] = t('%title feed latest items', array('%title' => theme('placeholder', $feed->title))); } } else if ($op == 'configure') { @@ -231,7 +231,7 @@ function aggregator_block($op, $delta = 0, $edit = array()) { switch ($type) { case 'feed': if ($feed = db_fetch_object(db_query('SELECT fid, title, block FROM {aggregator_feed} WHERE fid = %d', $id))) { - $block['subject'] = $feed->title; + $block['subject'] = check_plain($feed->title); $result = db_query_range('SELECT * FROM {aggregator_item} WHERE fid = %d ORDER BY timestamp DESC, iid DESC', $feed->fid, 0, $feed->block); $block['content'] = '
'. l(t('more'), 'aggregator/sources/'. $feed->fid, array('title' => t('View this feed\'s recent news.'))) .'
'; } @@ -239,7 +239,7 @@ function aggregator_block($op, $delta = 0, $edit = array()) { case 'category': if ($category = db_fetch_object(db_query('SELECT cid, title, block FROM {aggregator_category} WHERE cid = %d', $id))) { - $block['subject'] = $category->title; + $block['subject'] = check_plain($category->title); $result = db_query_range('SELECT i.* FROM {aggregator_category_item} ci LEFT JOIN {aggregator_item} i ON ci.iid = i.iid WHERE ci.cid = %d ORDER BY i.timestamp DESC, i.iid DESC', $category->cid, 0, $category->block); $block['content'] = '
'. l(t('more'), 'aggregator/categories/'. $category->cid, array('title' => t('View this category\'s recent news.'))) .'
'; } @@ -265,7 +265,7 @@ function aggregator_remove($feed) { } db_query('DELETE FROM {aggregator_item} WHERE fid = %d', $feed['fid']); db_query("UPDATE {aggregator_feed} SET checked = 0, etag = '', modified = 0 WHERE fid = %d", $feed['fid']); - drupal_set_message(t('Removed news items from %site.', array('%site' => ''. $feed['title'] .''))); + drupal_set_message(t('Removed news items from %site.', array('%site' => theme('placeholder', $feed['title'])))); } /** @@ -345,11 +345,11 @@ function aggregator_refresh($feed) { switch ($result->code) { case 304: db_query('UPDATE {aggregator_feed} SET checked = %d WHERE fid = %d', time(), $feed['fid']); - drupal_set_message(t('No new syndicated content from %site.', array('%site' => ''. $feed['title'] .''))); + drupal_set_message(t('No new syndicated content from %site.', array('%site' => theme('placeholder', $feed['title'])))); break; case 301: $feed['url'] = $result->redirect_url; - watchdog('aggregator', t('Updated URL for feed %title to %url.', array('%title' => ''. $feed['title'] .'', '%url' => ''. $feed['url'] .''))); + watchdog('aggregator', t('Updated URL for feed %title to %url.', array('%title' => theme('placeholder', $feed['title']), '%url' => theme('placeholder', $feed['url'])))); break; case 200: @@ -397,13 +397,13 @@ function aggregator_refresh($feed) { cache_clear_all(); - $message = t('Syndicated content from %site.', array('%site' => ''. $feed[title] .'')); + $message = t('Syndicated content from %site.', array('%site' => theme('placeholder', $feed[title]))); watchdog('aggregator', $message); drupal_set_message($message); } break; default: - $message = t('Failed to parse RSS feed %site: %error.', array('%site' => ''. $feed['title'] .'', '%error' => "$result->code $result->error")); + $message = t('Failed to parse RSS feed %site: %error.', array('%site' => theme('placeholder', $feed['title']), '%error' => theme('placeholder', $result->code .' '. $result->error))); watchdog('aggregator', $message, WATCHDOG_WARNING); drupal_set_message($message); } @@ -461,7 +461,7 @@ function aggregator_parse_feed(&$data, $feed) { xml_set_character_data_handler($xml_parser, 'aggregator_element_data'); if (!xml_parse($xml_parser, $data, 1)) { - $message = t('Failed to parse RSS feed %site: %error at line %line.', array('%site' => ''. $feed['title'] .'', '%error' => xml_error_string(xml_get_error_code($xml_parser)), '%line' => xml_get_current_line_number($xml_parser))); + $message = t('Failed to parse RSS feed %site: %error at line %line.', array('%site' => theme('placeholder', $feed['title']), '%error' => xml_error_string(xml_get_error_code($xml_parser)), '%line' => xml_get_current_line_number($xml_parser))); watchdog('aggregator', $message, WATCHDOG_WARNING); drupal_set_message($message, 'error'); return 0; @@ -554,7 +554,7 @@ function aggregator_parse_feed(&$data, $feed) { } if (!valid_input_data($item['DESCRIPTION'])) { - drupal_set_message(t('Failed to parse entry from %site feed: suspicious input data.', array('%site' => ''. $feed['title'] .'')), 'error'); + drupal_set_message(t('Failed to parse entry from %site feed: suspicious input data.', array('%site' => theme('placeholder', $feed['title']))), 'error'); } else { aggregator_save_item(array('iid' => $entry->iid, 'fid' => $feed['fid'], 'timestamp' => $timestamp, 'title' => $title, 'link' => $link, 'author' => $item['AUTHOR'], 'description' => $item['DESCRIPTION'])); @@ -643,7 +643,7 @@ function aggregator_form_feed($edit = array()) { $categories = db_query('SELECT c.cid, c.title, f.fid FROM {aggregator_category} c LEFT JOIN {aggregator_category_feed} f ON c.cid = f.cid AND f.fid = %d ORDER BY title', $edit['fid']); while ($category = db_fetch_object($categories)) { $options[$category->cid] = $category->title; - if ($category->fid) $values[] = $category->cid; + if ($category->fid) $values[] = check_plain($category->cid); } if ($options) { $form .= form_checkboxes(t('Categorize news items'), 'category', $values, $options, t('New items in this feed will be automatically filed in the the checked categories as they are received.')); @@ -920,7 +920,7 @@ function _aggregator_page_list($sql, $op, $header = '') { $selected = array(); while ($category = db_fetch_object($categories_result)) { if (!$done) { - $categories[$category->cid] = check_form($category->title); + $categories[$category->cid] = check_plain($category->title); } if ($category->iid) { $selected[] = $category->cid; @@ -932,7 +932,7 @@ function _aggregator_page_list($sql, $op, $header = '') { else { $form = ''; while ($category = db_fetch_object($categories_result)) { - $form .= form_checkbox(check_form($category->title), 'categories]['. $item->iid .'][', $category->cid, !is_null($category->iid)); + $form .= form_checkbox(check_plain($category->title), 'categories]['. $item->iid .'][', $category->cid, !is_null($category->iid)); } } $rows[] = array(theme('aggregator_page_item', $item), array('data' => $form, 'class' => 'categorize-item')); @@ -960,7 +960,7 @@ function aggregator_page_sources() { $result = db_query('SELECT f.fid, f.title, f.description, f.image, MAX(i.timestamp) AS last FROM {aggregator_feed} f LEFT JOIN {aggregator_item} i ON f.fid = i.fid GROUP BY f.fid'); $output = "
\n"; while ($feed = db_fetch_object($result)) { - $output .= "

$feed->title

\n"; + $output .= '

'. check_plain($feed->title) ."

