cvs diff: Diffing .
cvs diff: Diffing database
cvs diff: Diffing includes
Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.41
diff -u -r1.41 bootstrap.inc
--- includes/bootstrap.inc 19 Mar 2005 01:24:18 -0000 1.41
+++ includes/bootstrap.inc 27 Mar 2005 13:52:01 -0000
@@ -393,7 +393,7 @@
if (!isset($title)) {
// during a bootstrap, menu.inc is not included and thus we cannot provide a title
if (function_exists('menu_get_active_title')) {
- $title = menu_get_active_title();
+ $title = check_plain(menu_get_active_title());
}
}
@@ -509,7 +509,7 @@
*/
function referer_uri() {
if (isset($_SERVER['HTTP_REFERER'])) {
- return check_url($_SERVER['HTTP_REFERER']);
+ return $_SERVER['HTTP_REFERER'];
}
}
@@ -537,14 +537,14 @@
}
/**
- * Prepare user input for use in a URI.
+ * Prepare a URL for use in an HTML attribute.
*
- * We replace ( and ) with their entity equivalents to prevent XSS attacks.
+ * We replace ( and ) with their url-encoded equivalents to prevent XSS attacks.
*/
function check_url($uri) {
$uri = htmlspecialchars($uri, ENT_QUOTES);
- $uri = strtr($uri, array('(' => '&040;', ')' => '&041;'));
+ $uri = strtr($uri, array('(' => '%28', ')' => '%29'));
return $uri;
}
@@ -567,7 +567,7 @@
}
}
- return check_url($uri);
+ return $uri;
}
/**
Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.431
diff -u -r1.431 common.inc
--- includes/common.inc 21 Mar 2005 19:26:47 -0000 1.431
+++ includes/common.inc 27 Mar 2005 13:52:01 -0000
@@ -173,8 +173,7 @@
extract(parse_url($_REQUEST['edit']['destination']));
}
- // Translate & to simply & in the absolute URL.
- $url = str_replace('&', '&', url($path, $query, $fragment, TRUE));
+ $url = url($path, $query, $fragment, TRUE);
if (ini_get('session.use_trans_sid') && session_id() && !strstr($url, session_id())) {
$sid = session_name() . '=' . session_id();
@@ -549,15 +548,10 @@
}
/**
- * Encode special characters in a string for display as HTML.
- *
- * Note that we'd like to use htmlspecialchars($input, $quotes, 'utf-8')
- * as outlined in the PHP manual, but we can't because there's a bug in
- * PHP < 4.3 that makes it mess up multibyte charsets if we specify the
- * charset. This will be changed later once we make PHP 4.3 a requirement.
+ * Encode special characters in a plain-text string for display as HTML.
*/
-function drupal_specialchars($input, $quotes = ENT_NOQUOTES) {
- return htmlspecialchars($input, $quotes);
+function check_plain($text) {
+ return htmlspecialchars($text, ENT_QUOTES);
}
/**
@@ -680,10 +674,6 @@
return ($number < $threshold ? TRUE : FALSE);
}
-function check_form($text) {
- return drupal_specialchars($text, ENT_QUOTES);
-}
-
function check_file($filename) {
return is_uploaded_file($filename);
}
@@ -703,12 +693,12 @@
// arbitrary elements may be added using the $args associative array
$output = "\n";
- $output .= ' '. drupal_specialchars(strip_tags($title)) ." \n";
- $output .= ' '. drupal_specialchars(strip_tags($link)) ."\n";
- $output .= ' '. drupal_specialchars(strip_tags($description)) ." \n";
- $output .= ' '. drupal_specialchars(strip_tags($language)) ." \n";
+ $output .= ' '. check_plain($title) ." \n";
+ $output .= ' '. check_url($link) ."\n";
+ $output .= ' '. check_plain($description) ." \n";
+ $output .= ' '. check_plain($language) ." \n";
foreach ($args as $key => $value) {
- $output .= ' <'. $key .'>'. drupal_specialchars(strip_tags($value)) ."$key>\n";
+ $output .= ' <'. $key .'>'. check_plain($value) ."$key>\n";
}
$output .= $items;
$output .= " \n";
@@ -723,9 +713,9 @@
*/
function format_rss_item($title, $link, $description, $args = array()) {
$output = "- \n";
- $output .= '
'. drupal_specialchars(strip_tags($title)) ." \n";
- $output .= ' '. drupal_specialchars(strip_tags($link)) ."\n";
- $output .= ' '. drupal_specialchars($description) ." \n";
+ $output .= ' '. check_plain($title) ." \n";
+ $output .= ' '. check_url($link) ."\n";
+ $output .= ' '. check_plain($description) ." \n";
foreach ($args as $key => $value) {
if (is_array($value)) {
if ($value['key']) {
@@ -743,7 +733,7 @@
}
}
else {
- $output .= ' <'. $key .'>'. drupal_specialchars(strip_tags($value)) ."$key>\n";
+ $output .= ' <'. $key .'>'. check_plain($value) ."$key>\n";
}
}
$output .= " \n";
@@ -1212,7 +1202,7 @@
*/
function form_textfield($title, $name, $value, $size, $maxlength, $description = NULL, $attributes = NULL, $required = FALSE) {
$size = $size ? ' size="'. $size .'"' : '';
- return theme('form_element', $title, ' ', $description, 'edit-'. $name, $required, _form_get_error($name));
+ return theme('form_element', $title, ' ', $description, 'edit-'. $name, $required, _form_get_error($name));
}
/**
@@ -1239,7 +1229,7 @@
*/
function form_password($title, $name, $value, $size, $maxlength, $description = NULL, $attributes = NULL, $required = FALSE) {
$size = $size ? ' size="'. $size .'"' : '';
- return theme('form_element', $title, ' ', $description, 'edit-'. $name, $required, _form_get_error($name));
+ return theme('form_element', $title, ' ', $description, 'edit-'. $name, $required, _form_get_error($name));
}
/**
@@ -1275,7 +1265,7 @@
}
}
- $output .= theme('form_element', $title, '', $description, 'edit-'. $name, $required, _form_get_error($name));
+ $output .= theme('form_element', $title, '', $description, 'edit-'. $name, $required, _form_get_error($name));
// e.g. optionally plug in a WYSIWYG editor
foreach (module_list() as $module_name) {
@@ -1321,12 +1311,12 @@
if (is_array($choice)) {
$select .= '';
foreach ($choice as $key => $choice) {
- $select .= ''. check_form($choice) .' ';
+ $select .= ''. check_plain($choice) .' ';
}
$select .= ' ';
}
else {
- $select .= ''. check_form($choice) .' ';
+ $select .= ''. check_plain($choice) .' ';
}
}
return theme('form_element', $title, ''. $select .' ', $description, 'edit-'. $name, $required, _form_get_error($name));
@@ -1370,7 +1360,7 @@
* an attacker to change the value before it is submitted.
*/
function form_hidden($name, $value) {
- return ' \n";
+ return ' \n";
}
/**
@@ -1389,7 +1379,7 @@
* A themed HTML string representing the button.
*/
function form_button($value, $name = 'op', $type = 'submit', $attributes = NULL) {
- return ' \n";
+ return ' \n";
}
/**
@@ -1481,7 +1471,7 @@
if (variable_get('clean_url', '0') == '0') {
if (isset($path)) {
if (isset($query)) {
- return $base . $script .'?q='. $path .'&'. $query . $fragment;
+ return $base . $script .'?q='. $path .'&'. $query . $fragment;
}
else {
return $base . $script .'?q='. $path . $fragment;
@@ -1528,7 +1518,7 @@
if ($attributes) {
$t = array();
foreach ($attributes as $key => $value) {
- $t[] = $key .'="'. $value .'"';
+ $t[] = $key .'="'. check_plain($value) .'"';
}
return ' '. implode($t, ' ');
@@ -1555,10 +1545,12 @@
* @param $absolute
* Whether to force the output to be an absolute link (beginning with http:).
* Useful for links that will be displayed outside the site, such as in an RSS feed.
+ * @param $html
+ * Whether the title is HTML, or just plain-text.
* @return
* an HTML string containing a link to the given path.
