')) {
switch ($long) {
case 0:
- return t('Allowed HTML tags') .': '. drupal_specialchars($allowed_html);
+ return t('Allowed HTML tags') .': '. check_plain($allowed_html);
case 1:
- $output = ''. t('Allowed HTML tags') .': '. drupal_specialchars($allowed_html) .'
';
+ $output = ''. t('Allowed HTML tags') .': '. check_plain($allowed_html) .'
';
if (!variable_get("filter_html_help_$format", 1)) {
return $output;
}
@@ -111,14 +111,14 @@
if ($tips[$tag]) {
$rows[] = array(
array('data' => $tips[$tag][0], 'class' => 'description'),
- array('data' => ''. drupal_specialchars($tips[$tag][1]) .'', 'class' => 'type'),
+ array('data' => ''. check_plain($tips[$tag][1]) .'', 'class' => 'type'),
array('data' => $tips[$tag][1], 'class' => 'get')
);
}
}
else {
$rows[] = array(
- array('data' => t('No help provided for tag %tag.', array('%tag' => drupal_specialchars($tag))), 'class' => 'description', 'colspan' => 3),
+ array('data' => t('No help provided for tag %tag.', array('%tag' => check_plain($tag))), 'class' => 'description', 'colspan' => 3),
);
}
}
@@ -137,7 +137,7 @@
foreach ($entities as $entity) {
$rows[] = array(
array('data' => $entity[0], 'class' => 'description'),
- array('data' => ''. drupal_specialchars($entity[1]) .'', 'class' => 'type'),
+ array('data' => ''. check_plain($entity[1]) .'', 'class' => 'type'),
array('data' => $entity[1], 'class' => 'get')
);
}
@@ -365,7 +365,7 @@
db_query("INSERT INTO {filter_formats} (name) VALUES ('%s')", $name);
}
- drupal_set_message(t('Added input format %format.', array('%format' => ''. $edit['name'] .' ')));
+ drupal_set_message(t('Added input format %format.', array('%format' => ''. check_plain($edit['name']) .' ')));
drupal_goto('admin/filters');
}
@@ -386,7 +386,7 @@
cache_clear_all('filter:'. $edit['format'], true);
- drupal_set_message(t('Deleted input format %format.', array('%format' => ''. $edit['name'] .' ')));
+ drupal_set_message(t('Deleted input format %format.', array('%format' => ''. check_plain($edit['name']) .' ')));
}
drupal_goto('admin/filters');
}
@@ -397,7 +397,7 @@
$extra = form_hidden('format', $format->format);
$extra .= form_hidden('name', $format->name);
$output = theme('confirm',
- t('Are you sure you want to delete the input format %format?', array('%format' => ''. $format->name .' ')),
+ t('Are you sure you want to delete the input format %format?', array('%format' => ''. check_plain($format->name) .' ')),
'admin/filters',
t('If you have any content left in this input format, it will be switched to the default input format. This action cannot be undone.'),
t('Delete'),
@@ -927,7 +927,7 @@
if (variable_get("filter_html_$format", FILTER_HTML_STRIP) == FILTER_HTML_ESCAPE) {
// Escape HTML
- $text = drupal_specialchars($text);
+ $text = check_plain($text);
}
if (variable_get("filter_html_nofollow_$format", FALSE)) {
Index: modules/forum.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/forum.module,v
retrieving revision 1.240
diff -u -r1.240 forum.module
--- modules/forum.module 27 Mar 2005 22:51:47 -0000 1.240
+++ modules/forum.module 28 Mar 2005 20:15:17 -0000
@@ -228,10 +228,10 @@
if ($tree) {
foreach ($tree as $term) {
if (in_array($term->tid, variable_get('forum_containers', array()))) {
- $rows[] = array(_forum_depth($term->depth) .' '. $term->name, l(t('edit container'), "admin/forum/edit/container/$term->tid"));
+ $rows[] = array(_forum_depth($term->depth) .' '. check_plain($term->name), l(t('edit container'), "admin/forum/edit/container/$term->tid"));
}
else {
- $rows[] = array(_forum_depth($term->depth) .' '. $term->name, l(t('edit forum'), "admin/forum/edit/forum/$term->tid"));
+ $rows[] = array(_forum_depth($term->depth) .' '. check_plain($term->name), l(t('edit forum'), "admin/forum/edit/forum/$term->tid"));
}
}
@@ -381,11 +381,11 @@
}
if ($prev) {
- $links[] = l(t('previous forum topic'), "node/$prev->nid", array('title' => $prev->title));
+ $links[] = l(t('previous forum topic'), "node/$prev->nid", array('title' => check_plain($prev->title)));
}
if ($next) {
- $links[] = l(t('next forum topic'), "node/$next->nid", array('title' => $next->title));
+ $links[] = l(t('next forum topic'), "node/$next->nid", array('title' => check_plain($next->title)));
}
}
@@ -478,7 +478,7 @@