\n"; // Most recent items: $list = array(); @@ -987,13 +987,13 @@ function aggregator_page_opml() { $output = "\n"; $output .= "\n"; $output .= "\n"; - $output .= ''. drupal_specialchars(variable_get('site_name', 'Drupal')) ."\n"; + $output .= ''. check_plain(variable_get('site_name', 'Drupal')) ."\n"; $output .= ''. gmdate('r') ."\n"; $output .= "\n"; $output .= "\n"; while ($feed = db_fetch_object($result)) { - $output .= '\n"; + $output .= '\n"; } $output .= "\n"; @@ -1011,7 +1011,7 @@ function aggregator_page_categories() { $output = "
\n"; while ($category = db_fetch_object($result)) { - $output .= "

$category->title

\n"; + $output .= '

'. check_plain($category->title) ."

\n"; if (variable_get('aggregator_summary_items', 3)) { $list = array(); $items = db_query_range('SELECT i.title, i.timestamp, i.link, f.title as feed_title, f.link as feed_link FROM {aggregator_category_item} ci LEFT JOIN {aggregator_item} i ON i.iid = ci.iid LEFT JOIN {aggregator_feed} f ON i.fid = f.fid WHERE ci.cid = %d ORDER BY i.timestamp DESC', $category->cid, 0, variable_get('aggregator_summary_items', 3)); @@ -1042,7 +1042,7 @@ function theme_aggregator_feed($feed) { $output .= $feed->description; $output .= '

'. t('URL') ."

\n"; $output .= theme('xml_icon', $feed->url); - $output .= "link\">$feed->link\n"; + $output .= ''. check_plain($feed->link) ."\n"; $output .= '

'. t('Last update') ."