*/
-function l($text, $path, $attributes = array(), $query = NULL, $fragment = NULL, $absolute = FALSE) {
+function l($text, $path, $attributes = array(), $query = NULL, $fragment = NULL, $absolute = FALSE, $html = FALSE) {
if (drupal_get_normal_path($path) == $_GET['q']) {
if (isset($attributes['class'])) {
$attributes['class'] .= ' active';
@@ -1567,7 +1559,7 @@
$attributes['class'] = 'active';
}
}
- return ''. $text .' ';
+ return ''. ($html ? $text : check_plain($text)) .' ';
}
/**
@@ -1679,7 +1671,7 @@
$out = @mb_convert_encoding($data, 'utf-8', $encoding);
}
else if (function_exists('recode_string')) {
- $out = @recode_string($encoding . '..utf-8', $data);
+ $out = @recode_string($encoding .'..utf-8', $data);
}
else {
watchdog('php', t("Unsupported encoding '%s'. Please install iconv, GNU recode or mbstring for PHP.", $encoding), WATCHDOG_ERROR);
Index: includes/locale.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/locale.inc,v
retrieving revision 1.39
diff -u -r1.39 locale.inc
--- includes/locale.inc 9 Jan 2005 09:22:39 -0000 1.39
+++ includes/locale.inc 13 Mar 2005 02:17:42 -0000
@@ -23,14 +23,14 @@
// the language addition, we need to inform the user on how to start
// a translation
if ($onlylanguage) {
- $message = t('%locale language added. You can now import a translation. See the help screen for more information.', array('%locale' => ''. t($name) .' ', '%locale-help' => url('admin/help/locale')));
+ $message = t('%locale language added. You can now import a translation. See the help screen for more information.', array('%locale' => ''. check_plain(t($name)) .' ', '%locale-help' => url('admin/help/locale')));
}
else {
- $message = t('%locale language added.', array('%locale' => ''. t($name) .' '));
+ $message = t('%locale language added.', array('%locale' => ''. check_plain(t($name)) .' '));
}
drupal_set_message($message);
- watchdog('locale', t('%language language (%locale) added.', array('%language' => "$name ", '%locale' => "$code ")));
+ watchdog('locale', t('%language language (%locale) added.', array('%language' => ''. check_plain($name) .' ', '%locale' => ''. check_plain($code) .' ')));
}
/**
@@ -47,7 +47,7 @@
$status = db_fetch_object(db_query("SELECT isdefault, enabled FROM {locales_meta} WHERE locale = '%s'", $key));
if ($key == 'en') {
- $rows[] = array('en', $lang, form_checkbox('', 'enabled][en', 1, $status->enabled), form_radio('', 'sitedefault', $key, $status->isdefault), message_na(), '');
+ $rows[] = array('en', check_plain($lang), form_checkbox('', 'enabled][en', 1, $status->enabled), form_radio('', 'sitedefault', $key, $status->isdefault), message_na(), '');
}
else {
$original = db_fetch_object(db_query("SELECT COUNT(*) AS strings FROM {locales_source}"));
@@ -55,7 +55,7 @@
$ratio = ($original->strings > 0 && $translation->translation > 0) ? round(($translation->translation/$original->strings)*100., 2) : 0;
- $rows[] = array($key, ($key != 'en' ? form_textfield('', 'name]['. $key, $lang, 15, 64) : $lang), form_checkbox('', 'enabled]['. $key, 1, $status->enabled), form_radio('', 'sitedefault', $key, $status->isdefault), "$translation->translation/$original->strings ($ratio%)", ($key != 'en' ? l(t('delete'), 'admin/locale/language/delete/'. urlencode($key)) : ''));
+ $rows[] = array(check_plain($key), ($key != 'en' ? form_textfield('', 'name]['. $key, $lang, 15, 64) : $lang), form_checkbox('', 'enabled]['. $key, 1, $status->enabled), form_radio('', 'sitedefault', $key, $status->isdefault), "$translation->translation/$original->strings ($ratio%)", ($key != 'en' ? l(t('delete'), 'admin/locale/language/delete/'. urlencode($key)) : ''));
}
}
@@ -132,7 +132,7 @@
// Check if we can get the strings from the file
if (!($strings = _locale_import_read_po($file))) {
- drupal_set_message(t('Translation file %filename broken: Could not be read.', array('%filename' => "$file->filename ")), 'error');
+ drupal_set_message(t('Translation file %filename broken: Could not be read.', array('%filename' => ''. check_plain($file->filename) .' ')), 'error');
return FALSE;
}
@@ -154,7 +154,7 @@
}
}
else {
- drupal_set_message(t('Translation file %filename broken: No header.', array('%filename' => "$file->filename ")), 'error');
+ drupal_set_message(t('Translation file %filename broken: No header.', array('%filename' => ''. check_plain($file->filename) .' ')), 'error');
return FALSE;
}
@@ -257,7 +257,7 @@
menu_rebuild();
drupal_set_message(t('Translation successfully imported. %number translated strings added to language, %update strings updated.', array('%number' => $additions, '%update' => $updates)));
- watchdog('locale', t('Imported %file into %locale: %number new strings added and %update updated.', array('%file' => "$file->filename ", '%locale' => "$lang ", '%number' => $additions, '%update' => $updates)));
+ watchdog('locale', t('Imported %file into %locale: %number new strings added and %update updated.', array('%file' => ''. check_plain($file->filename) .' ', '%locale' => ''. check_plain($lang) .' ', '%number' => $additions, '%update' => $updates)));
return TRUE;
}
@@ -269,9 +269,10 @@
*/
function _locale_import_read_po($file) {
+ $message = ''. check_plain($file->filename) .' ';
$fd = fopen($file->filepath, "rb");
if (!$fd) {
- drupal_set_message(t('Translation import failed: file %filename cannot be read.', array('%filename' => "$file->filename ")), 'error');
+ drupal_set_message(t('Translation import failed: file %filename cannot be read.', array('%filename' => $message)), 'error');
return FALSE;
}
$info = fstat($fd);
@@ -303,19 +304,19 @@
$context = "COMMENT";
}
else { // Parse error
- drupal_set_message(t("Translation file %filename broken: expected 'msgstr' in line %line.", array('%filename' => "$file->filename ", '%line' => $lineno)), 'error');
+ drupal_set_message(t("Translation file %filename broken: expected 'msgstr' in line %line.", array('%filename' => $message, '%line' => $lineno)), 'error');
return FALSE;
}
}
elseif (!strncmp("msgid_plural", $line, 12)) {
if ($context != "MSGID") { // Must be plural form for current entry
- drupal_set_message(t("Translation file %filename broken: unexpected 'msgid_plural' in line %line.", array('%filename' => "$file->filename ", '%line' => $lineno)), 'error');
+ drupal_set_message(t("Translation file %filename broken: unexpected 'msgid_plural' in line %line.", array('%filename' => $message, '%line' => $lineno)), 'error');
return FALSE;
}
$line = trim(substr($line, 12));
$quoted = _locale_import_parse_quoted($line);
if ($quoted === false) {
- drupal_set_message(t('Translation file %filename broken: syntax error in line %line.', array('%filename' => "$file->filename ", '%line' => $lineno)), 'error');
+ drupal_set_message(t('Translation file %filename broken: syntax error in line %line.', array('%filename' => $message, '%line' => $lineno)), 'error');
return FALSE;
}
$current["msgid"] = $current["msgid"] ."\0". $quoted;
@@ -327,13 +328,13 @@
$current = array();
}
elseif ($context == "MSGID") { // Already in this context? Parse error
- drupal_set_message(t("Translation file %filename broken: unexpected 'msgid' in line %line.", array('%filename' => "$file->filename ", '%line' => $lineno)), 'error');
+ drupal_set_message(t("Translation file %filename broken: unexpected 'msgid' in line %line.", array('%filename' => $message, '%line' => $lineno)), 'error');
return FALSE;
}
$line = trim(substr($line, 5));
$quoted = _locale_import_parse_quoted($line);
if ($quoted === false) {
- drupal_set_message(t('Translation file %filename broken: syntax error in line %line.', array('%filename' => "$file->filename ", '%line' => $lineno)), 'error');
+ drupal_set_message(t('Translation file %filename broken: syntax error in line %line.', array('%filename' => $message, '%line' => $lineno)), 'error');
return FALSE;
}
$current["msgid"] = $quoted;
@@ -341,11 +342,11 @@
}
elseif (!strncmp("msgstr[", $line, 7)) {
if (($context != "MSGID") && ($context != "MSGID_PLURAL") && ($context != "MSGSTR_ARR")) { // Must come after msgid, msgid_plural, or msgstr[]
- drupal_set_message(t("Translation file %filename broken: unexpected 'msgstr[]' in line %line.", array('%filename' => "$file->filename ", '%line' => $lineno)), 'error');
+ drupal_set_message(t("Translation file %filename broken: unexpected 'msgstr[]' in line %line.", array('%filename' => $message, '%line' => $lineno)), 'error');
return FALSE;
}
if (strpos($line, "]") === false) {
- drupal_set_message(t('Translation file %filename broken: syntax error in line %line.', array('%filename' => "$file->filename ", '%line' => $lineno)), 'error');
+ drupal_set_message(t('Translation file %filename broken: syntax error in line %line.', array('%filename' => $message, '%line' => $lineno)), 'error');
return FALSE;
}
$frombracket = strstr($line, "[");
@@ -353,7 +354,7 @@
$line = trim(strstr($line, " "));
$quoted = _locale_import_parse_quoted($line);
if ($quoted === false) {
- drupal_set_message(t('Translation file %filename broken: syntax error in line %line.', array('%filename' => "$file->filename ", '%line' => $lineno)), 'error');
+ drupal_set_message(t('Translation file %filename broken: syntax error in line %line.', array('%filename' => $message, '%line' => $lineno)), 'error');
return FALSE;
}
$current["msgstr"][$plural] = $quoted;
@@ -361,13 +362,13 @@
}
elseif (!strncmp("msgstr", $line, 6)) {
if ($context != "MSGID") { // Should come just after a msgid block
- drupal_set_message(t("Translation file %filename broken: unexpected 'msgstr' in line %line.", array('%filename' => "$file->filename ", '%line' => $lineno)), 'error');
+ drupal_set_message(t("Translation file %filename broken: unexpected 'msgstr' in line %line.", array('%filename' => $message, '%line' => $lineno)), 'error');
return FALSE;
}
$line = trim(substr($line, 6));
$quoted = _locale_import_parse_quoted($line);
if ($quoted === false) {
- drupal_set_message(t('Translation file %filename broken: syntax error in line %line.', array('%filename' => "$file->filename ", '%line' => $lineno)), 'error');
+ drupal_set_message(t('Translation file %filename broken: syntax error in line %line.', array('%filename' => $message, '%line' => $lineno)), 'error');
return FALSE;
}
$current["msgstr"] = $quoted;
@@ -376,7 +377,7 @@
elseif ($line != "") {
$quoted = _locale_import_parse_quoted($line);
if ($quoted === false) {
- drupal_set_message(t('Translation file %filename broken: syntax error in line %line.', array('%filename' => "$file->filename ", '%line' => $lineno)), 'error');
+ drupal_set_message(t('Translation file %filename broken: syntax error in line %line.', array('%filename' => $message, '%line' => $lineno)), 'error');
return FALSE;
}
if (($context == "MSGID") || ($context == "MSGID_PLURAL")) {
@@ -389,7 +390,7 @@
$current["msgstr"][$plural] .= $quoted;
}
else {