if (db_result(db_query('SELECT COUNT(*) FROM {term_data} WHERE tid = %d AND vid = %d', $term, $vocabulary))) {
if (in_array($term, $containers)) {
$term = taxonomy_get_term($term);
- form_set_error('taxonomy', t('The item %forum is only a container for forums. Please select one of the forums below it.', array('%forum' => "$term->name ")));
+ form_set_error('taxonomy', t('The item %forum is only a container for forums. Please select one of the forums below it.', array('%forum' => ''. check_plain($term->name) .' ')));
}
else {
$node->tid = $term;
@@ -878,7 +878,7 @@
if ($topic->tid != $tid) {
$rows[] = array(
array('data' => _forum_icon($topic->new, $topic->num_comments, $topic->comment_mode, $topic->sticky), 'class' => 'icon'),
- array('data' => $topic->title, 'class' => 'title'),
+ array('data' => check_plain($topic->title), 'class' => 'title'),
array('data' => l(t('This topic has been moved'), "forum/$topic->tid"), 'colspan' => '3')
);
}
Index: modules/locale.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/locale.module,v
retrieving revision 1.119
diff -u -r1.119 locale.module
--- modules/locale.module 3 Mar 2005 20:51:27 -0000 1.119
+++ modules/locale.module 13 Mar 2005 02:18:07 -0000
@@ -107,6 +107,7 @@
if ($user->language == '') {
$user->language = key($languages['name']);
}
+ $languages['name'] = array_map('check_plain', $languages['name']);
return array(array('title' => t('Interface language settings'), 'data' => form_radios(t("Language"), 'language', $user->language, $languages['name'], t("Selecting a different locale will change the interface language of the site."))));
}
}
@@ -299,7 +300,7 @@
if (isset($languages['name'][$edit['langcode']])) {
db_query("DELETE FROM {locales_meta} WHERE locale = '%s'", $edit['langcode']);
db_query("DELETE FROM {locales_target} WHERE locale = '%s'", $edit['langcode']);
- $message = t('%locale language removed.', array('%locale' => ''. t($languages['name'][$edit['langcode']]) .' '));
+ $message = t('%locale language removed.', array('%locale' => ''. check_plain(t($languages['name'][$edit['langcode']])) .' '));
drupal_set_message($message);
watchdog('locale', $message);
}
@@ -320,7 +321,7 @@
$extra = form_hidden('langcode', $langcode);
$output = theme('confirm',
- t('Are you sure you want to delete the language %name?', array('%name' => ''. t($languages['name'][$langcode]) .' ')),
+ t('Are you sure you want to delete the language %name?', array('%name' => ''. check_plain(t($languages['name'][$langcode])) .' ')),
'admin/locale/language/overview',
t('Deleting a language will remove all data associated with it. This action cannot be undone.'),
t('Delete'),
@@ -359,7 +360,7 @@
drupal_set_message(t('You need to specify both the language code and the English name of the new language.'), 'error');
}
else {
- drupal_set_message(t('The language %language (%code) is already set up.', array('%language' => ''. $edit['langname'] .' ', '%code' => ''. $edit['langcode'] .' ')), 'error');
+ drupal_set_message(t('The language %language (%code) is already set up.', array('%language' => ''. check_plain($edit['langname']) .' ', '%code' => ''. check_plain($edit['langcode']) .' ')), 'error');
}
break;
}
@@ -388,7 +389,7 @@
// Now import strings into the language
$file = file_check_upload('file');
if ($ret = _locale_import_po($file, $edit['langcode'], $edit['mode']) == FALSE) {
- $message = t('Translation import of %filename failed.', array('%filename' => "$file->filename "));
+ $message = t('Translation import of %filename failed.', array('%filename' => ''. check_plain($file->filename) .' '));
drupal_set_message($message, 'error');
watchdog('locale', $message, WATCHDOG_ERROR);
}
Index: modules/menu.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/menu.module,v
retrieving revision 1.27
diff -u -r1.27 menu.module
--- modules/menu.module 3 Mar 2005 20:51:27 -0000 1.27
+++ modules/menu.module 29 Mar 2005 19:20:29 -0000
@@ -120,7 +120,7 @@
break;
default:
$output = theme('confirm',
- t('Are you sure you want to reset all menu items to their default settings?', array('%item' => ''. $title .' ')),
+ t('Are you sure you want to reset all menu items to their default settings?'),
'admin/menu',
t('Any custom additions or changes to the menu will be lost.'),
t('Reset all'));
@@ -167,7 +167,7 @@
default:
$title = db_result(db_query('SELECT title FROM {menu} WHERE mid = %d', $mid));
$output = theme('confirm',
- t('Are you sure you want to reset the item %item to its default values?', array('%item' => ''. $title .' ')),
+ t('Are you sure you want to reset the item %item to its default values?', array('%item' => ''. check_plain($title) .' ')),
'admin/menu',
t('Any customizations will be lost. This action cannot be undone.'),
t('Reset'));
@@ -198,10 +198,10 @@
break;
default:
if ($menu->type & MENU_IS_ROOT) {
- $message = t('Are you sure you want to delete the menu %item?', array('%item' => ''. $menu->title .' '));
+ $message = t('Are you sure you want to delete the menu %item?', array('%item' => ''. check_plain($menu->title) .' '));
}
else {
- $message = t('Are you sure you want to delete the custom menu item %item?', array('%item' => ''. $menu->title .' '));
+ $message = t('Are you sure you want to delete the custom menu item %item?', array('%item' => ''. check_plain($menu->title) .' '));
}
$output = theme('confirm', $message, 'admin/menu', t('This action cannot be undone.'), t('Delete'));
print theme('page', $output);
@@ -348,16 +348,16 @@
if ($edit['mid']) {
db_query("UPDATE {menu} SET pid = %d, path = '%s', title = '%s', description = '%s', weight = %d, type = %d WHERE mid = %d", $edit['pid'], $edit['path'], $edit['title'], $edit['description'], $edit['weight'], $edit['type'] | MENU_MODIFIED_BY_ADMIN, $edit['mid']);
- drupal_set_message(t('Updated menu item %title.', array('%title' => ''. $edit['title'] .' ')));
+ drupal_set_message(t('Updated menu item %title.', array('%title' => ''. check_plain($edit['title']) .' ')));
}
else {
$mid = db_next_id('{menu}_mid');
db_query("INSERT INTO {menu} (mid, pid, path, title, description, weight, type) VALUES (%d, %d, '%s', '%s', '%s', %d, %d)", $mid, $edit['pid'], $edit['path'], $edit['title'], $edit['description'], $edit['weight'], $edit['type'] | MENU_MODIFIED_BY_ADMIN);
- drupal_set_message(t('Created new menu item %title.', array('%title' => ''. $edit['title'] .' ')));
+ drupal_set_message(t('Created new menu item %title.', array('%title' => ''. check_plain($edit['title']) .' ')));
if (array_key_exists($edit['path'], $menu['path index'])) {
$old_mid = $menu['path index'][$edit['path']];
$old_item = $menu['items'][$old_mid];
- drupal_set_message(t('Since a menu item %old already exists for %path, this new menu item was created as a shortcut to that location.', array('%old' => l(''. $old_item['title'] .' ', 'admin/menu/item/edit/'. $old_mid), '%path' => ''. $edit['path'] .' ')));
+ drupal_set_message(t('Since a menu item %old already exists for %path, this new menu item was created as a shortcut to that location.', array('%old' => l(''. $old_item['title'] .' ', 'admin/menu/item/edit/'. $old_mid, array(), NULL, NULL, FALSE, TRUE), '%path' => ''. check_plain($edit['path']) .' ')));
}
}
}
Index: modules/node.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/node.module,v
retrieving revision 1.481
diff -u -r1.481 node.module
--- modules/node.module 27 Mar 2005 21:34:50 -0000 1.481
+++ modules/node.module 29 Mar 2005 19:22:42 -0000
@@ -990,7 +990,7 @@
if (user_access('administer nodes')) {
$node = node_load(array('nid' => $nid));
- drupal_set_title($node->title);
+ drupal_set_title(check_plain($node->title));
if ($node->revisions) {
$header = array(t('Older revisions'), array('colspan' => '3', 'data' => t('Operations')));
@@ -1059,7 +1059,7 @@
node_save($rev, $filter);
- drupal_set_message(t('Rolled back to revision %revision of %title', array('%revision' => "#$revision ", '%title' => "$node->title ")));
+ drupal_set_message(t('Rolled back to revision %revision of %title', array('%revision' => "#$revision ", '%title' => ''. check_plain($node->title) .' ')));
drupal_goto('node/'. $nid .'/revisions');
}
}
@@ -1075,7 +1075,7 @@
node_save($node, array('nid', 'revisions'));
- drupal_set_message(t('Deleted revision %revision of %title', array('%revision' => "#$revision ", '%title' => "$node->title ")));
+ drupal_set_message(t('Deleted revision %revision of %title', array('%revision' => "#$revision ", '%title' => ''. check_plain($node->title) .' ')));
drupal_goto('node/'. $nid . (count($node->revisions) ? '/revisions' : ''));
}
}
@@ -1199,9 +1199,8 @@
// Validate the title field.