\n"; $updated = t('%time ago', array('%time' => format_interval(time() - $feed->checked))); @@ -1066,12 +1066,12 @@ function theme_aggregator_block_item($item, $feed = 0) { if ($user->uid && module_exist('blog') && user_access('edit own blog')) { if ($image = theme('image', 'misc/blog.png', t('blog it'), t('blog it'))) { - $output .= '
'. l($image, 'node/add/blog', array('title' => t('Comment on this news item in your personal blog.'), 'class' => 'blog-it'), "iid=$item->iid") .'
'; + $output .= '
'. l($image, 'node/add/blog', array('title' => t('Comment on this news item in your personal blog.'), 'class' => 'blog-it'), "iid=$item->iid", NULL, FALSE, TRUE) .'
'; } } // Display the external link to the item. - $output .= "link\">$item->title\n"; + $output .= ''. check_plain($item->title) ."\n"; return $output; } @@ -1086,7 +1086,7 @@ function theme_aggregator_block_item($item, $feed = 0) { * @ingroup themeable */ function theme_aggregator_summary_item($item) { - $output = ''. $item->title .' '. t('%age old', array('%age' => format_interval(time() - $item->timestamp))) .''; + $output = ''. check_plain($item->title) .' '. t('%age old', array('%age' => format_interval(time() - $item->timestamp))) .''; if ($item->feed_link) { $output .= ', '. $item->feed_title .''; } @@ -1110,9 +1110,9 @@ function theme_aggregator_page_item($item) { $output .= "
\n"; $output .= '
'. date('H:i', $item->timestamp) ."
\n"; $output .= "
\n"; - $output .= "
link\">$item->title
\n"; + $output .= '
'. check_plain($item->title) ."
\n"; if ($item->description) { - $output .= "
$item->description
\n"; + $output .= '
'. check_plain($item->description) ."
\n"; } if ($item->ftitle && $item->fid) { $output .= '
'. t('Source') .': '. l($item->ftitle, "aggregator/sources/$item->fid") ."
\n"; diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module index edd23ad1e..2374afd9c 100644 --- a/modules/aggregator/aggregator.module +++ b/modules/aggregator/aggregator.module @@ -198,11 +198,11 @@ function aggregator_block($op, $delta = 0, $edit = array()) { if ($op == 'list') { $result = db_query('SELECT cid, title FROM {aggregator_category} ORDER BY title'); while ($category = db_fetch_object($result)) { - $block['category:'. $category->cid]['info'] = t('%title category latest items', array('%title' => $category->title)); + $block['category:'. $category->cid]['info'] = t('%title category latest items', array('%title' => theme('placeholder', $category->title))); } $result = db_query('SELECT fid, title FROM {aggregator_feed} ORDER BY fid'); while ($feed = db_fetch_object($result)) { - $block['feed:'. $feed->fid]['info'] = t('%title feed latest items', array('%title' => $feed->title)); + $block['feed:'. $feed->fid]['info'] = t('%title feed latest items', array('%title' => theme('placeholder', $feed->title))); } } else if ($op == 'configure') { @@ -231,7 +231,7 @@ function aggregator_block($op, $delta = 0, $edit = array()) { switch ($type) { case 'feed': if ($feed = db_fetch_object(db_query('SELECT fid, title, block FROM {aggregator_feed} WHERE fid = %d', $id))) { - $block['subject'] = $feed->title; + $block['subject'] = check_plain($feed->title); $result = db_query_range('SELECT * FROM {aggregator_item} WHERE fid = %d ORDER BY timestamp DESC, iid DESC', $feed->fid, 0, $feed->block); $block['content'] = '
'. l(t('more'), 'aggregator/sources/'. $feed->fid, array('title' => t('View this feed\'s recent news.'))) .'
'; } @@ -239,7 +239,7 @@ function aggregator_block($op, $delta = 0, $edit = array()) { case 'category': if ($category = db_fetch_object(db_query('SELECT cid, title, block FROM {aggregator_category} WHERE cid = %d', $id))) { - $block['subject'] = $category->title; + $block['subject'] = check_plain($category->title); $result = db_query_range('SELECT i.* FROM {aggregator_category_item} ci LEFT JOIN {aggregator_item} i ON ci.iid = i.iid WHERE ci.cid = %d ORDER BY i.timestamp DESC, i.iid DESC', $category->cid, 0, $category->block); $block['content'] = '
'. l(t('more'), 'aggregator/categories/'. $category->cid, array('title' => t('View this category\'s recent news.'))) .'
'; } @@ -265,7 +265,7 @@ function aggregator_remove($feed) { } db_query('DELETE FROM {aggregator_item} WHERE fid = %d', $feed['fid']); db_query("UPDATE {aggregator_feed} SET checked = 0, etag = '', modified = 0 WHERE fid = %d", $feed['fid']); - drupal_set_message(t('Removed news items from %site.', array('%site' => ''. $feed['title'] .''))); + drupal_set_message(t('Removed news items from %site.', array('%site' => theme('placeholder', $feed['title'])))); } /** @@ -345,11 +345,11 @@ function aggregator_refresh($feed) { switch ($result->code) { case 304: db_query('UPDATE {aggregator_feed} SET checked = %d WHERE fid = %d', time(), $feed['fid']); - drupal_set_message(t('No new syndicated content from %site.', array('%site' => ''. $feed['title'] .''))); + drupal_set_message(t('No new syndicated content from %site.', array('%site' => theme('placeholder', $feed['title'])))); break; case 301: $feed['url'] = $result->redirect_url; - watchdog('aggregator', t('Updated URL