- drupal_set_message(t('Translation file %filename broken: unexpected string in line %line.', array('%filename' => "$file->filename ", '%line' => $lineno)), 'error');
+ drupal_set_message(t('Translation file %filename broken: unexpected string in line %line.', array('%filename' => $message, '%line' => $lineno)), 'error');
return FALSE;
}
}
@@ -400,7 +401,7 @@
$strings[$current["msgid"]] = $current;
}
elseif ($context != "COMMENT") {
- drupal_set_message(t('Translation file %filename broken: unexpected end file at line %line.', array('%filename' => "$file->filename ", '%line' => $lineno)), 'error');
+ drupal_set_message(t('Translation file %filename broken: unexpected end of file at line %line.', array('%filename' => $message, '%line' => $lineno)), 'error');
return FALSE;
}
@@ -465,7 +466,7 @@
return array($nplurals, $plural);
}
else {
- drupal_set_message(t("Translation file %filename broken: plural formula couldn't get parsed.", array('%filename' => "$filename ")), 'error');
+ drupal_set_message(t("Translation file %filename broken: plural formula couldn't get parsed.", array('%filename' => ''. check_plain($filename) .' ')), 'error');
return FALSE;
}
}
@@ -768,7 +769,7 @@
$header .= "\"Plural-Forms: nplurals=". $meta->plurals ."; plural=". strtr($meta->formula, '$', '') .";\\n\"\n";
}
$header .= "\n";
- watchdog('locale', t('Exported %locale translation file: %filename.', array('%locale' => "$meta->name ", '%filename' => "$filename ")));
+ watchdog('locale', t('Exported %locale translation file: %filename.', array('%locale' => ''. check_plain($meta->name) .' ', '%filename' => ''. check_plain($filename) .' ')));
}
// Generating Portable Object Template
@@ -789,7 +790,7 @@
$header .= "\"Content-Transfer-Encoding: 8bit\\n\"\n";
$header .= "\"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\\n\"\n";
$header .= "\n";
- watchdog('locale', t('Exported translation file: %filename.', array('%filename' => "$filename ")));
+ watchdog('locale', t('Exported translation file: %filename.', array('%filename' => ''. check_plain($filename) .' ')));
}
// Start download process
@@ -1080,6 +1081,7 @@
// Get *all* languages set up
$languages = locale_supported_languages(FALSE, TRUE);
asort($languages['name']); unset($languages['name']['en']);
+ $languages['name'] = array_map('check_plain', $languages['name']);
// Present edit form preserving previous user settings
$query = _locale_string_seek_query();
Index: includes/pager.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/pager.inc,v
retrieving revision 1.41
diff -u -r1.41 pager.inc
--- includes/pager.inc 28 Jan 2005 18:44:17 -0000 1.41
+++ includes/pager.inc 7 Mar 2005 23:02:10 -0000
@@ -384,19 +384,19 @@
$q = $_GET['q'];
$from = array_key_exists('from', $_GET) ? $_GET['from'] : '';
- foreach($attributes as $key => $value) {
+ foreach ($attributes as $key => $value) {
$query[] = $key .'='. $value;
}
$from_new = pager_load_array($from_new[$element], $element, explode(',', $from));
if (count($attributes)) {
- $url = url($q, 'from='. implode($from_new, ',') .'&'. implode('&', $query));
+ $url = url($q, 'from='. implode($from_new, ',') .'&'. implode('&', $query));
}
else {
$url = url($q, 'from='. implode($from_new, ','));
}
- return $url;
+ return check_url($url);
}
function pager_load_array($value, $element, $old_array) {
Index: includes/tablesort.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/tablesort.inc,v
retrieving revision 1.31
diff -u -r1.31 tablesort.inc
--- includes/tablesort.inc 31 Jan 2005 21:36:37 -0000 1.31
+++ includes/tablesort.inc 12 Mar 2005 20:09:20 -0000
@@ -87,7 +87,7 @@
$ts['sort'] = 'asc';
$image = '';
}
- $cell['data'] = l($cell['data'] . $image, $_GET['q'], array('title' => $title), 'sort='. $ts['sort'] .'&order='. urlencode($cell['data']). $ts['query_string']);
+ $cell['data'] = l($cell['data'] . $image, $_GET['q'], array('title' => $title), 'sort='. $ts['sort'] .'&order='. urlencode($cell['data']). $ts['query_string'], NULL, FALSE, TRUE);
unset($cell['field'], $cell['sort']);
}
@@ -139,7 +139,7 @@
$query_string = '';
foreach ($cgi as $key => $val) {
if ($key != 'order' && $key != 'sort' && $key != 'q') {
- $query_string .= '&'. $key .'='. $val;
+ $query_string .= '&'. $key .'='. $val;
}
}
return $query_string;
Index: includes/theme.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/theme.inc,v
retrieving revision 1.225
diff -u -r1.225 theme.inc
--- includes/theme.inc 16 Mar 2005 19:41:12 -0000 1.225
+++ includes/theme.inc 28 Mar 2005 20:17:53 -0000
@@ -221,8 +221,8 @@
*/
function theme_get_settings($key = NULL) {
$defaults = array(
- 'primary_links' => l('edit primary links', 'admin/themes/settings'),
- 'secondary_links' => l('edit secondary links', 'admin/themes/settings'),
+ 'primary_links' => l(t('edit primary links'), 'admin/themes/settings'),
+ 'secondary_links' => l(t('edit secondary links'), 'admin/themes/settings'),
'mission' => '',
'default_logo' => 1,
'logo_path' => '',
@@ -357,7 +357,7 @@
$output = "\n";
$output .= '';
$output .= '
';
- $output .= ' '. (drupal_get_title() ? drupal_get_title() : variable_get('site_name', 'drupal')) .' ';
+ $output .= ' '. (drupal_get_title() ? strip_tags(drupal_get_title()) : variable_get('site_name', 'drupal')) .' ';
$output .= drupal_get_html_head();
$output .= theme_get_styles();
@@ -496,7 +496,7 @@
}
if ($page == 0) {
- $output = ''. $node->title .' by '. format_name($node);
+ $output = ''. check_plain($node->title) .' by '. format_name($node);
}
else {
$output = 'by '. format_name($node);
cvs diff: Diffing misc
cvs diff: Diffing modules
Index: modules/aggregator.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/aggregator.module,v
retrieving revision 1.230
diff -u -r1.230 aggregator.module
--- modules/aggregator.module 3 Mar 2005 20:05:46 -0000 1.230
+++ modules/aggregator.module 12 Mar 2005 20:11:14 -0000
@@ -198,11 +198,11 @@
if ($op == 'list') {
$result = db_query('SELECT cid, title FROM {aggregator_category} ORDER BY title');
while ($category = db_fetch_object($result)) {
- $block['category:'. $category->cid]['info'] = t('%title category latest items', array('%title' => $category->title));
+ $block['category:'. $category->cid]['info'] = t('%title category latest items', array('%title' => ''. check_plain($category->title) .' '));
}
$result = db_query('SELECT fid, title FROM {aggregator_feed} ORDER BY fid');
while ($feed = db_fetch_object($result)) {
- $block['feed:'. $feed->fid]['info'] = t('%title feed latest items', array('%title' => $feed->title));
+ $block['feed:'. $feed->fid]['info'] = t('%title feed latest items', array('%title' => ''. check_plain($feed->title) .' '));
}
}
else if ($op == 'configure') {
@@ -231,7 +231,7 @@
switch ($type) {
case 'feed':
if ($feed = db_fetch_object(db_query('SELECT fid, title, block FROM {aggregator_feed} WHERE fid = %d', $id))) {
- $block['subject'] = $feed->title;
+ $block['subject'] = check_plain($feed->title);
$result = db_query_range('SELECT * FROM {aggregator_item} WHERE fid = %d ORDER BY timestamp DESC, iid DESC', $feed->fid, 0, $feed->block);
$block['content'] = ''. l(t('more'), 'aggregator/sources/'. $feed->fid, array('title' => t('View this feed\'s recent news.'))) .'
';
}
@@ -239,7 +239,7 @@
case 'category':
if ($category = db_fetch_object(db_query('SELECT cid, title, block FROM {aggregator_category} WHERE cid = %d', $id))) {
- $block['subject'] = $category->title;
+ $block['subject'] = check_plain($category->title);
$result = db_query_range('SELECT i.* FROM {aggregator_category_item} ci LEFT JOIN {aggregator_item} i ON ci.iid = i.iid WHERE ci.cid = %d ORDER BY i.timestamp DESC, i.iid DESC', $category->cid, 0, $category->block);
$block['content'] = ''. l(t('more'), 'aggregator/categories/'. $category->cid, array('title' => t('View this category\'s recent news.'))) .'
';
}
@@ -643,7 +643,7 @@
$categories = db_query('SELECT c.cid, c.title, f.fid FROM {aggregator_category} c LEFT JOIN {aggregator_category_feed} f ON c.cid = f.cid AND f.fid = %d ORDER BY title', $edit['fid']);
while ($category = db_fetch_object($categories)) {
$options[$category->cid] = $category->title;
- if ($category->fid) $values[] = $category->cid;
+ if ($category->fid) $values[] = check_plain($category->cid);
}
if ($options) {
$form .= form_checkboxes(t('Categorize news items'), 'category', $values, $options, t('New items in this feed will be automatically filed in the the checked categories as they are received.'));
@@ -920,7 +920,7 @@
$selected = array();
while ($category = db_fetch_object($categories_result)) {
if (!$done) {
- $categories[$category->cid] = check_form($category->title);
+ $categories[$category->cid] = check_plain($category->title);
}
if ($category->iid) {
$selected[] = $category->cid;
@@ -932,7 +932,7 @@
else {
$form = '';
while ($category = db_fetch_object($categories_result)) {
- $form .= form_checkbox(check_form($category->title), 'categories]['. $item->iid .'][', $category->cid, !is_null($category->iid));
+ $form .= form_checkbox(check_plain($category->title), 'categories]['. $item->iid .'][', $category->cid, !is_null($category->iid));
}
}
$rows[] = array(theme('aggregator_page_item', $item), array('data' => $form, 'class' => 'categorize-item'));
@@ -960,7 +960,7 @@
$result = db_query('SELECT f.fid, f.title, f.description, f.image, MAX(i.timestamp) AS last FROM {aggregator_feed} f LEFT JOIN {aggregator_item} i ON f.fid = i.fid GROUP BY f.fid');
$output = "\n";
while ($feed = db_fetch_object($result)) {
- $output .= "
$feed->title \n";
+ $output .= '
'. check_plain($feed->title) ." \n";
// Most recent items:
$list = array();
@@ -987,13 +987,13 @@
$output = "\n";
$output .= "
\n";
$output .= "\n";
- $output .= ''. drupal_specialchars(variable_get('site_name', 'Drupal')) ." \n";
+ $output .= ''. check_plain(variable_get('site_name', 'Drupal')) ." \n";
$output .= ''. gmdate('r') ." \n";
$output .= "\n";
$output .= "\n";
while ($feed = db_fetch_object($result)) {
- $output .= ' \n";
+ $output .= ' \n";
}
$output .= "\n";
@@ -1011,7 +1011,7 @@
$output = "\n";
while ($category = db_fetch_object($result)) {
- $output .= "
$category->title \n";
+ $output .= '
'. check_plain($category->title) ." \n";
if (variable_get('aggregator_summary_items', 3)) {
$list = array();
$items = db_query_range('SELECT i.title, i.timestamp, i.link, f.title as feed_title, f.link as feed_link FROM {aggregator_category_item} ci LEFT JOIN {aggregator_item} i ON i.iid = ci.iid LEFT JOIN {aggregator_feed} f ON i.fid = f.fid WHERE ci.cid = %d ORDER BY i.timestamp DESC', $category->cid, 0, variable_get('aggregator_summary_items', 3));
@@ -1066,12 +1066,12 @@
if ($user->uid && module_exist('blog') && user_access('edit own blog')) {
if ($image = theme('image', 'misc/blog.png', t('blog it'), t('blog it'))) {
- $output .= '
'. l($image, 'node/add/blog', array('title' => t('Comment on this news item in your personal blog.'), 'class' => 'blog-it'), "iid=$item->iid") .'
