From 9794b5538e2baee159d360c9f7125f178591659a Mon Sep 17 00:00:00 2001
From: Steven Wittens <steven@10.no-reply.drupal.org>
Date: Fri, 7 Apr 2006 15:32:17 +0000
Subject: - #55898: Generic, permissive admin XSS/HTML filtering for
 mission/footer/... - Clean up some raw output

---
 themes/engines/phptemplate/phptemplate.engine | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'themes/engines/phptemplate')

diff --git a/themes/engines/phptemplate/phptemplate.engine b/themes/engines/phptemplate/phptemplate.engine
index 97c95adc9..0a136a3ac 100644
--- a/themes/engines/phptemplate/phptemplate.engine
+++ b/themes/engines/phptemplate/phptemplate.engine
@@ -143,7 +143,7 @@ function phptemplate_page($content) {
 
   /* Set title and breadcrumb to declared values */
   if (drupal_get_path_alias($_GET['q']) == variable_get('site_frontpage', 'node')) {
-    $mission = filter_xss(theme_get_setting('mission'));
+    $mission = filter_xss_admin(theme_get_setting('mission'));
   }
 
   /* Add favicon */
@@ -188,7 +188,7 @@ function phptemplate_page($content) {
     'breadcrumb'          => theme('breadcrumb', drupal_get_breadcrumb()),
     'closure'             => theme('closure'),
     'content'             => '<!-- begin content -->' . $content . '<!-- end content -->',
-    'footer_message'      => variable_get('site_footer', FALSE) . "\n" . theme('blocks', 'footer'),
+    'footer_message'      => filter_xss_admin(variable_get('site_footer', FALSE)) . "\n" . theme('blocks', 'footer'),
     'head'                => drupal_get_html_head(),
     'head_title'          => implode(' | ', $head_title),
     'help'                => theme('help'),
-- 
cgit v1.2.3