for feed %title to %url.', array('%title' => ''. $feed['title'] .'', '%url' => ''. $feed['url'] .''))); + watchdog('aggregator', t('Updated URL for feed %title to %url.', array('%title' => theme('placeholder', $feed['title']), '%url' => theme('placeholder', $feed['url'])))); break; case 200: @@ -397,13 +397,13 @@ function aggregator_refresh($feed) { cache_clear_all(); - $message = t('Syndicated content from %site.', array('%site' => ''. $feed[title] .'')); + $message = t('Syndicated content from %site.', array('%site' => theme('placeholder', $feed[title]))); watchdog('aggregator', $message); drupal_set_message($message); } break; default: - $message = t('Failed to parse RSS feed %site: %error.', array('%site' => ''. $feed['title'] .'', '%error' => "$result->code $result->error")); + $message = t('Failed to parse RSS feed %site: %error.', array('%site' => theme('placeholder', $feed['title']), '%error' => theme('placeholder', $result->code .' '. $result->error))); watchdog('aggregator', $message, WATCHDOG_WARNING); drupal_set_message($message); } @@ -461,7 +461,7 @@ function aggregator_parse_feed(&$data, $feed) { xml_set_character_data_handler($xml_parser, 'aggregator_element_data'); if (!xml_parse($xml_parser, $data, 1)) { - $message = t('Failed to parse RSS feed %site: %error at line %line.', array('%site' => ''. $feed['title'] .'', '%error' => xml_error_string(xml_get_error_code($xml_parser)), '%line' => xml_get_current_line_number($xml_parser))); + $message = t('Failed to parse RSS feed %site: %error at line %line.', array('%site' => theme('placeholder', $feed['title']), '%error' => xml_error_string(xml_get_error_code($xml_parser)), '%line' => xml_get_current_line_number($xml_parser))); watchdog('aggregator', $message, WATCHDOG_WARNING); drupal_set_message($message, 'error'); return 0; @@ -554,7 +554,7 @@ function aggregator_parse_feed(&$data, $feed) { } if (!valid_input_data($item['DESCRIPTION'])) { - drupal_set_message(t('Failed to parse entry from %site feed: suspicious input data.', array('%site' => ''. $feed['title'] .'')), 'error'); + drupal_set_message(t('Failed to parse entry from %site feed: suspicious input data.', array('%site' => theme('placeholder', $feed['title']))), 'error'); } else { aggregator_save_item(array('iid' => $entry->iid, 'fid' => $feed['fid'], 'timestamp' => $timestamp, 'title' => $title, 'link' => $link, 'author' => $item['AUTHOR'], 'description' => $item['DESCRIPTION'])); @@ -643,7 +643,7 @@ function aggregator_form_feed($edit = array()) { $categories = db_query('SELECT c.cid, c.title, f.fid FROM {aggregator_category} c LEFT JOIN {aggregator_category_feed} f ON c.cid = f.cid AND f.fid = %d ORDER BY title', $edit['fid']); while ($category = db_fetch_object($categories)) { $options[$category->cid] = $category->title; - if ($category->fid) $values[] = $category->cid; + if ($category->fid) $values[] = check_plain($category->cid); } if ($options) { $form .= form_checkboxes(t('Categorize news items'), 'category', $values, $options, t('New items in this feed will be automatically filed in the the checked categories as they are received.')); @@ -920,7 +920,7 @@ function _aggregator_page_list($sql, $op, $header = '') { $selected = array(); while ($category = db_fetch_object($categories_result)) { if (!$done) { - $categories[$category->cid] = check_form($category->title); + $categories[$category->cid] = check_plain($category->title); } if ($category->iid) { $selected[] = $category->cid; @@ -932,7 +932,7 @@ function _aggregator_page_list($sql, $op, $header = '') { else { $form = ''; while ($category = db_fetch_object($categories_result)) { - $form .= form_checkbox(check_form($category->title), 'categories]['. $item->iid .'][', $category->cid, !is_null($category->iid)); + $form .= form_checkbox(check_plain($category->title), 'categories]['. $item->iid .'][', $category->cid, !is_null($category->iid)); } } $rows[] = array(theme('aggregator_page_item', $item), array('data' => $form, 'class' => 'categorize-item')); @@ -960,7 +960,7 @@ function aggregator_page_sources() { $result = db_query('SELECT f.fid, f.title, f.description, f.image, MAX(i.timestamp) AS last FROM {aggregator_feed} f LEFT JOIN {aggregator_item} i ON f.fid = i.fid GROUP BY f.fid'); $output = "
\n"; while ($feed = db_fetch_object($result)) { - $output .= "

$feed->title

\n"; + $output .= '

'. check_plain($feed->title) ."

\n"; // Most recent items: $list = array(); @@ -987,13 +987,13 @@ function aggregator_page_opml() { $output = "\n"; $output .= "\n"; $output .= "\n"; - $output .= ''. drupal_specialchars(variable_get('site_name', 'Drupal')) ."\n"; + $output .= ''. check_plain(variable_get('site_name', 'Drupal')) ."\n"; $output .= ''. gmdate('r') ."\n"; $output .= "\n"; $output .= "\n"; while ($feed = db_fetch_object($result)) { - $output .= '\n"; + $output .= '\n"; } $output .= "\n"; @@ -1011,7 +1011,7 @@ function aggregator_page_categories() { $output = "
\n"; while ($category = db_fetch_object($result)) { - $output .= "

$category->title

\n"; + $output .= '

'. check_plain($category->title) ."