';
+ $output .= '
'. l($image, 'node/add/blog', array('title' => t('Comment on this news item in your personal blog.'), 'class' => 'blog-it'), "iid=$item->iid", NULL, FALSE, TRUE) .'
';
}
}
// Display the external link to the item.
- $output .= "
link\">$item->title \n";
+ $output .= '
'. check_plain($item->title) ." \n";
return $output;
}
@@ -1086,7 +1086,7 @@
* @ingroup themeable
*/
function theme_aggregator_summary_item($item) {
- $output = '
'. $item->title .' '. t('%age old', array('%age' => format_interval(time() - $item->timestamp))) .' ';
+ $output = '
'. check_plain($item->title) .' '. t('%age old', array('%age' => format_interval(time() - $item->timestamp))) .' ';
if ($item->feed_link) {
$output .= ',
'. $item->feed_title .' ';
}
@@ -1110,9 +1110,9 @@
$output .= "
\n";
$output .= '
'. date('H:i', $item->timestamp) ."
\n";
$output .= "
\n";
- $output .= "
\n";
+ $output .= '
\n";
if ($item->description) {
- $output .= "
$item->description
\n";
+ $output .= '
'. check_plain($item->description) ."
\n";
}
if ($item->ftitle && $item->fid) {
$output .= '
'. t('Source') .': '. l($item->ftitle, "aggregator/sources/$item->fid") ."
\n";
Index: modules/archive.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/archive.module,v
retrieving revision 1.77
diff -u -r1.77 archive.module
--- modules/archive.module 29 Jan 2005 22:02:36 -0000 1.77
+++ modules/archive.module 12 Mar 2005 20:13:52 -0000
@@ -91,7 +91,7 @@
$output .= "\n\n";
$output .= '
';
$output .= '
\n";
- $output .= ' '. l('«', 'archive/'. date('Y/m/d', $prev), array('title' => t('Previous month'))) .' '. format_date($requested, 'custom', 'F') . date(' Y', $requested) .' '. ($nextmonth <= time() ? l('»', 'archive/'. date('Y/m/d', $next), array('title' => t('Next month'))) : ' ') ." \n";
+ $output .= ' '. l('«', 'archive/'. date('Y/m/d', $prev), array('title' => t('Previous month'))) .' '. format_date($requested, 'custom', 'F') . date(' Y', $requested) .' '. ($nextmonth <= time() ? l('»', 'archive/'. date('Y/m/d', $next), array('title' => t('Next month'))) : ' ') ." \n";
// First day of week (0 => Sunday, 1 => Monday, ...)
$weekstart = variable_get('date_first_day', 0);
Index: modules/block.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/block.module,v
retrieving revision 1.160
diff -u -r1.160 block.module
--- modules/block.module 18 Mar 2005 07:07:04 -0000 1.160
+++ modules/block.module 27 Mar 2005 13:52:01 -0000
@@ -86,7 +86,7 @@
case 'list':
$result = db_query('SELECT bid, title, info FROM {boxes} ORDER BY title');
while ($block = db_fetch_object($result)) {
- $blocks[$block->bid]['info'] = $block->info ? $block->info : $block->title;
+ $blocks[$block->bid]['info'] = $block->info ? check_plain($block->info) : check_plain($block->title);
}
return $blocks;
@@ -103,7 +103,7 @@
case 'view':
$block = db_fetch_object(db_query('SELECT * FROM {boxes} WHERE bid = %d', $delta));
- $data['subject'] = $block->title;
+ $data['subject'] = check_plain($block->title);
$data['content'] = check_output($block->body, $block->format);
return $data;
}
Index: modules/blogapi.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/blogapi.module,v
retrieving revision 1.37
diff -u -r1.37 blogapi.module
--- modules/blogapi.module 31 Jan 2005 19:36:20 -0000 1.37
+++ modules/blogapi.module 8 Mar 2005 23:09:28 -0000
@@ -153,7 +153,7 @@
$nid = node_save($node);
if ($nid) {
- watchdog('content', t('%type: added %title using blog API.', array('%type' => ''. t($node->type) .' ', '%title' => "$node->title ")), WATCHDOG_NOTICE, l(t('view'), "node/$nid"));
+ watchdog('content', t('%type: added %title using blog API.', array('%type' => ''. t($node->type) .' ', '%title' => ''. check_plain($node->title) .' ')), WATCHDOG_NOTICE, l(t('view'), "node/$nid"));
return new xmlrpcresp(new xmlrpcval($nid, 'string'));
}
@@ -215,7 +215,7 @@
}
$nid = node_save($node);
if ($nid) {
- watchdog('content', t('%type: updated %title using blog API.', array('%type' => ''. t($node->type) .' ', '%title' => "$node->title ")), WATCHDOG_NOTICE, l(t('view'), "node/$nid"));
+ watchdog('content', t('%type: updated %title using blog API.', array('%type' => ''. t($node->type) .' ', '%title' => ''. check_plain($node->title) .' ')), WATCHDOG_NOTICE, l(t('view'), "node/$nid"));
return new xmlrpcresp(new xmlrpcval(true, 'boolean'));
}
Index: modules/book.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/book.module,v
retrieving revision 1.286
diff -u -r1.286 book.module
--- modules/book.module 22 Mar 2005 18:34:20 -0000 1.286
+++ modules/book.module 27 Mar 2005 13:52:01 -0000
@@ -148,7 +148,7 @@
$expand[] = $node->nid;
}
- $block['subject'] = $path[0]->title;
+ $block['subject'] = check_plain($path[0]->title);
$block['content'] = book_tree($expand[0], 5, $expand);
}
}
@@ -287,7 +287,7 @@
$output .= form_submit(t('Add to book outline'));
}
- drupal_set_title($node->title);
+ drupal_set_title(check_plain($node->title));
print theme('page', form($output));
}
}
@@ -477,7 +477,7 @@
$links .= '';
$links .= l(t('previous'), 'node/'. $prev->nid, array('title' => t('View the previous page.')));
$links .= '
';
- $titles .= ''. $prev->title .'
';
+ $titles .= ''. check_plain($prev->title) .'
';
}
else {
$links .= '
'; // Make an empty div to fill the space.
@@ -486,7 +486,7 @@
$links .= '';
$links .= l(t('next'), 'node/'. $next->nid, array('title' => t('View the next page.')));
$links .= '
';
- $titles .= ''. $next->title .'
';
+ $titles .= ''. check_plain($next->title) .'
';
}
else {
$links .= '
'; // Make an empty div to fill the space.
@@ -633,7 +633,7 @@
// Allow modules to change $node->body before viewing.
node_invoke_nodeapi($node, 'view', $node->body, false);
- $output .= ''. $node->title .' ';
+ $output .= ''. check_plain($node->title) .' ';
if ($node->body) {
$output .= $node->body;
@@ -643,7 +643,7 @@
$output .= book_print_recurse($nid, $depth);
- $html = ''. $node->title .' ';
+ $html = ''. check_plain($node->title) .' ';
$html .= ' ';
$html .= "";
$html .= ''. $output .'';
@@ -671,7 +671,7 @@
// Allow modules to change $node->body before viewing.
node_invoke_nodeapi($node, 'view', $node->body, false);
- $output .= ''. $node->title .' ';
+ $output .= ''. check_plain($node->title) .' ';
if ($node->body) {
$output .= '';
@@ -707,7 +707,7 @@
if ($nid) {
$node = node_load(array('nid' => $nid));
- $output .= ''. $node->title .' ';
+ $output .= ''. check_plain($node->title) .' ';
$header = array(t('Title'), t('Weight'), array('data' => t('Operations'), 'colspan' => '3'));
$rows[] = book_admin_view_line($node);
@@ -738,7 +738,7 @@
}
}
- $message = t('Updated book %title.', array('%title' => "$book->title "));
+ $message = t('Updated book %title.', array('%title' => ''. check_plain($book->title) .' '));
watchdog('content', $message);
return $message;
Index: modules/comment.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment.module,v
retrieving revision 1.343
diff -u -r1.343 comment.module
--- modules/comment.module 20 Mar 2005 19:42:14 -0000 1.343
+++ modules/comment.module 28 Mar 2005 20:19:19 -0000
@@ -274,7 +274,7 @@
$text = '';
$comments = db_query('SELECT subject, comment, format FROM {comments} WHERE nid = %d AND status = 0', $node->nid);
while ($comment = db_fetch_object($comments)) {
- $text .= ''. $comment->subject .' '. check_output($comment->comment, $comment->format);
+ $text .= ''. check_plain($comment->subject) .' '. check_output($comment->comment, $comment->format);
}
return $text;
@@ -431,9 +431,8 @@
// Validate the comment's subject. If not specified, extract
// one from the comment's body.
- $edit['subject'] = strip_tags($edit['subject']);
- if ($edit['subject'] == '') {
- $edit['subject'] = truncate_utf8(strip_tags($edit['comment']), 29, TRUE);
+ if (trim($edit['subject']) == '') {
+ $edit['subject'] = truncate_utf8($edit['comment'], 29, TRUE);
}
// Validate the comment's body.
@@ -450,7 +449,7 @@
if (!$user->uid) {
if (variable_get('comment_anonymous', 0) > 0) {
if ($edit['name']) {
- $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", strip_tags($edit['name'])), 0);
+ $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']), 0);
if ($taken != 0) {
form_set_error('name', t('The name you used belongs to a registered user.'));
@@ -494,7 +493,7 @@
// Attach the user and time information.
$comment->uid = $user->uid;
$comment->timestamp = time();
- $comment->name = $user->name ? $user->name : $comment->name;
+ $comment->name = check_plain($user->name ? $user->name : $comment->name);
// Preview the comment.