if (isset($node->title)) {
- $node->title = strip_tags($node->title);
- if (!$node->title) {
- form_set_error('title', t('You have to specify a valid title.'));
+ if (trim($node->title) == '') {
+ form_set_error('title', t('You have to specify a title.'));
}
}
@@ -1242,7 +1241,7 @@
$node->uid = $account->uid;
}
else {
- form_set_error('name', t('The name %name does not exist.', array ('%name' => "$node->name ")));
+ form_set_error('name', t('The username %name does not exist.', array ('%name' => ''. check_plain($node->name) .' ')));
}
// Validate the "authored on" field.
@@ -1309,7 +1308,7 @@
$output .= '';
// Add hidden 'op' variable, which specifies the default operation (Preview).
- $output .= ''. t($node->type) .' ', '%title' => "$node->title ")), WATCHDOG_NOTICE, l(t('view'), 'node/'. $node->nid));
+ watchdog('content', t('%type: updated %title.', array('%type' => ''. t($node->type) .' ', '%title' => ''. check_plain($node->title) .' ')), WATCHDOG_NOTICE, l(t('view'), 'node/'. $node->nid));
$msg = t('The %post was updated.', array ('%post' => node_invoke($node, 'node_name')));
}
}
@@ -1569,7 +1568,7 @@
// perform this operation:
if (node_access('create', $node)) {
$node->nid = node_save($node);
- watchdog('content', t('%type: added %title.', array('%type' => ''. t($node->type) .' ', '%title' => "$node->title ")), WATCHDOG_NOTICE, l(t('view'), "node/$node->nid"));
+ watchdog('content', t('%type: added %title.', array('%type' => ''. t($node->type) .' ', '%title' => ''. check_plain($node->title) .' ')), WATCHDOG_NOTICE, l(t('view'), "node/$node->nid"));
$msg = t('Your %post was created.', array ('%post' => node_invoke($node, 'node_name')));
}
}
@@ -1603,12 +1602,12 @@
search_wipe($node->nid, 'node');
}
- watchdog('content', t('%type: deleted %title.', array('%type' => ''. t($node->type) .' ', '%title' => "$node->title ")));
+ watchdog('content', t('%type: deleted %title.', array('%type' => ''. t($node->type) .' ', '%title' => ''. check_plain($node->title) .' ')));
}
else {
$extra = form_hidden('nid', $node->nid);
$output = theme('confirm',
- t('Are you sure you want to delete %title?', array('%title' => ''. $node->title .' ')),
+ t('Are you sure you want to delete %title?', array('%title' => ''. check_plain($node->title) .' ')),
$_GET['destination'] ? $_GET['destination'] : 'node/'. $node->nid,
t('This action cannot be undone.'),
t('Delete'),
@@ -1681,7 +1680,7 @@
if (is_numeric(arg(1))) {
$node = node_load(array('nid' => arg(1)), $_GET['revision']);
if ($node->nid) {
- drupal_set_title($node->title);
+ drupal_set_title(check_plain($node->title));
print theme('page', node_show($node, arg(2)));
}
else {
@@ -1758,7 +1757,7 @@
// Allow modules to change $node->body before viewing.