\n"; if (variable_get('aggregator_summary_items', 3)) { $list = array(); $items = db_query_range('SELECT i.title, i.timestamp, i.link, f.title as feed_title, f.link as feed_link FROM {aggregator_category_item} ci LEFT JOIN {aggregator_item} i ON i.iid = ci.iid LEFT JOIN {aggregator_feed} f ON i.fid = f.fid WHERE ci.cid = %d ORDER BY i.timestamp DESC', $category->cid, 0, variable_get('aggregator_summary_items', 3)); @@ -1042,7 +1042,7 @@ function theme_aggregator_feed($feed) { $output .= $feed->description; $output .= '

'. t('URL') ."

\n"; $output .= theme('xml_icon', $feed->url); - $output .= "link\">$feed->link\n"; + $output .= ''. check_plain($feed->link) ."\n"; $output .= '

'. t('Last update') ."

\n"; $updated = t('%time ago', array('%time' => format_interval(time() - $feed->checked))); @@ -1066,12 +1066,12 @@ function theme_aggregator_block_item($item, $feed = 0) { if ($user->uid && module_exist('blog') && user_access('edit own blog')) { if ($image = theme('image', 'misc/blog.png', t('blog it'), t('blog it'))) { - $output .= '
'. l($image, 'node/add/blog', array('title' => t('Comment on this news item in your personal blog.'), 'class' => 'blog-it'), "iid=$item->iid") .'
'; + $output .= '
'. l($image, 'node/add/blog', array('title' => t('Comment on this news item in your personal blog.'), 'class' => 'blog-it'), "iid=$item->iid", NULL, FALSE, TRUE) .'
'; } } // Display the external link to the item. - $output .= "link\">$item->title\n"; + $output .= ''. check_plain($item->title) ."\n"; return $output; } @@ -1086,7 +1086,7 @@ function theme_aggregator_block_item($item, $feed = 0) { * @ingroup themeable */ function theme_aggregator_summary_item($item) { - $output = ''. $item->title .' '. t('%age old', array('%age' => format_interval(time() - $item->timestamp))) .''; + $output = ''. check_plain($item->title) .' '. t('%age old', array('%age' => format_interval(time() - $item->timestamp))) .''; if ($item->feed_link) { $output .= ', '. $item->feed_title .''; } @@ -1110,9 +1110,9 @@ function theme_aggregator_page_item($item) { $output .= "
\n"; $output .= '
'. date('H:i', $item->timestamp) ."
\n"; $output .= "
\n"; - $output .= "
link\">$item->title
\n"; + $output .= '
'. check_plain($item->title) ."
\n"; if ($item->description) { - $output .= "
$item->description
\n"; + $output .= '
'. check_plain($item->description) ."
\n"; } if ($item->ftitle && $item->fid) { $output .= '
'. t('Source') .': '. l($item->ftitle, "aggregator/sources/$item->fid") ."
\n"; diff --git a/modules/archive.module b/modules/archive.module index 446071c33..de6b87948 100644 --- a/modules/archive.module +++ b/modules/archive.module @@ -91,7 +91,7 @@ function archive_calendar($original = 0) { $output .= "\n\n"; $output .= '
'; $output .= '\n"; - $output .= ' \n"; + $output .= ' \n"; // First day of week (0 => Sunday, 1 => Monday, ...) $weekstart = variable_get('date_first_day', 0); diff --git a/modules/archive/archive.module b/modules/archive/archive.module index 446071c33..de6b87948 100644 --- a/modules/archive/archive.module +++ b/modules/archive/archive.module @@ -91,7 +91,7 @@ function archive_calendar($original = 0) { $output .= "\n\n"; $output .= '
'; $output .= '
'. l('«', 'archive/'. date('Y/m/d', $prev), array('title' => t('Previous month'))) .' '. format_date($requested, 'custom', 'F') . date(' Y', $requested) .' '. ($nextmonth <= time() ? l('»', 'archive/'. date('Y/m/d', $next), array('title' => t('Next month'))) : ' ') ."'. l('«', 'archive/'. date('Y/m/d', $prev), array('title' => t('Previous month'))) .' '. format_date($requested, 'custom', 'F') . date(' Y', $requested) .' '. ($nextmonth <= time() ? l('»', 'archive/'. date('Y/m/d', $next), array('title' => t('Next month'))) : ' ') ."
\n"; - $output .= ' \n"; + $output .= ' \n"; // First day of week (0 => Sunday, 1 => Monday, ...) $weekstart = variable_get('date_first_day', 0); diff --git a/modules/block.module b/modules/block.module index 78a848f5e..caeee3691 100644 --- a/modules/block.module +++ b/modules/block.module @@ -86,7 +86,7 @@ function block_block($op = 'list', $delta = 0, $edit = array()) { case 'list': $result = db_query('SELECT bid, title, info FROM {boxes} ORDER BY title'); while ($block = db_fetch_object($result)) { - $blocks[$block->bid]['info'] = $block->info ? $block->info : $block->title; + $blocks[$block->bid]['info'] = $block->info ? check_plain($block->info) : check_plain($block->title); } return $blocks; @@ -103,7 +103,7 @@ function block_block($op = 'list', $delta = 0, $edit = array()) { case 'view': $block = db_fetch_object(db_query('SELECT * FROM {boxes} WHERE bid = %d', $delta)); - $data['subject'] = $block->title; + $data['subject'] = check_plain($block->title); $data['content'] = check_output($block->body, $block->format); return $data; } @@ -335,13 +335,13 @@ function block_box_delete($bid = 0) { if ($_POST['edit']['confirm']) { db_query('DELETE FROM {boxes} WHERE bid = %d', $bid); - drupal_set_message(t('The block %name has been deleted.', array('%name' => ''. $info .''))); + drupal_set_message(t('The block %name has been deleted.', array('%name' => theme('placeholder', $info)))); cache_clear_all(); drupal_goto('admin/block'); } else { $output = theme('confirm', - t('Are you sure you want to delete the block %name?', array('%name' => ''. $info .'')), + t('Are you sure