$output .= theme('comment_view', $comment, theme('links', module_invoke_all('link', 'comment', $comment, 1)));
@@ -974,7 +973,7 @@
}
else if ($comment->cid) {
$output = theme('confirm',
- t('Are you sure you want to delete the comment %title?', array('%title' => ''. $comment->subject .' ')),
+ t('Are you sure you want to delete the comment %title?', array('%title' => ''. check_plain($comment->subject) .' ')),
'node/'. $comment->nid,
t('Any replies to this comment will be lost. This action cannot be undone.'),
t('Delete'));
@@ -1023,7 +1022,7 @@
while ($comment = db_fetch_object($result)) {
$comment->name = $comment->uid ? $comment->registered_name : $comment->name;
$rows[] = array(
- l($comment->subject, "node/$comment->nid", array('title' => htmlspecialchars(truncate_utf8($comment->comment, 128))), NULL, "comment-$comment->cid") ." ". theme('mark', node_mark($comment->nid, $comment->timestamp)),
+ l($comment->subject, "node/$comment->nid", array('title' => truncate_utf8($comment->comment, 128)), NULL, "comment-$comment->cid") ." ". theme('mark', node_mark($comment->nid, $comment->timestamp)),
format_name($comment),
($comment->status == 0 ? t('Published') : t('Not published')),
format_date($comment->timestamp, 'small'),
@@ -1624,7 +1623,7 @@
function _comment_delete_thread($comment) {
// Delete the comment:
db_query('DELETE FROM {comments} WHERE cid = %d', $comment->cid);
- watchdog('content', t('Comment: deleted %subject.', array('%subject' => "$comment->subject ")));
+ watchdog('content', t('Comment: deleted %subject.', array('%subject' => ''. check_plain($comment->subject) .' ')));
module_invoke_all('comment', 'delete', $comment);
Index: modules/contact.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact.module,v
retrieving revision 1.5
diff -u -r1.5 contact.module
--- modules/contact.module 22 Feb 2005 06:16:40 -0000 1.5
+++ modules/contact.module 9 Mar 2005 02:20:54 -0000
@@ -88,7 +88,7 @@
// Tidy up the body:
foreach ($message as $key => $value) {
- $message[$key] = wordwrap(strip_tags($value));
+ $message[$key] = wordwrap(check_plain($value));
}
// Prepare all fields:
Index: modules/filter.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/filter.module,v
retrieving revision 1.55
diff -u -r1.55 filter.module
--- modules/filter.module 18 Mar 2005 20:28:22 -0000 1.55
+++ modules/filter.module 27 Mar 2005 13:52:02 -0000
@@ -60,9 +60,9 @@
if ($allowed_html = variable_get("allowed_html_$format", ' ')) {
switch ($long) {
case 0:
- return t('Allowed HTML tags') .': '. drupal_specialchars($allowed_html);
+ return t('Allowed HTML tags') .': '. check_plain($allowed_html);
case 1:
- $output = ''. t('Allowed HTML tags') .': '. drupal_specialchars($allowed_html) .'
';
+ $output = ''. t('Allowed HTML tags') .': '. check_plain($allowed_html) .'
';
if (!variable_get("filter_html_help_$format", 1)) {
return $output;
}
@@ -111,14 +111,14 @@
if ($tips[$tag]) {
$rows[] = array(
array('data' => $tips[$tag][0], 'class' => 'description'),
- array('data' => ''. drupal_specialchars($tips[$tag][1]) .'
', 'class' => 'type'),
+ array('data' => ''. check_plain($tips[$tag][1]) .'
', 'class' => 'type'),
array('data' => $tips[$tag][1], 'class' => 'get')
);
}
}
else {
$rows[] = array(
- array('data' => t('No help provided for tag %tag.', array('%tag' => drupal_specialchars($tag))), 'class' => 'description', 'colspan' => 3),
+ array('data' => t('No help provided for tag %tag.', array('%tag' => check_plain($tag))), 'class' => 'description', 'colspan' => 3),
);
}
}
@@ -137,7 +137,7 @@
foreach ($entities as $entity) {
$rows[] = array(
array('data' => $entity[0], 'class' => 'description'),
- array('data' => ''. drupal_specialchars($entity[1]) .'
', 'class' => 'type'),
+ array('data' => ''. check_plain($entity[1]) .'
', 'class' => 'type'),
array('data' => $entity[1], 'class' => 'get')
);
}
@@ -365,7 +365,7 @@
db_query("INSERT INTO {filter_formats} (name) VALUES ('%s')", $name);
}
- drupal_set_message(t('Added input format %format.', array('%format' => ''. $edit['name'] .' ')));
+ drupal_set_message(t('Added input format %format.', array('%format' => ''. check_plain($edit['name']) .' ')));
drupal_goto('admin/filters');
}
@@ -386,7 +386,7 @@
cache_clear_all('filter:'. $edit['format'], true);
- drupal_set_message(t('Deleted input format %format.', array('%format' => ''. $edit['name'] .' ')));
+ drupal_set_message(t('Deleted input format %format.', array('%format' => ''. check_plain($edit['name']) .' ')));
}
drupal_goto('admin/filters');
}
@@ -397,7 +397,7 @@
$extra = form_hidden('format', $format->format);
$extra .= form_hidden('name', $format->name);
$output = theme('confirm',
- t('Are you sure you want to delete the input format %format?', array('%format' => ''. $format->name .' ')),
+ t('Are you sure you want to delete the input format %format?', array('%format' => ''. check_plain($format->name) .' ')),
'admin/filters',
t('If you have any content left in this input format, it will be switched to the default input format. This action cannot be undone.'),
t('Delete'),
@@ -927,7 +927,7 @@
if (variable_get("filter_html_$format", FILTER_HTML_STRIP) == FILTER_HTML_ESCAPE) {
// Escape HTML
- $text = drupal_specialchars($text);
+ $text = check_plain($text);
}
if (variable_get("filter_html_nofollow_$format", FALSE)) {
Index: modules/forum.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/forum.module,v
retrieving revision 1.240
diff -u -r1.240 forum.module
--- modules/forum.module 27 Mar 2005 22:51:47 -0000 1.240
+++ modules/forum.module 28 Mar 2005 20:15:17 -0000
@@ -228,10 +228,10 @@
if ($tree) {
foreach ($tree as $term) {
if (in_array($term->tid, variable_get('forum_containers', array()))) {
- $rows[] = array(_forum_depth($term->depth) .' '. $term->name, l(t('edit container'), "admin/forum/edit/container/$term->tid"));
+ $rows[] = array(_forum_depth($term->depth) .' '. check_plain($term->name), l(t('edit container'), "admin/forum/edit/container/$term->tid"));
}
else {
- $rows[] = array(_forum_depth($term->depth) .' '. $term->name, l(t('edit forum'), "admin/forum/edit/forum/$term->tid"));
+ $rows[] = array(_forum_depth($term->depth) .' '. check_plain($term->name), l(t('edit forum'), "admin/forum/edit/forum/$term->tid"));
}
}
@@ -381,11 +381,11 @@
}
if ($prev) {
- $links[] = l(t('previous forum topic'), "node/$prev->nid", array('title' => $prev->title));
+ $links[] = l(t('previous forum topic'), "node/$prev->nid", array('title' => check_plain($prev->title)));
}
if ($next) {
- $links[] = l(t('next forum topic'), "node/$next->nid", array('title' => $next->title));
+ $links[] = l(t('next forum topic'), "node/$next->nid", array('title' => check_plain($next->title)));
}
}
@@ -478,7 +478,7 @@
if (db_result(db_query('SELECT COUNT(*) FROM {term_data} WHERE tid = %d AND vid = %d', $term, $vocabulary))) {
if (in_array($term, $containers)) {
$term = taxonomy_get_term($term);
- form_set_error('taxonomy', t('The item %forum is only a container for forums. Please select one of the forums below it.', array('%forum' => "$term->name ")));
+ form_set_error('taxonomy', t('The item %forum is only a container for forums. Please select one of the forums below it.', array('%forum' => ''. check_plain($term->name) .' ')));
}
else {
$node->tid = $term;
@@ -878,7 +878,7 @@
if ($topic->tid != $tid) {
$rows[] = array(
array('data' => _forum_icon($topic->new, $topic->num_comments, $topic->comment_mode, $topic->sticky), 'class' => 'icon'),
- array('data' => $topic->title, 'class' => 'title'),
+ array('data' => check_plain($topic->title), 'class' => 'title'),
array('data' => l(t('This topic has been moved'), "forum/$topic->tid"), 'colspan' => '3')
);
}
Index: modules/locale.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/locale.module,v
retrieving revision 1.119
diff -u -r1.119 locale.module
--- modules/locale.module 3 Mar 2005 20:51:27 -0000 1.119
+++ modules/locale.module 13 Mar 2005 02:18:07 -0000
@@ -107,6 +107,7 @@
if ($user->language == '') {
$user->language = key($languages['name']);
}
+ $languages['name'] = array_map('check_plain', $languages['name']);
return array(array('title' => t('Interface language settings'), 'data' => form_radios(t("Language"), 'language', $user->language, $languages['name'], t("Selecting a different locale will change the interface language of the site."))));
}
}
@@ -299,7 +300,7 @@
if (isset($languages['name'][$edit['langcode']])) {
db_query("DELETE FROM {locales_meta} WHERE locale = '%s'", $edit['langcode']);
db_query("DELETE FROM {locales_target} WHERE locale = '%s'", $edit['langcode']);
- $message = t('%locale language removed.', array('%locale' => ''. t($languages['name'][$edit['langcode']]) .' '));
+ $message = t('%locale language removed.', array('%locale' => ''. check_plain(t($languages['name'][$edit['langcode']])) .' '));
drupal_set_message($message);
watchdog('locale', $message);
}
@@ -320,7 +321,7 @@
$extra = form_hidden('langcode', $langcode);
$output = theme('confirm',
- t('Are you sure you want to delete the language %name?', array('%name' => ''. t($languages['name'][$langcode]) .' ')),