node_invoke_nodeapi($node, 'view', false, false);
- $text = '
'. drupal_specialchars($node->title) .' '. $node->body;
+ $text = ''. check_plain($node->title) .' '. $node->body;
// Fetch extra data normally not visible
$extra = node_invoke_nodeapi($node, 'update index');
Index: modules/path.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/path.module,v
retrieving revision 1.54
diff -u -r1.54 path.module
--- modules/path.module 10 Feb 2005 19:30:08 -0000 1.54
+++ modules/path.module 28 Mar 2005 20:26:02 -0000
@@ -296,15 +296,15 @@
$pid = $edit['pid'];
if (!valid_url($src)) {
- form_set_error('src', t('The system path %path is invalid.', array('%path' => "$src ")));
+ form_set_error('src', t('The system path %path is invalid.', array('%path' => ''. check_plain($src) .' ')));
}
if (!valid_url($dst)) {
- form_set_error('dst', t('The alias %alias is invalid.', array('%alias' => "$dst ")));
+ form_set_error('dst', t('The alias %alias is invalid.', array('%alias' => ''. check_plain($dst) .' ')));
}
if (db_result(db_query("SELECT COUNT(dst) FROM {url_alias} WHERE pid != %d AND dst = '%s'", $pid, $dst))) {
- form_set_error('dst', t('The alias %alias is already in use.', array('%alias' => "$dst ")));
+ form_set_error('dst', t('The alias %alias is already in use.', array('%alias' => ''. check_plain($dst) .' ')));
}
if (form_get_errors()) {
Index: modules/poll.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/poll.module,v
retrieving revision 1.160
diff -u -r1.160 poll.module
--- modules/poll.module 18 Mar 2005 09:00:40 -0000 1.160
+++ modules/poll.module 27 Mar 2005 13:52:02 -0000
@@ -307,9 +307,9 @@
if ($node->choice) {
$list = array();
foreach ($node->choice as $i => $choice) {
- $list[$i] = drupal_specialchars($choice['chtext']);
+ $list[$i] = check_plain($choice['chtext']);
}
- $form .= form_radios($page ? '' : $node->title, 'choice', -1, $list);
+ $form .= form_radios($page ? '' : check_plain($node->title), 'choice', -1, $list);
}
$form .= '';
$form .= form_hidden('nid', $node->nid);
@@ -336,12 +336,12 @@
// Output the divs for the text, bars and percentages
$output .= '';
if ($block) {
- $output .= '
'. $node->title .'
';
+ $output .= '
'. check_plain($node->title) .'
';
}
foreach ($node->choice as $i => $choice) {
if ($choice['chtext'] != '') {
$percentage = round($choice['chvotes'] * 100 / max($votestotal, 1));
- $output .= '
'. drupal_specialchars($choice['chtext']) .'
';
+ $output .= '
'. check_plain($choice['chtext']) .'
';
$output .= '
';
$output .= '
';
$output .= '
';
@@ -360,7 +360,7 @@
*/
function poll_results() {
if ($node = node_load(array('nid' => arg(1)))) {
- drupal_set_title($node->title);
+ drupal_set_title(check_plain($node->title));
print theme('page', node_show($node, 0));
}
else {
Index: modules/profile.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/profile.module,v
retrieving revision 1.88
diff -u -r1.88 profile.module
--- modules/profile.module 18 Mar 2005 07:07:04 -0000 1.88
+++ modules/profile.module 27 Mar 2005 13:52:02 -0000
@@ -107,7 +107,7 @@
$output .= theme('pager', NULL, 20);
if ($field->type == 'selection' || $field->type == 'list') {
- $title = strtr($field->page, array('%value' => $value));
+ $title = strtr($field->page, array('%value' => check_plain($value)));
}
else {
$title = $field->page;
@@ -178,15 +178,15 @@
if ($value = $user->{$field->name}) {
switch ($field->type) {
case 'textfield':
- return drupal_specialchars($value);
+ return check_plain($value);
case 'textarea':
return check_output($value);
case 'selection':
- return $browse ? l(drupal_specialchars($value), "profile/$field->name/". check_url($value)) : drupal_specialchars($value);
+ return $browse ? l($value, "profile/$field->name/$value") : check_plain($value);
case 'checkbox':
- return $browse ? l(strip_tags($field->title), "profile/$field->name") : drupal_specialchars($field->title);
+ return $browse ? l($field->title, "profile/$field->name") : check_plain($field->title);
case 'url':
- return '
'. drupal_specialchars($value) .' ';
+ return '
'. check_plain($value) .' ';
case 'date':
list($format) = explode(' - ', variable_get('date_format_short', 'm/d/Y - H:i'), 2);