you want to delete the block %name?', array('%name' => theme('placeholder', $info))), 'admin/block', NULL, t('Delete')); diff --git a/modules/block/block.module b/modules/block/block.module index 78a848f5e..caeee3691 100644 --- a/modules/block/block.module +++ b/modules/block/block.module @@ -86,7 +86,7 @@ function block_block($op = 'list', $delta = 0, $edit = array()) { case 'list': $result = db_query('SELECT bid, title, info FROM {boxes} ORDER BY title'); while ($block = db_fetch_object($result)) { - $blocks[$block->bid]['info'] = $block->info ? $block->info : $block->title; + $blocks[$block->bid]['info'] = $block->info ? check_plain($block->info) : check_plain($block->title); } return $blocks; @@ -103,7 +103,7 @@ function block_block($op = 'list', $delta = 0, $edit = array()) { case 'view': $block = db_fetch_object(db_query('SELECT * FROM {boxes} WHERE bid = %d', $delta)); - $data['subject'] = $block->title; + $data['subject'] = check_plain($block->title); $data['content'] = check_output($block->body, $block->format); return $data; } @@ -335,13 +335,13 @@ function block_box_delete($bid = 0) { if ($_POST['edit']['confirm']) { db_query('DELETE FROM {boxes} WHERE bid = %d', $bid); - drupal_set_message(t('The block %name has been deleted.', array('%name' => ''. $info .''))); + drupal_set_message(t('The block %name has been deleted.', array('%name' => theme('placeholder', $info)))); cache_clear_all(); drupal_goto('admin/block'); } else { $output = theme('confirm', - t('Are you sure you want to delete the block %name?', array('%name' => ''. $info .'')), + t('Are you sure you want to delete the block %name?', array('%name' => theme('placeholder', $info))), 'admin/block', NULL, t('Delete')); diff --git a/modules/blogapi.module b/modules/blogapi.module index a3a5c75de..58807c87b 100644 --- a/modules/blogapi.module +++ b/modules/blogapi.module @@ -153,7 +153,7 @@ function blogapi_new_post($req_params) { $nid = node_save($node); if ($nid) { - watchdog('content', t('%type: added %title using blog API.', array('%type' => ''. t($node->type) .'', '%title' => "$node->title")), WATCHDOG_NOTICE, l(t('view'), "node/$nid")); + watchdog('content', t('%type: added %title using blog API.', array('%type' => ''. t($node->type) .'', '%title' => theme('placeholder', $node->title))), WATCHDOG_NOTICE, l(t('view'), "node/$nid")); return new xmlrpcresp(new xmlrpcval($nid, 'string')); } @@ -215,7 +215,7 @@ function blogapi_edit_post($req_params) { } $nid = node_save($node); if ($nid) { - watchdog('content', t('%type: updated %title using blog API.', array('%type' => ''. t($node->type) .'', '%title' => "$node->title")), WATCHDOG_NOTICE, l(t('view'), "node/$nid")); + watchdog('content', t('%type: updated %title using blog API.', array('%type' => ''. t($node->type) .'', '%title' => theme('placeholder', $node->title))), WATCHDOG_NOTICE, l(t('view'), "node/$nid")); return new xmlrpcresp(new xmlrpcval(true, 'boolean')); } diff --git a/modules/blogapi/blogapi.module b/modules/blogapi/blogapi.module index a3a5c75de..58807c87b 100644 --- a/modules/blogapi/blogapi.module +++ b/modules/blogapi/blogapi.module @@ -153,7 +153,7 @@ function blogapi_new_post($req_params) { $nid = node_save($node); if ($nid) { - watchdog('content', t('%type: added %title using blog API.', array('%type' => ''. t($node->type) .'', '%title' => "$node->title")), WATCHDOG_NOTICE, l(t('view'), "node/$nid")); + watchdog('content', t('%type: added %title using blog API.', array('%type' => ''. t($node->type) .'', '%title' => theme('placeholder', $node->title))), WATCHDOG_NOTICE, l(t('view'), "node/$nid")); return new xmlrpcresp(new xmlrpcval($nid, 'string')); } @@ -215,7 +215,7 @@ function blogapi_edit_post($req_params) { } $nid = node_save($node); if ($nid) { - watchdog('content', t('%type: updated %title using blog API.', array('%type' => ''. t($node->type) .'', '%title' => "$node->title")), WATCHDOG_NOTICE, l(t('view'), "node/$nid")); + watchdog('content', t('%type: updated %title using blog API.', array('%type' => ''. t($node->type) .'', '%title' => theme('placeholder', $node->title))), WATCHDOG_NOTICE, l(t('view'), "node/$nid")); return new xmlrpcresp(new xmlrpcval(true, 'boolean')); } diff --git a/modules/book.module b/modules/book.module index 76bb98b60..576f8fd1a 100644 --- a/modules/book.module +++ b/modules/book.module @@ -148,7 +148,7 @@ function book_block($op = 'list', $delta = 0) { $expand[] = $node->nid; } - $block['subject'] = $path[0]->title; + $block['subject'] = check_plain($path[0]->title); $block['content'] = book_tree($expand[0], 5, $expand); } } @@ -287,7 +287,7 @@ function book_outline() { $output .= form_submit(t('Add to book outline')); } - drupal_set_title($node->title); + drupal_set_title(check_plain($node->title)); print theme('page', form($output)); } } @@ -477,7 +477,7 @@ function theme_book_navigation($node) { $links .= ''; - $titles .= ''; + $titles .= ''; } else { $links .= ''; // Make an empty div to fill the space. @@ -486,7 +486,7 @@ function theme_book_navigation($node) { $links .= ''; - $titles .= ''; + $titles .= ''; } else { $links .= ''; // Make an empty div to fill the space. @@ -633,7 +633,7 @@ function book_print($nid = 0, $depth = 1) { // Allow modules to change $node->body before viewing. node_invoke_nodeapi($node, 'view', $node->body, false); - $output .= '