+ t('Are you sure you want to delete the language %name?', array('%name' => ''. check_plain(t($languages['name'][$langcode])) .' ')),
'admin/locale/language/overview',
t('Deleting a language will remove all data associated with it. This action cannot be undone.'),
t('Delete'),
@@ -359,7 +360,7 @@
drupal_set_message(t('You need to specify both the language code and the English name of the new language.'), 'error');
}
else {
- drupal_set_message(t('The language %language (%code) is already set up.', array('%language' => ''. $edit['langname'] .' ', '%code' => ''. $edit['langcode'] .' ')), 'error');
+ drupal_set_message(t('The language %language (%code) is already set up.', array('%language' => ''. check_plain($edit['langname']) .' ', '%code' => ''. check_plain($edit['langcode']) .' ')), 'error');
}
break;
}
@@ -388,7 +389,7 @@
// Now import strings into the language
$file = file_check_upload('file');
if ($ret = _locale_import_po($file, $edit['langcode'], $edit['mode']) == FALSE) {
- $message = t('Translation import of %filename failed.', array('%filename' => "$file->filename "));
+ $message = t('Translation import of %filename failed.', array('%filename' => ''. check_plain($file->filename) .' '));
drupal_set_message($message, 'error');
watchdog('locale', $message, WATCHDOG_ERROR);
}
Index: modules/menu.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/menu.module,v
retrieving revision 1.27
diff -u -r1.27 menu.module
--- modules/menu.module 3 Mar 2005 20:51:27 -0000 1.27
+++ modules/menu.module 8 Mar 2005 23:14:40 -0000
@@ -198,10 +198,10 @@
break;
default:
if ($menu->type & MENU_IS_ROOT) {
- $message = t('Are you sure you want to delete the menu %item?', array('%item' => ''. $menu->title .' '));
+ $message = t('Are you sure you want to delete the menu %item?', array('%item' => ''. check_plain($menu->title) .' '));
}
else {
- $message = t('Are you sure you want to delete the custom menu item %item?', array('%item' => ''. $menu->title .' '));
+ $message = t('Are you sure you want to delete the custom menu item %item?', array('%item' => ''. check_plain($menu->title) .' '));
}
$output = theme('confirm', $message, 'admin/menu', t('This action cannot be undone.'), t('Delete'));
print theme('page', $output);
Index: modules/node.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/node.module,v
retrieving revision 1.481
diff -u -r1.481 node.module
--- modules/node.module 27 Mar 2005 21:34:50 -0000 1.481
+++ modules/node.module 28 Mar 2005 20:15:17 -0000
@@ -990,7 +990,7 @@
if (user_access('administer nodes')) {
$node = node_load(array('nid' => $nid));
- drupal_set_title($node->title);
+ drupal_set_title(check_plain($node->title));
if ($node->revisions) {
$header = array(t('Older revisions'), array('colspan' => '3', 'data' => t('Operations')));
@@ -1059,7 +1059,7 @@
node_save($rev, $filter);
- drupal_set_message(t('Rolled back to revision %revision of %title', array('%revision' => "#$revision ", '%title' => "$node->title ")));
+ drupal_set_message(t('Rolled back to revision %revision of %title', array('%revision' => "#$revision ", '%title' => ''. check_plain($node->title) .' ')));
drupal_goto('node/'. $nid .'/revisions');
}
}
@@ -1075,7 +1075,7 @@
node_save($node, array('nid', 'revisions'));
- drupal_set_message(t('Deleted revision %revision of %title', array('%revision' => "#$revision ", '%title' => "$node->title ")));
+ drupal_set_message(t('Deleted revision %revision of %title', array('%revision' => "#$revision ", '%title' => ''. check_plain($node->title) .' ')));
drupal_goto('node/'. $nid . (count($node->revisions) ? '/revisions' : ''));
}
}
@@ -1199,9 +1199,8 @@
// Validate the title field.
if (isset($node->title)) {
- $node->title = strip_tags($node->title);
- if (!$node->title) {
- form_set_error('title', t('You have to specify a valid title.'));
+ if (trim($node->title) == '') {
+ form_set_error('title', t('You have to specify a title.'));
}
}
@@ -1309,7 +1308,7 @@
$output .= '';
// Add hidden 'op' variable, which specifies the default operation (Preview).
- $output .= ' \n";
+ $output .= ' \n";
// Add the admin-specific parts.
if (user_access('administer nodes')) {
@@ -1455,7 +1454,7 @@
$node = node_load(array('nid' => $id));
- drupal_set_title($node->title);
+ drupal_set_title(check_plain($node->title));
$output = node_form($node);
@@ -1560,7 +1559,7 @@
// perform this operation:
if (node_access('update', $node)) {
$node->nid = node_save($node);
- watchdog('content', t('%type: updated %title.', array('%type' => ''. t($node->type) .' ', '%title' => "$node->title ")), WATCHDOG_NOTICE, l(t('view'), 'node/'. $node->nid));
+ watchdog('content', t('%type: updated %title.', array('%type' => ''. t($node->type) .' ', '%title' => ''. check_plain($node->title) .' ')), WATCHDOG_NOTICE, l(t('view'), 'node/'. $node->nid));
$msg = t('The %post was updated.', array ('%post' => node_invoke($node, 'node_name')));
}
}
@@ -1569,7 +1568,7 @@
// perform this operation:
if (node_access('create', $node)) {
$node->nid = node_save($node);
- watchdog('content', t('%type: added %title.', array('%type' => ''. t($node->type) .' ', '%title' => "$node->title ")), WATCHDOG_NOTICE, l(t('view'), "node/$node->nid"));
+ watchdog('content', t('%type: added %title.', array('%type' => ''. t($node->type) .' ', '%title' => ''. check_plain($node->title) .' ')), WATCHDOG_NOTICE, l(t('view'), "node/$node->nid"));
$msg = t('Your %post was created.', array ('%post' => node_invoke($node, 'node_name')));
}
}
@@ -1603,12 +1602,12 @@
search_wipe($node->nid, 'node');
}
- watchdog('content', t('%type: deleted %title.', array('%type' => ''. t($node->type) .' ', '%title' => "$node->title ")));
+ watchdog('content', t('%type: deleted %title.', array('%type' => ''. t($node->type) .' ', '%title' => ''. check_plain($node->title) .' ')));
}
else {
$extra = form_hidden('nid', $node->nid);
$output = theme('confirm',
- t('Are you sure you want to delete %title?', array('%title' => ''. $node->title .' ')),
+ t('Are you sure you want to delete %title?', array('%title' => ''. check_plain($node->title) .' ')),
$_GET['destination'] ? $_GET['destination'] : 'node/'. $node->nid,
t('This action cannot be undone.'),
t('Delete'),
@@ -1681,7 +1680,7 @@
if (is_numeric(arg(1))) {
$node = node_load(array('nid' => arg(1)), $_GET['revision']);
if ($node->nid) {
- drupal_set_title($node->title);
+ drupal_set_title(check_plain($node->title));
print theme('page', node_show($node, arg(2)));
}
else {
@@ -1758,7 +1757,7 @@
// Allow modules to change $node->body before viewing.
node_invoke_nodeapi($node, 'view', false, false);
- $text = '
'. drupal_specialchars($node->title) .' '. $node->body;
+ $text = ''. check_plain($node->title) .' '. $node->body;
// Fetch extra data normally not visible
$extra = node_invoke_nodeapi($node, 'update index');
Index: modules/path.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/path.module,v
retrieving revision 1.54
diff -u -r1.54 path.module
--- modules/path.module 10 Feb 2005 19:30:08 -0000 1.54
+++ modules/path.module 28 Mar 2005 20:26:02 -0000
@@ -296,15 +296,15 @@
$pid = $edit['pid'];
if (!valid_url($src)) {
- form_set_error('src', t('The system path %path is invalid.', array('%path' => "$src ")));
+ form_set_error('src', t('The system path %path is invalid.', array('%path' => ''. check_plain($src) .' ')));
}
if (!valid_url($dst)) {
- form_set_error('dst', t('The alias %alias is invalid.', array('%alias' => "$dst ")));
+ form_set_error('dst', t('The alias %alias is invalid.', array('%alias' => ''. check_plain($dst) .' ')));
}
if (db_result(db_query("SELECT COUNT(dst) FROM {url_alias} WHERE pid != %d AND dst = '%s'", $pid, $dst))) {
- form_set_error('dst', t('The alias %alias is already in use.', array('%alias' => "$dst ")));
+ form_set_error('dst', t('The alias %alias is already in use.', array('%alias' => ''. check_plain($dst) .' ')));
}
if (form_get_errors()) {
Index: modules/poll.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/poll.module,v
retrieving revision 1.160
diff -u -r1.160 poll.module
--- modules/poll.module 18 Mar 2005 09:00:40 -0000 1.160
+++ modules/poll.module 27 Mar 2005 13:52:02 -0000
@@ -307,9 +307,9 @@
if ($node->choice) {
$list = array();
foreach ($node->choice as $i => $choice) {
- $list[$i] = drupal_specialchars($choice['chtext']);
+ $list[$i] = check_plain($choice['chtext']);
}
- $form .= form_radios($page ? '' : $node->title, 'choice', -1, $list);
+ $form .= form_radios($page ? '' : check_plain($node->title), 'choice', -1, $list);
}
$form .= '';
$form .= form_hidden('nid', $node->nid);
@@ -336,12 +336,12 @@
// Output the divs for the text, bars and percentages
$output .= '';
if ($block) {
- $output .= '
'. $node->title .'
';
+ $output .= '
'. check_plain($node->title) .'
';
}
foreach ($node->choice as $i => $choice) {
if ($choice['chtext'] != '') {
$percentage = round($choice['chvotes'] * 100 / max($votestotal, 1));
- $output .= '
'. drupal_specialchars($choice['chtext']) .'
';
+ $output .= '
'. check_plain($choice['chtext']) .'