// Note: we avoid PHP's date() because it does not handle dates before
@@ -203,7 +203,7 @@
$fields = array();
foreach ($values as $value) {
if ($value = trim($value)) {
- $fields[] = $browse ? l(drupal_specialchars($value), "profile/$field->name/". check_url($value)) : drupal_specialchars($value);
+ $fields[] = $browse ? l($value, "profile/$field->name/$value") : check_plain($value);
}
}
return implode(', ', $fields);
@@ -226,7 +226,7 @@
while ($field = db_fetch_object($result)) {
if ($value = profile_view_field($user, $field)) {
$description = ($field->visibility == PROFILE_PRIVATE) ? t('The content of this field is private and only visible to yourself.') : '';
- $title = ($field->type != 'checkbox') ? $field->title : '';
+ $title = ($field->type != 'checkbox') ? check_plain($field->title) : '';
$fields[$field->category] .= form_item($title, $value, $description);
}
}
@@ -264,16 +264,16 @@
switch ($field->type) {
case 'textfield':
case 'url':
- $fields[$category] .= form_textfield($field->title, $field->name, $edit[$field->name], 70, 255, _profile_form_explanation($field), NULL, $field->required);
+ $fields[$category] .= form_textfield(check_plain($field->title), $field->name, $edit[$field->name], 70, 255, _profile_form_explanation($field), NULL, $field->required);
break;
case 'textarea':
- $fields[$category] .= form_textarea($field->title, $field->name, $edit[$field->name], 70, 5, _profile_form_explanation($field), NULL, $field->required);
+ $fields[$category] .= form_textarea(check_plain($field->title), $field->name, $edit[$field->name], 70, 5, _profile_form_explanation($field), NULL, $field->required);
break;
case 'list':
- $fields[$category] .= form_textarea($field->title, $field->name, $edit[$field->name], 70, 5, _profile_form_explanation($field), NULL, $field->required);
+ $fields[$category] .= form_textarea(check_plain($field->title), $field->name, $edit[$field->name], 70, 5, _profile_form_explanation($field), NULL, $field->required);
break;
case 'checkbox':
- $fields[$category] .= form_checkbox($field->title, $field->name, 1, $edit[$field->name], _profile_form_explanation($field), NULL, $field->required);
+ $fields[$category] .= form_checkbox(check_plain($field->title), $field->name, 1, $edit[$field->name], _profile_form_explanation($field), NULL, $field->required);
break;
case 'selection':
$options = array('--');
@@ -284,7 +284,7 @@
}
}
- $fields[$category] .= form_select($field->title, $field->name, $edit[$field->name], $options, _profile_form_explanation($field), 0, 0, $field->required);
+ $fields[$category] .= form_select(check_plain($field->title), $field->name, $edit[$field->name], $options, _profile_form_explanation($field), 0, 0, $field->required);
break;
case 'date':
$fields[$category] .= _profile_date_field($field, $edit);
@@ -338,7 +338,7 @@
}
$output .= '
$field->title ")));
- }
+ form_set_error($field->name, t('The value provided for %field is not a valid URL.', array('%field' => ''. check_plain($field->title) .' ')));
+ }
}
}
else if ($field->required && !user_access('administer users')) {
- form_set_error($field->name, t('The field %field is required.', array('%field' => "$field->title ")));
+ form_set_error($field->name, t('The field %field is required.', array('%field' => ''. check_plain($field->title) .' ')));
}
}
@@ -377,7 +377,7 @@
function profile_categories() {
$result = db_query("SELECT DISTINCT(category) FROM {profile_fields}");
while ($category = db_fetch_object($result)) {
- $data[] = array('name' => drupal_specialchars($category->category), 'title' => $category->category, 'weight' => 3);
+ $data[] = array('name' => check_plain($category->category), 'title' => $category->category, 'weight' => 3);
}
return $data;
}
@@ -539,7 +539,7 @@
$result = db_query('SELECT * FROM {profile_fields} ORDER BY category, weight');
$rows = array();
while ($field = db_fetch_object($result)) {
- $rows[] = array($field->title, $field->name, _profile_field_types($field->type), $field->category, l(t('edit'), "admin/settings/profile/edit/$field->fid"), l(t('delete'), "admin/settings/profile/delete/$field->fid"));