'. $node->title .'

'; + $output .= '

'. check_plain($node->title) .'

'; if ($node->body) { $output .= $node->body; @@ -643,7 +643,7 @@ function book_print($nid = 0, $depth = 1) { $output .= book_print_recurse($nid, $depth); - $html = ''. $node->title .''; + $html = ''. check_plain($node->title) .''; $html .= ''; $html .= ""; $html .= ''. $output .''; @@ -671,7 +671,7 @@ function book_print_recurse($parent = '', $depth = 1) { // Allow modules to change $node->body before viewing. node_invoke_nodeapi($node, 'view', $node->body, false); - $output .= '

'. $node->title .'

'; + $output .= '

'. check_plain($node->title) .'

'; if ($node->body) { $output .= '
    '. $node->body .'
'; @@ -707,7 +707,7 @@ function book_admin_view($nid, $depth = 0) { if ($nid) { $node = node_load(array('nid' => $nid)); - $output .= '

'. $node->title .'

'; + $output .= '

'. check_plain($node->title) .'

'; $header = array(t('Title'), t('Weight'), array('data' => t('Operations'), 'colspan' => '3')); $rows[] = book_admin_view_line($node); @@ -738,7 +738,7 @@ function book_admin_save($nid, $edit = array()) { } } - $message = t('Updated book %title.', array('%title' => "$book->title")); + $message = t('Updated book %title.', array('%title' => theme('placeholder', $book->title))); watchdog('content', $message); return $message; diff --git a/modules/book/book.module b/modules/book/book.module index 76bb98b60..576f8fd1a 100644 --- a/modules/book/book.module +++ b/modules/book/book.module @@ -148,7 +148,7 @@ function book_block($op = 'list', $delta = 0) { $expand[] = $node->nid; } - $block['subject'] = $path[0]->title; + $block['subject'] = check_plain($path[0]->title); $block['content'] = book_tree($expand[0], 5, $expand); } } @@ -287,7 +287,7 @@ function book_outline() { $output .= form_submit(t('Add to book outline')); } - drupal_set_title($node->title); + drupal_set_title(check_plain($node->title)); print theme('page', form($output)); } } @@ -477,7 +477,7 @@ function theme_book_navigation($node) { $links .= ''; - $titles .= ''; + $titles .= ''; } else { $links .= ''; // Make an empty div to fill the space. @@ -486,7 +486,7 @@ function theme_book_navigation($node) { $links .= ''; - $titles .= ''; + $titles .= ''; } else { $links .= ''; // Make an empty div to fill the space. @@ -633,7 +633,7 @@ function book_print($nid = 0, $depth = 1) { // Allow modules to change $node->body before viewing. node_invoke_nodeapi($node, 'view', $node->body, false); - $output .= '

'. $node->title .'

'; + $output .= '

'. check_plain($node->title) .'

'; if ($node->body) { $output .= $node->body; @@ -643,7 +643,7 @@ function book_print($nid = 0, $depth = 1) { $output .= book_print_recurse($nid, $depth); - $html = ''. $node->title .''; + $html = ''. check_plain($node->title) .''; $html .= ''; $html .= ""; $html .= ''. $output .''; @@ -671,7 +671,7 @@ function book_print_recurse($parent = '', $depth = 1) { // Allow modules to change $node->body before viewing. node_invoke_nodeapi($node, 'view', $node->body, false); - $output .= '

'. $node->title .'

'; + $output .= '

'. check_plain($node->title) .'

'; if ($node->body) { $output .= '
    '. $node->body .'
'; @@ -707,7 +707,7 @@ function book_admin_view($nid, $depth = 0) { if ($nid) { $node = node_load(array('nid' => $nid)); - $output .= '

'. $node->title .'

'; + $output .= '

'. check_plain($node->title) .'

'; $header = array(t('Title'), t('Weight'), array('data' => t('Operations'), 'colspan' => '3')); $rows[] = book_admin_view_line($node); @@ -738,7 +738,7 @@ function book_admin_save($nid, $edit = array()) { } } - $message = t('Updated book %title.', array('%title' => "$book->title")); + $message = t('Updated book %title.', array('%title' => theme('placeholder', $book->title))); watchdog('content', $message); return $message; diff --git a/modules/comment.module b/modules/comment.module index a22da2242..876e89bff 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -274,7 +274,7 @@ function comment_nodeapi(&$node, $op, $arg = 0) { $text = ''; $comments = db_query('SELECT subject, comment, format FROM {comments} WHERE nid = %d AND status = 0', $node->nid); while ($comment = db_fetch_object($comments)) { - $text .= '

'. $comment->subject .'

'. check_output($comment->comment, $comment->format); + $text .= '

'. check_plain($comment->subject) .'

'. check_output($comment->comment, $comment->format); } return $text; @@ -431,9 +431,12 @@ function comment_validate_form($edit) { // Validate the comment's subject. If not specified, extract // one from the comment's body. - $edit['subject'] = strip_tags($edit['subject']); - if ($edit['subject'] == '') { - $edit['subject'] = truncate_utf8(strip_tags($edit['comment']), 29, TRUE); + if (trim($edit['subject']) == '') { + // The body may be in any format, so we: + // 1) Filter it into HTML + // 2) Strip out all HTML tags + // 3) Convert entities back to plain-text. + $edit['subject'] = truncate_utf8(decode_entities(strip_tags(check_output($edit['comment'], $edit['format']))), 29, TRUE); } // Validate the comment's body. @@ -450,7 +453,7 @@ function comment_validate_form($edit) { if (!$user->uid) { if (variable_get('comment_anonymous', 0) > 0) { if ($edit['name']) { - $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", strip_tags($edit['name'])), 0); + $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']), 0); if ($taken != 0) { form_set_error('name', t('The name you used belongs to a registered user.')); @@ -494,7 +497,7 @@ function comment_preview($edit) { // Attach the user and time information. $comment->uid = $user->uid; $comment->timestamp = time(); - $comment->name = $user->name ? $user->name : $comment->name; + $comment->name = check_plain($user->name ? $user->name : $comment->name); // Preview the comment. $output .= theme('comment_view', $comment, theme('links', module_invoke_all('link', 'comment', $comment, 1))); @@ -523,7 +526,7 @@ function comment_post($edit) { // validated/filtered data to perform such check. $duplicate = db_result(db_query("SELECT COUNT(cid) FROM {comments} WHERE pid = %d AND nid = %d AND subject = '%s' AND comment = '%s'", $edit['pid'], $edit['nid'], $edit['subject'], $edit['comment']), 0); if ($duplicate != 0) { - watchdog('content', t('Comment: duplicate %subject.', array('%subject' => ''. $edit['subject'] .'')), WATCHDOG_WARNING); + watchdog('content', t('Comment: duplicate %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_WARNING); } if ($edit['cid']) { @@ -538,7 +541,7 @@ function comment_post($edit) { module_invoke_all('comment', 'update', $edit); // Add an entry to the watchdog log. - watchdog('content', t('Comment: updated %subject.', array('%subject' => ''. $edit['subject'] .'')), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid'])); + watchdog('content', t('Comment: updated %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid'])); } else { // Add the comment to database. @@ -641,7 +644,7 @@ function comment_post($edit) { module_invoke_all('comment', 'insert', $edit); // Add an entry to the watchdog log. - watchdog('content', t('Comment: added %subject.', array('%subject' => ''. $edit['subject'] .'')), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid'])); + watchdog('content', t('Comment: added %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid'])); } // Clear the cache so an anonymous user can see his comment being added. @@ -662,7 +665,7 @@ function comment_post($edit) { } } else { - watchdog('content', t('Comment: unauthorized comment submitted or comment submitted to a closed node %subject.', array('%subject' => ''. $edit['subject'] .'')), WATCHDOG_WARNING); + watchdog('content', t('Comment: unauthorized comment submitted or comment submitted to a closed node (%subject).', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_WARNING); } } @@ -974,7 +977,7 @@ function comment_delete($cid) { } else if ($comment->cid) { $output = theme('confirm', - t('Are you sure you want to delete the comment %title?', array('%title' => ''. $comment->subject .'')), + t('Are you sure you want to delete the comment %title?', array('%title' => theme('placeholder', $comment->subject))), 'node/'. $comment->nid, t('Any replies to this comment will be lost. This action cannot be undone.'), t('Delete')); @@ -992,7 +995,7 @@ function comment_delete($cid) { function comment_save($id, $edit) { db_query("UPDATE {comments} SET subject = '%s', comment = '%s', status = %d, format = '%s', name = '%s', mail = '%s', homepage = '%s' WHERE cid = %d", $edit['subject'], $edit['comment'], $edit['status'], $edit['format'], $edit['name'], $edit['mail'], $edit['homepage'], $id); - watchdog('content', t('Comment: modified %subject.', array('%subject' => ''. $edit['subject'] .''))); + watchdog('content', t('Comment: modified %subject.', array('%subject' => theme('placeholder', $edit['subject'])))); drupal_set_message(t('The comment has been saved.')); _comment_update_node_statistics($edit['nid']); @@ -1023,7 +1026,7 @@ function comment_admin_overview($type = 'new') { while ($comment = db_fetch_object($result)) { $comment->name = $comment->uid ? $comment->registered_name : $comment->name; $rows[] = array( - l($comment->subject, "node/$comment->nid", array('title' => htmlspecialchars(truncate_utf8($comment->comment, 128))), NULL, "comment-$comment->cid") ." ". theme('mark', node_mark($comment->nid, $comment->timestamp)), + l($comment->subject, "node/$comment->nid", array('title' => truncate_utf8($comment->comment, 128)), NULL, "comment-$comment->cid") ." ". theme('mark', node_mark($comment->nid, $comment->timestamp)), format_name($comment), ($comment->status == 0 ? t('Published') : t('Not published')), format_date($comment->timestamp, 'small'), @@ -1624,7 +1627,7 @@ function theme_comment_post_forbidden() { function _comment_delete_thread($comment) { // Delete the comment: db_query('DELETE FROM {comments} WHERE cid = %d', $comment->cid); - watchdog('content', t('Comment: deleted %subject.', array('%subject' => "$comment->subject"))); + watchdog('content', t('Comment: deleted %subject.', array('%subject' => theme('placeholder', $comment->subject)))); module_invoke_all('comment', 'delete', $comment); diff --git a/modules/comment/comment.module b/modules/comment/comment.module index a22da2242..876e89bff 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -274,7 +274,7 @@ function comment_nodeapi(&$node, $op, $arg = 0) { $text = ''; $comments = db_query('SELECT subject, comment, format FROM {comments} WHERE nid = %d AND status = 0', $node->nid); while ($comment = db_fetch_object($comments)) { - $text .= '