';
$output .= '
';
$output .= '
';
$output .= '
';
@@ -360,7 +360,7 @@
*/
function poll_results() {
if ($node = node_load(array('nid' => arg(1)))) {
- drupal_set_title($node->title);
+ drupal_set_title(check_plain($node->title));
print theme('page', node_show($node, 0));
}
else {
Index: modules/profile.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/profile.module,v
retrieving revision 1.88
diff -u -r1.88 profile.module
--- modules/profile.module 18 Mar 2005 07:07:04 -0000 1.88
+++ modules/profile.module 27 Mar 2005 13:52:02 -0000
@@ -107,7 +107,7 @@
$output .= theme('pager', NULL, 20);
if ($field->type == 'selection' || $field->type == 'list') {
- $title = strtr($field->page, array('%value' => $value));
+ $title = strtr($field->page, array('%value' => check_plain($value)));
}
else {
$title = $field->page;
@@ -178,15 +178,15 @@
if ($value = $user->{$field->name}) {
switch ($field->type) {
case 'textfield':
- return drupal_specialchars($value);
+ return check_plain($value);
case 'textarea':
return check_output($value);
case 'selection':
- return $browse ? l(drupal_specialchars($value), "profile/$field->name/". check_url($value)) : drupal_specialchars($value);
+ return $browse ? l($value, "profile/$field->name/$value") : check_plain($value);
case 'checkbox':
- return $browse ? l(strip_tags($field->title), "profile/$field->name") : drupal_specialchars($field->title);
+ return $browse ? l($field->title, "profile/$field->name") : check_plain($field->title);
case 'url':
- return '
'. drupal_specialchars($value) .' ';
+ return '
'. check_plain($value) .' ';
case 'date':
list($format) = explode(' - ', variable_get('date_format_short', 'm/d/Y - H:i'), 2);
// Note: we avoid PHP's date() because it does not handle dates before
@@ -203,7 +203,7 @@
$fields = array();
foreach ($values as $value) {
if ($value = trim($value)) {
- $fields[] = $browse ? l(drupal_specialchars($value), "profile/$field->name/". check_url($value)) : drupal_specialchars($value);
+ $fields[] = $browse ? l($value, "profile/$field->name/$value") : check_plain($value);
}
}
return implode(', ', $fields);
@@ -226,7 +226,7 @@
while ($field = db_fetch_object($result)) {
if ($value = profile_view_field($user, $field)) {
$description = ($field->visibility == PROFILE_PRIVATE) ? t('The content of this field is private and only visible to yourself.') : '';
- $title = ($field->type != 'checkbox') ? $field->title : '';
+ $title = ($field->type != 'checkbox') ? check_plain($field->title) : '';
$fields[$field->category] .= form_item($title, $value, $description);
}
}
@@ -264,16 +264,16 @@
switch ($field->type) {
case 'textfield':
case 'url':
- $fields[$category] .= form_textfield($field->title, $field->name, $edit[$field->name], 70, 255, _profile_form_explanation($field), NULL, $field->required);
+ $fields[$category] .= form_textfield(check_plain($field->title), $field->name, $edit[$field->name], 70, 255, _profile_form_explanation($field), NULL, $field->required);
break;
case 'textarea':
- $fields[$category] .= form_textarea($field->title, $field->name, $edit[$field->name], 70, 5, _profile_form_explanation($field), NULL, $field->required);
+ $fields[$category] .= form_textarea(check_plain($field->title), $field->name, $edit[$field->name], 70, 5, _profile_form_explanation($field), NULL, $field->required);
break;
case 'list':
- $fields[$category] .= form_textarea($field->title, $field->name, $edit[$field->name], 70, 5, _profile_form_explanation($field), NULL, $field->required);
+ $fields[$category] .= form_textarea(check_plain($field->title), $field->name, $edit[$field->name], 70, 5, _profile_form_explanation($field), NULL, $field->required);
break;
case 'checkbox':
- $fields[$category] .= form_checkbox($field->title, $field->name, 1, $edit[$field->name], _profile_form_explanation($field), NULL, $field->required);
+ $fields[$category] .= form_checkbox(check_plain($field->title), $field->name, 1, $edit[$field->name], _profile_form_explanation($field), NULL, $field->required);
break;
case 'selection':
$options = array('--');
@@ -284,7 +284,7 @@
}
}
- $fields[$category] .= form_select($field->title, $field->name, $edit[$field->name], $options, _profile_form_explanation($field), 0, 0, $field->required);
+ $fields[$category] .= form_select(check_plain($field->title), $field->name, $edit[$field->name], $options, _profile_form_explanation($field), 0, 0, $field->required);
break;
case 'date':
$fields[$category] .= _profile_date_field($field, $edit);
@@ -338,7 +338,7 @@
}
$output .= '
';
- return form_item($field->title, $output, _profile_form_explanation($field), NULL, $field->required);
+ return form_item(check_plain($field->title), $output, _profile_form_explanation($field), NULL, $field->required);
}
/**
@@ -362,12 +362,12 @@
if ($edit[$field->name]) {
if ($field->type == 'url') {
if (!valid_url($edit[$field->name], true)) {
- form_set_error($field->name, t('The value provided for %field is not a valid URL.', array('%field' => "$field->title ")));
- }
+ form_set_error($field->name, t('The value provided for %field is not a valid URL.', array('%field' => ''. check_plain($field->title) .' ')));
+ }
}
}
else if ($field->required && !user_access('administer users')) {
- form_set_error($field->name, t('The field %field is required.', array('%field' => "$field->title ")));
+ form_set_error($field->name, t('The field %field is required.', array('%field' => ''. check_plain($field->title) .' ')));
}
}
@@ -377,7 +377,7 @@
function profile_categories() {
$result = db_query("SELECT DISTINCT(category) FROM {profile_fields}");
while ($category = db_fetch_object($result)) {
- $data[] = array('name' => drupal_specialchars($category->category), 'title' => $category->category, 'weight' => 3);
+ $data[] = array('name' => check_plain($category->category), 'title' => $category->category, 'weight' => 3);
}
return $data;
}
@@ -539,7 +539,7 @@
$result = db_query('SELECT * FROM {profile_fields} ORDER BY category, weight');
$rows = array();
while ($field = db_fetch_object($result)) {
- $rows[] = array($field->title, $field->name, _profile_field_types($field->type), $field->category, l(t('edit'), "admin/settings/profile/edit/$field->fid"), l(t('delete'), "admin/settings/profile/delete/$field->fid"));
+ $rows[] = array(check_plain($field->title), $field->name, _profile_field_types($field->type), $field->category, l(t('edit'), "admin/settings/profile/edit/$field->fid"), l(t('delete'), "admin/settings/profile/delete/$field->fid"));
}
if (count($rows) == 0) {
$rows[] = array(array('data' => t('No fields defined.'), 'colspan' => '6'));
Index: modules/queue.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/queue.module,v
retrieving revision 1.126
diff -u -r1.126 queue.module
--- modules/queue.module 18 Mar 2005 09:29:58 -0000 1.126
+++ modules/queue.module 27 Mar 2005 13:52:03 -0000
@@ -78,34 +78,34 @@
$node->moderate = 0;
$node->promote = 1;
node_save($node);
- watchdog('content', t('Moderation: approved %title.', array('%title' => "$node->title ")));
+ watchdog('content', t('Moderation: approved %title.', array('%title' => ''. check_plain($node->title) .' ')));
drupal_set_message(t('The post is promoted.'));
}
else if (variable_get('queue_threshold_dump', -2) >= $node->score) {
if ($node->revisions) {
node_revision_rollback($node, end(node_revision_list($node)));
- watchdog('content', t('Moderation: declined %title (rollback).', array('%title' => "$node->title ")));
+ watchdog('content', t('Moderation: declined %title (rollback).', array('%title' => ''. check_plain($node->title) .' ')));
drupal_set_message(t('The post has been declined and the previous version has been restored.'));
}
else {
$node->moderate = 0;
$node->status = 0;
node_save($node);
- watchdog('content', t('Moderation: declined %title.', array('%title' => "$node->title ")));
+ watchdog('content', t('Moderation: declined %title.', array('%title' => ''. check_plain($node->title) .' ')));
drupal_set_message(t('The post has been declined.'));
}
}
else if (variable_get('queue_threshold_expire', 8) <= $node->votes) {
if ($node->revisions) {
node_revision_rollback($node, end(node_revision_list($node)));
- watchdog('content', t('Moderation: expired %title (rollback).', array('%title' => "$node->title ")));
+ watchdog('content', t('Moderation: expired %title (rollback).', array('%title' => ''. check_plain($node->title) .' ')));
drupal_set_message(t('The post has expired and the previous version has been restored.'));
}
else {
$node->moderate = 0;
$node->status = 0;
node_save($node);
- watchdog('content', t('Moderation: expired %title.', array('%title' => "$node->title ")));
+ watchdog('content', t('Moderation: expired %title.', array('%title' => ''. check_plain($node->title) .' ')));
drupal_set_message(t('The post has expired.'));
}
}
Index: modules/search.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/search.module,v
retrieving revision 1.120
diff -u -r1.120 search.module
--- modules/search.module 18 Mar 2005 20:31:00 -0000 1.120
+++ modules/search.module 27 Mar 2005 13:52:03 -0000
@@ -503,7 +503,7 @@
$message = format_plural(count($refused),
'The word %words was not included because it is too short.',
'The words %words were not included because they were too short.');
- drupal_set_message(strtr($message, array('%words' => ''. drupal_specialchars(implode(', ', $refused)) .' ')));
+ drupal_set_message(strtr($message, array('%words' => ''. check_plain(implode(', ', $refused)) .' ')));
}
if (count($words) == 0) {
@@ -559,7 +559,7 @@
if ($type == '') {
$type = 'node';
}
- drupal_goto('search/'. $type .'/'. urlencode($_POST['edit']['keys']));
+ drupal_goto('search/'. urlencode($type) .'/'. urlencode($_POST['edit']['keys']));
}
else if ($type == '') {
// Note: search/node can not be a default tab because it would take on the
@@ -574,9 +574,9 @@
if (trim($keys)) {
// Log the search keys:
watchdog('search',
- t('Search: %keys (%type).', array('%keys' => "$keys ", '%type' => module_invoke($type, 'search', 'name'))),
+ t('Search: %keys (%type).', array('%keys' => ''. check_plain($keys) .' ', '%type' => module_invoke($type, 'search', 'name'))),
