From c5cb3059607b3961ece274a3608145f14305a485 Mon Sep 17 00:00:00 2001
From: Steven Wittens <steven@10.no-reply.drupal.org>
Date: Fri, 7 Apr 2006 11:34:09 +0000
Subject: - Menu titles were not escaped properly

---
 modules/menu.module      | 8 ++++----
 modules/menu/menu.module | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'modules')

diff --git a/modules/menu.module b/modules/menu.module
index f3556548e..c36e68798 100644
--- a/modules/menu.module
+++ b/modules/menu.module
@@ -120,14 +120,14 @@ function menu_block($op = 'list', $delta = 0) {
     foreach ($root_menus as $mid => $title) {
       // Default "Navigation" block is handled by user.module.
       if ($mid != 1) {
-        $blocks[$mid]['info'] = $title;
+        $blocks[$mid]['info'] = check_plain($title);
       }
     }
     return $blocks;
   }
   else if ($op == 'view') {
     $item = menu_get_item($delta);
-    $data['subject'] = $item['title'];
+    $data['subject'] = check_plain($item['title']);
     $data['content'] = theme('menu_tree', $delta);
     return $data;
   }
@@ -611,7 +611,7 @@ function menu_overview_tree() {
     $operations[] = l(t('add item'), 'admin/menu/item/add/'. $mid);
     $table = theme('item_list', $operations);
     $table .= theme('table', $header, menu_overview_tree_rows($mid));
-    $output .= theme('box', $title, $table);
+    $output .= theme('box', check_plain($title), $table);
   }
   return $output;
 }
@@ -628,7 +628,7 @@ function menu_overview_tree_rows($pid = 0, $depth = 0) {
       $title = '';
       if ($pid == 0) {
         // Top-level items are menu names, and don't have an associated path.
-        $title .= $item['title'];
+        $title .= check_plain($item['title']);
       }
       else {
         $title .= l($item['title'], $item['path']);
diff --git a/modules/menu/menu.module b/modules/menu/menu.module
index f3556548e..c36e68798 100644
--- a/modules/menu/menu.module
+++ b/modules/menu/menu.module
@@ -120,14 +120,14 @@ function menu_block($op = 'list', $delta = 0) {
     foreach ($root_menus as $mid => $title) {
       // Default "Navigation" block is handled by user.module.
       if ($mid != 1) {
-        $blocks[$mid]['info'] = $title;
+        $blocks[$mid]['info'] = check_plain($title);
       }
     }
     return $blocks;
   }
   else if ($op == 'view') {
     $item = menu_get_item($delta);
-    $data['subject'] = $item['title'];
+    $data['subject'] = check_plain($item['title']);
     $data['content'] = theme('menu_tree', $delta);
     return $data;
   }
@@ -611,7 +611,7 @@ function menu_overview_tree() {
     $operations[] = l(t('add item'), 'admin/menu/item/add/'. $mid);
     $table = theme('item_list', $operations);
     $table .= theme('table', $header, menu_overview_tree_rows($mid));
-    $output .= theme('box', $title, $table);
+    $output .= theme('box', check_plain($title), $table);
   }
   return $output;
 }
@@ -628,7 +628,7 @@ function menu_overview_tree_rows($pid = 0, $depth = 0) {
       $title = '';
       if ($pid == 0) {
         // Top-level items are menu names, and don't have an associated path.
-        $title .= $item['title'];
+        $title .= check_plain($item['title']);
       }
       else {
         $title .= l($item['title'], $item['path']);
-- 
cgit v1.2.3