'. $comment->subject .'

'. check_output($comment->comment, $comment->format); + $text .= '

'. check_plain($comment->subject) .'

'. check_output($comment->comment, $comment->format); } return $text; @@ -431,9 +431,12 @@ function comment_validate_form($edit) { // Validate the comment's subject. If not specified, extract // one from the comment's body. - $edit['subject'] = strip_tags($edit['subject']); - if ($edit['subject'] == '') { - $edit['subject'] = truncate_utf8(strip_tags($edit['comment']), 29, TRUE); + if (trim($edit['subject']) == '') { + // The body may be in any format, so we: + // 1) Filter it into HTML + // 2) Strip out all HTML tags + // 3) Convert entities back to plain-text. + $edit['subject'] = truncate_utf8(decode_entities(strip_tags(check_output($edit['comment'], $edit['format']))), 29, TRUE); } // Validate the comment's body. @@ -450,7 +453,7 @@ function comment_validate_form($edit) { if (!$user->uid) { if (variable_get('comment_anonymous', 0) > 0) { if ($edit['name']) { - $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", strip_tags($edit['name'])), 0); + $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']), 0); if ($taken != 0) { form_set_error('name', t('The name you used belongs to a registered user.')); @@ -494,7 +497,7 @@ function comment_preview($edit) { // Attach the user and time information. $comment->uid = $user->uid; $comment->timestamp = time(); - $comment->name = $user->name ? $user->name : $comment->name; + $comment->name = check_plain($user->name ? $user->name : $comment->name); // Preview the comment. $output .= theme('comment_view', $comment, theme('links', module_invoke_all('link', 'comment', $comment, 1))); @@ -523,7 +526,7 @@ function comment_post($edit) { // validated/filtered data to perform such check. $duplicate = db_result(db_query("SELECT COUNT(cid) FROM {comments} WHERE pid = %d AND nid = %d AND subject = '%s' AND comment = '%s'", $edit['pid'], $edit['nid'], $edit['subject'], $edit['comment']), 0); if ($duplicate != 0) { - watchdog('content', t('Comment: duplicate %subject.', array('%subject' => ''. $edit['subject'] .'')), WATCHDOG_WARNING); + watchdog('content', t('Comment: duplicate %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_WARNING); } if ($edit['cid']) { @@ -538,7 +541,7 @@ function comment_post($edit) { module_invoke_all('comment', 'update', $edit); // Add an entry to the watchdog log. - watchdog('content', t('Comment: updated %subject.', array('%subject' => ''. $edit['subject'] .'')), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid'])); + watchdog('content', t('Comment: updated %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid'])); } else { // Add the comment to database. @@ -641,7 +644,7 @@ function comment_post($edit) { module_invoke_all('comment', 'insert', $edit); // Add an entry to the watchdog log. - watchdog('content', t('Comment: added %subject.', array('%subject' => ''. $edit['subject'] .'')), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid'])); + watchdog('content', t('Comment: added %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid'])); } // Clear the cache so an anonymous user can see his comment being added. @@ -662,7 +665,7 @@ function comment_post($edit) { } } else { - watchdog('content', t('Comment: unauthorized comment submitted or comment submitted to a closed node %subject.', array('%subject' => ''. $edit['subject'] .'')), WATCHDOG_WARNING); + watchdog('content', t('Comment: unauthorized comment submitted or comment submitted to a closed node (%subject).', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_WARNING); } } @@ -974,7 +977,7 @@ function comment_delete($cid) { } else if ($comment->cid) { $output = theme('confirm', - t('Are you sure you want to delete the comment %title?', array('%title' => ''. $comment->subject .'')), + t('Are you sure you want to delete the comment %title?', array('%title' => theme('placeholder', $comment->subject))), 'node/'. $comment->nid, t('Any replies to this comment will be lost. This action cannot be undone.'), t('Delete')); @@ -992,7 +995,7 @@ function comment_delete($cid) { function comment_save($id, $edit) { db_query("UPDATE {comments} SET subject = '%s', comment = '%s', status = %d, format = '%s', name = '%s', mail = '%s', homepage = '%s' WHERE cid = %d", $edit['subject'], $edit['comment'], $edit['status'], $edit['format'], $edit['name'], $edit['mail'], $edit['homepage'], $id); - watchdog('content', t('Comment: modified %subject.', array('%subject' => ''. $edit['subject'] .''))); + watchdog('content', t('Comment: modified %subject.', array('%subject' => theme('placeholder', $edit['subject'])))); drupal_set_message(t('The comment has been saved.')); _comment_update_node_statistics($edit['nid']); @@ -1023,7 +1026,7 @@ function comment_admin_overview($type = 'new') { while ($comment = db_fetch_object($result)) { $comment->name = $comment->uid ? $comment->registered_name : $comment->name; $rows[] = array( - l($comment->subject, "node/$comment->nid", array('title' => htmlspecialchars(truncate_utf8($comment->comment, 128))), NULL, "comment-$comment->cid") ." ". theme('mark', node_mark($comment->nid, $comment->timestamp)), + l($comment->subject, "node/$comment->nid", array('title' => truncate_utf8($comment->comment, 128)), NULL, "comment-$comment->cid") ." ". theme('mark', node_mark($comment->nid, $comment->timestamp)), format_name($comment), ($comment->status == 0 ? t('Published') : t('Not published')), format_date($comment->timestamp, 'small'), @@ -1624,7 +1627,7 @@ function theme_comment_post_forbidden() { function _comment_delete_thread($comment) { // Delete the comment: db_query('DELETE FROM {comments} WHERE cid = %d', $comment->cid); - watchdog('content', t('Comment: deleted %subject.', array('%subject' => "$comment->subject"))); + watchdog('content', t('Comment: deleted %subject.', array('%subject' => theme('placeholder', $comment->subject)))); module_invoke_all('comment', 'delete', $comment); diff --git a/modules/contact.module b/modules/contact.module index 627f6ca3a..b86989963 100644 --- a/modules/contact.module +++ b/modules/contact.module @@ -88,7 +88,7 @@ function contact_mail_user() { // Tidy up the body: foreach ($message as $key => $value) { - $message[$key] = wordwrap(strip_tags($value)); + $message[$key] = wordwrap(check_plain($value)); } // Prepare all fields: diff --git a/modules/contact/contact.module b/modules/contact/contact.module index 627f6ca3a..b86989963 100644 --- a/modules/contact/contact.module +++ b/modules/contact/contact.module @@ -88,7 +88,7 @@ function contact_mail_user() { // Tidy up the body: foreach ($message as $key => $value) { - $message[$key] = wordwrap(strip_tags($value)); + $message[$key] = wordwrap(check_plain($value)); } // Prepare all fields: diff --git a/modules/drupal.module b/modules/drupal.module index 9158221bf..08add863c 100644 --- a/modules/drupal.module +++ b/modules/drupal.module @@ -95,7 +95,7 @@ function drupal_directory_ping($arguments) { db_query("DELETE FROM {directory} WHERE link = '%s' OR mail = '%s'", $link, $mail); db_query("INSERT INTO {directory} (link, name, mail, slogan, mission, timestamp) VALUES ('%s', '%s', '%s', '%s', '%s', %d)", $link, $name, $mail, $slogan, $mission, time()); - watchdog('directory ping', t('Ping from %name (%link).', array('%name' => "$name", '%link' => "$link")), WATCHDOG_NOTICE, "view"); + watchdog('directory ping', t('Ping from %name (%link).', array('%name' => theme('placeholder', $name), '%link' => theme('placeholder', $link))), WATCHDOG_NOTICE, 'view'); return new xmlrpcresp(new xmlrpcval(1, 'int')); } @@ -143,7 +143,7 @@ function drupal_notify($server) { $result = $client->send($message, 5); if (!$result || $result->faultCode()) { - watchdog('directory ping', t('Failed to notify %url at %path: %error.', array('%url' => ''. $url["host"] .'', '%path' => ''. $url["path"] .'', '%error' => ''. $result->faultString() .'')), WATCHDOG_WARNING); + watchdog('directory ping', t('Failed to notify %url at %path: %error.', array('%url' => theme('placeholder', $url['host']), '%path' => theme('placeholder', $url['path']), '%error' => theme('placeholder', $result->faultString()))), WATCHDOG_WARNING); } } diff --git a/modules/drupal/drupal.module b/modules/drupal/drupal.module index 9158221bf..08add863c 100644 --- a/modules/drupal/drupal.module +++ b/modules/drupal/drupal.module @@ -95,7 +95,7 @@ function drupal_directory_ping($arguments) { db_query("DELETE FROM {directory} WHERE link = '%s' OR mail = '%s'", $link, $mail); db_query("INSERT INTO {directory} (link, name, mail, slogan, mission, timestamp) VALUES ('%s', '%s', '%s', '%s', '%s', %d)", $link, $name, $mail, $slogan, $mission, time()); - watchdog('directory ping', t('Ping from %name (%link).', array('%name' => "$name", '%link' => "$link")), WATCHDOG_NOTICE, "view"); + watchdog('directory ping', t('Ping from %name (%link).', array('%name' => theme('placeholder', $name), '%link' => theme('placeholder', $link))), WATCHDOG_NOTICE, 'view'); return new xmlrpcresp(new xmlrpcval(1, 'int')); } @@ -143,7 +143,7 @@ function drupal_notify($server) { $result = $client->send($message, 5); if (!$result || $result->faultCode()) { - watchdog('directory ping', t('Failed to notify %url at %path: %error.', array('%url' => ''. $url["host"] .'', '%path' => ''. $url["path"] .'', '%error' => ''. $result->faultString() .'')), WATCHDOG_WARNING); + watchdog('directory ping', t('Failed to notify %url at %path: %error.', array('%url' => theme('placeholder', $url['host']), '%path' => theme('placeholder', $url['path']), '%error' => theme('placeholder', $result->faultString()))), WATCHDOG_WARNING); } } diff --git a/modules/filter.module b/modules/filter.module index 74e95e079..2fa406d75 100644 --- a/modules/filter.module +++ b/modules/filter.module @@ -60,9 +60,9 @@ function filter_filter_tips($delta, $format, $long = false) { if ($allowed_html = variable_get("allowed_html_$format", '
'. l('«', 'archive/'. date('Y/m/d', $prev), array('title' => t('Previous month'))) .' '. format_date($requested, 'custom', 'F') . date(' Y', $requested) .' '. ($nextmonth <= time() ? l('»', 'archive/'. date('Y/m/d', $next), array('title' => t('Next month'))) : ' ') ."'. l('«', 'archive/'. date('Y/m/d', $prev), array('title' => t('Previous month'))) .' '. format_date($requested, 'custom', 'F') . date(' Y', $requested) .' '. ($nextmonth <= time() ? l('»', 'archive/'. date('Y/m/d', $next), array('title' => t('Next month'))) : ' ') ."