WATCHDOG_NOTICE,
- l(t('results'), 'search', NULL, 'keys='. urlencode($keys) . '&type='. urlencode($type))
+ l(t('results'), 'search/'. urlencode($type) .'/'. urlencode($keys))
);
// Collect the search results:
@@ -833,7 +833,7 @@
$output = module_invoke($type, 'search_item', $item);
}
else {
- $output = ' '. $item['title'] .' ';
+ $output = ' '. check_plain($item['title']) .' ';
$info = array();
if ($item['type']) {
$info[] = $item['type'];
Index: modules/statistics.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/statistics.module,v
retrieving revision 1.185
diff -u -r1.185 statistics.module
--- modules/statistics.module 18 Mar 2005 07:07:04 -0000 1.185
+++ modules/statistics.module 27 Mar 2005 13:52:03 -0000
@@ -183,7 +183,7 @@
$rows[] = array(array('data' => $pager, 'colspan' => '4'));
}
- drupal_set_title($node->title);
+ drupal_set_title(check_plain($node->title));
print theme('page', theme('table', $header, $rows));
}
else {
Index: modules/taxonomy.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/taxonomy.module,v
retrieving revision 1.187
diff -u -r1.187 taxonomy.module
--- modules/taxonomy.module 21 Mar 2005 20:58:56 -0000 1.187
+++ modules/taxonomy.module 27 Mar 2005 13:52:03 -0000
@@ -130,7 +130,7 @@
db_query("INSERT INTO {vocabulary_node_types} (vid, type) VALUES (%d, '%s')", $edit['vid'], $type);
}
module_invoke_all('taxonomy', 'update', 'vocabulary', $edit);
- $message = t('Updated vocabulary %name.', array('%name' => ''. $edit['name'] .' '));
+ $message = t('Updated vocabulary %name.', array('%name' => ''. check_plain($edit['name']) .' '));
}
else if ($edit['vid']) {
$message = taxonomy_del_vocabulary($edit['vid']);
@@ -142,7 +142,7 @@
db_query("INSERT INTO {vocabulary_node_types} (vid, type) VALUES (%d, '%s')", $edit['vid'], $type);
}
module_invoke_all('taxonomy', 'insert', 'vocabulary', $edit);
- $message = t('Created new vocabulary %name.', array('%name' => ''. $edit['name'] .' '));
+ $message = t('Created new vocabulary %name.', array('%name' => ''. check_plain($edit['name']) .' '));
}
cache_clear_all();
@@ -236,7 +236,7 @@
db_query('UPDATE {term_data} SET '. _taxonomy_prepare_update($data) .' WHERE tid = %d', $edit['tid']);
module_invoke_all('taxonomy', 'update', 'term', $edit);
- $message = t('The term %term has been updated.', array('%term' => ''. $edit['name'] .' '));
+ $message = t('The term %term has been updated.', array('%term' => ''. check_plain($edit['name']) .' '));
}
else if ($edit['tid']) {
return taxonomy_del_term($edit['tid']);
@@ -246,7 +246,7 @@
$data = array('tid' => $edit['tid'], 'name' => $edit['name'], 'description' => $edit['description'], 'vid' => $edit['vid'], 'weight' => $edit['weight']);
db_query('INSERT INTO {term_data} '. _taxonomy_prepare_insert($data, 1) .' VALUES '. _taxonomy_prepare_insert($data, 2));
module_invoke_all('taxonomy', 'insert', 'term', $edit);
- $message = t('Created new term %term.', array('%term' => ''. $edit['name'] .' '));
+ $message = t('Created new term %term.', array('%term' => ''. check_plain($edit['name']) .' '));
}
db_query('DELETE FROM {term_relation} WHERE tid1 = %d OR tid2 = %d', $edit['tid'], $edit['tid']);
@@ -315,7 +315,7 @@
db_query('DELETE FROM {term_node} WHERE tid = %d', $tid);
module_invoke_all('taxonomy', 'delete', 'term', $term);
- drupal_set_message(t('Deleted term %name.', array('%name' => ''. $term->name .' ')));
+ drupal_set_message(t('Deleted term %name.', array('%name' => ''. check_plain($term->name) .' ')));
}
$tids = $orphans;
@@ -331,7 +331,7 @@
$extra .= form_hidden('tid', $tid);
$output = theme('confirm',
- t('Are you sure you want to delete the term %title?', array('%title' => ''. $term->name .' ')),
+ t('Are you sure you want to delete the term %title?', array('%title' => ''. check_plain($term->name) .' ')),
'admin/taxonomy',
t('Deleting a term will delete all its children if there are any. This action cannot be undone.'),
t('Delete'),
@@ -357,13 +357,13 @@
$types[] = $node_type ? $node_type : $type;
}
- $rows[] = array($vocabulary->name, implode(', ', $types), l(t('edit vocabulary'), "admin/taxonomy/edit/vocabulary/$vocabulary->vid"), l(t('add term'), "admin/taxonomy/add/term/$vocabulary->vid"), l(t('preview form'), "admin/taxonomy/preview/vocabulary/$vocabulary->vid"));
+ $rows[] = array(check_plain($vocabulary->name), implode(', ', $types), l(t('edit vocabulary'), "admin/taxonomy/edit/vocabulary/$vocabulary->vid"), l(t('add term'), "admin/taxonomy/add/term/$vocabulary->vid"), l(t('preview form'), "admin/taxonomy/preview/vocabulary/$vocabulary->vid"));
$tree = taxonomy_get_tree($vocabulary->vid);
if ($tree) {
unset($data);
foreach ($tree as $term) {
- $data .= _taxonomy_depth($term->depth) .' '. $term->name .' ('. l(t('edit term'), "admin/taxonomy/edit/term/$term->tid") .') ';
+ $data .= _taxonomy_depth($term->depth) .' '. check_plain($term->name) .' ('. l(t('edit term'), "admin/taxonomy/edit/term/$term->tid") .') ';
}
$rows[] = array(array('data' => $data, 'colspan' => '5'));
}
@@ -390,7 +390,7 @@
$blank = '<'. t('none') .'>';
}
- return _taxonomy_term_select($vocabulary->name, $name, $value, $vid, $help, intval($vocabulary->multiple), $blank);
+ return _taxonomy_term_select(check_plain($vocabulary->name), $name, $value, $vid, $help, intval($vocabulary->multiple), $blank);
}
/**
Index: modules/upload.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/upload.module,v
retrieving revision 1.29
diff -u -r1.29 upload.module
--- modules/upload.module 18 Mar 2005 08:05:47 -0000 1.29
+++ modules/upload.module 27 Mar 2005 13:52:03 -0000
@@ -169,7 +169,7 @@
$total_usersize = upload_count_size($user->uid) + $filesize;
if ($maxsize && $total_size > $maxsize) {
- form_set_error('upload', t('Error attaching file %name: total file size exceeded', array('%name' => "$file->filename ")));
+ form_set_error('upload', t('Error attaching file %name: total file size exceeded', array('%name' => ''. check_plain($file->filename) .' ')));
break;
}
@@ -207,13 +207,13 @@
}
if ($error['extension'] == count($user->roles) && $user->uid != 1) {
- form_set_error('upload', t('Error attaching file %name: invalid extension', array('%name' => "$file->filename ")));
+ form_set_error('upload', t('Error attaching file %name: invalid extension', array('%name' => ''. check_plain($file->filename) .' ')));
}
elseif ($error['uploadsize'] == count($user->roles) && $user->uid != 1) {
- form_set_error('upload', t('Error attaching file %name: exceeds maximum file size', array('%name' => "$file->filename ")));
+ form_set_error('upload', t('Error attaching file %name: exceeds maximum file size', array('%name' => ''. check_plain($file->filename) .' ')));
}
elseif ($error['usersize'] == count($user->roles) && $user->uid != 1) {
- form_set_error('upload', t('Error attaching file %name: exceeds maximum file size', array('%name' => "$file->filename ")));
+ form_set_error('upload', t('Error attaching file %name: exceeds maximum file size', array('%name' => ''. check_plain($file->filename) .' ')));
}
else {
$key = 'upload_'. count($_SESSION['file_uploads']);
Index: modules/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user.module,v
retrieving revision 1.452
diff -u -r1.452 user.module
--- modules/user.module 18 Mar 2005 07:07:04 -0000 1.452
+++ modules/user.module 27 Mar 2005 13:52:03 -0000
@@ -594,7 +594,7 @@
$alt = t('%user\'s picture', array('%user' => $account->name ? $account->name : variable_get('anonymous', 'Anonymous')));
$picture = theme('image', $picture, $alt, $alt, '', false);
if ($account->uid) {
- $picture = l($picture, "user/$account->uid", array('title' => t('View user profile.')));
+ $picture = l($picture, "user/$account->uid", array('title' => t('View user profile.')), NULL, NULL, FALSE, TRUE);
}
return "$picture
";
cvs diff: Diffing scripts
cvs diff: Diffing sites
cvs diff: Diffing sites/default
cvs diff: Diffing themes
cvs diff: Diffing themes/bluemarine
cvs diff: Diffing themes/chameleon
Index: themes/chameleon/chameleon.theme
===================================================================
RCS file: /cvs/drupal/drupal/themes/chameleon/chameleon.theme,v
retrieving revision 1.24
diff -u -r1.24 chameleon.theme
--- themes/chameleon/chameleon.theme 15 Dec 2004 21:19:42 -0000 1.24
+++ themes/chameleon/chameleon.theme 12 Mar 2005 20:24:48 -0000
@@ -107,7 +107,7 @@
$output = "\n";
if (!$page) {
- $output .= "
". ($main ? l($node->title, "node/$node->nid") : $node->title) ." \n";
+ $output .= "
". ($main ? l($node->title, "node/$node->nid") : check_plain($node->title)) ." \n";
}
$output .= "
\n";
cvs diff: Diffing themes/chameleon/marvin
cvs diff: Diffing themes/engines
cvs diff: Diffing themes/engines/xtemplate
Index: themes/engines/xtemplate/xtemplate.engine
===================================================================
RCS file: /cvs/drupal/drupal/themes/engines/xtemplate/xtemplate.engine,v
retrieving revision 1.11
diff -u -r1.11 xtemplate.engine
--- themes/engines/xtemplate/xtemplate.engine 24 Dec 2004 06:39:59 -0000 1.11
+++ themes/engines/xtemplate/xtemplate.engine 9 Mar 2005 02:48:36 -0000
@@ -45,7 +45,7 @@
array("%a" => format_name($node),
"%b" => format_date($node->created))) : '',
"link" => url("node/$node->nid"),
- "title" => $node->title,
+ "title" => check_plain($node->title),
"author" => format_name($node),
"date" => format_date($node->created),
"sticky" => ($main && $node->sticky) ? 'sticky' : '',
@@ -116,7 +116,7 @@
$xtemplate->template->assign(array(
"language" => $GLOBALS['locale'],
- "head_title" => (drupal_get_title() ? drupal_get_title() ." | ". variable_get("site_name", "drupal") : variable_get("site_name", "drupal") ." | ". variable_get("site_slogan", "")),
+ "head_title" => (drupal_get_title() ? strip_tags(drupal_get_title()) ." | ". variable_get("site_name", "drupal") : variable_get("site_name", "drupal") ." | ". variable_get("site_slogan", "")),
"head" => drupal_get_html_head(),
"styles" => theme_get_styles(),
"onload_attributes" => theme_onload_attribute(),
cvs diff: Diffing themes/pushbutton
***** CVS exited normally with code 1 *****