+ $rows[] = array(check_plain($field->title), $field->name, _profile_field_types($field->type), $field->category, l(t('edit'), "admin/settings/profile/edit/$field->fid"), l(t('delete'), "admin/settings/profile/delete/$field->fid"));
}
if (count($rows) == 0) {
$rows[] = array(array('data' => t('No fields defined.'), 'colspan' => '6'));
Index: modules/queue.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/queue.module,v
retrieving revision 1.126
diff -u -r1.126 queue.module
--- modules/queue.module 18 Mar 2005 09:29:58 -0000 1.126
+++ modules/queue.module 27 Mar 2005 13:52:03 -0000
@@ -78,34 +78,34 @@
$node->moderate = 0;
$node->promote = 1;
node_save($node);
- watchdog('content', t('Moderation: approved %title.', array('%title' => "$node->title ")));
+ watchdog('content', t('Moderation: approved %title.', array('%title' => ''. check_plain($node->title) .' ')));
drupal_set_message(t('The post is promoted.'));
}
else if (variable_get('queue_threshold_dump', -2) >= $node->score) {
if ($node->revisions) {
node_revision_rollback($node, end(node_revision_list($node)));
- watchdog('content', t('Moderation: declined %title (rollback).', array('%title' => "$node->title ")));
+ watchdog('content', t('Moderation: declined %title (rollback).', array('%title' => ''. check_plain($node->title) .' ')));
drupal_set_message(t('The post has been declined and the previous version has been restored.'));
}
else {
$node->moderate = 0;
$node->status = 0;
node_save($node);
- watchdog('content', t('Moderation: declined %title.', array('%title' => "$node->title ")));
+ watchdog('content', t('Moderation: declined %title.', array('%title' => ''. check_plain($node->title) .' ')));
drupal_set_message(t('The post has been declined.'));
}
}
else if (variable_get('queue_threshold_expire', 8) <= $node->votes) {
if ($node->revisions) {
node_revision_rollback($node, end(node_revision_list($node)));
- watchdog('content', t('Moderation: expired %title (rollback).', array('%title' => "$node->title ")));
+ watchdog('content', t('Moderation: expired %title (rollback).', array('%title' => ''. check_plain($node->title) .' ')));
drupal_set_message(t('The post has expired and the previous version has been restored.'));
}
else {
$node->moderate = 0;
$node->status = 0;
node_save($node);
- watchdog('content', t('Moderation: expired %title.', array('%title' => "$node->title ")));
+ watchdog('content', t('Moderation: expired %title.', array('%title' => ''. check_plain($node->title) .' ')));
drupal_set_message(t('The post has expired.'));
}
}
Index: modules/search.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/search.module,v
retrieving revision 1.120
diff -u -r1.120 search.module
--- modules/search.module 18 Mar 2005 20:31:00 -0000 1.120
+++ modules/search.module 27 Mar 2005 13:52:03 -0000
@@ -503,7 +503,7 @@
$message = format_plural(count($refused),
'The word %words was not included because it is too short.',
'The words %words were not included because they were too short.');
- drupal_set_message(strtr($message, array('%words' => ''. drupal_specialchars(implode(', ', $refused)) .' ')));
+ drupal_set_message(strtr($message, array('%words' => ''. check_plain(implode(', ', $refused)) .' ')));
}
if (count($words) == 0) {
@@ -559,7 +559,7 @@
if ($type == '') {
$type = 'node';
}
- drupal_goto('search/'. $type .'/'. urlencode($_POST['edit']['keys']));
+ drupal_goto('search/'. urlencode($type) .'/'. urlencode($_POST['edit']['keys']));
}
else if ($type == '') {
// Note: search/node can not be a default tab because it would take on the
@@ -574,9 +574,9 @@
if (trim($keys)) {
// Log the search keys:
watchdog('search',
- t('Search: %keys (%type).', array('%keys' => "$keys ", '%type' => module_invoke($type, 'search', 'name'))),
+ t('Search: %keys (%type).', array('%keys' => ''. check_plain($keys) .' ', '%type' => module_invoke($type, 'search', 'name'))),
WATCHDOG_NOTICE,
- l(t('results'), 'search', NULL, 'keys='. urlencode($keys) . '&type='. urlencode($type))
+ l(t('results'), 'search/'. urlencode($type) .'/'. urlencode($keys))
);
// Collect the search results:
@@ -833,7 +833,7 @@
$output = module_invoke($type, 'search_item', $item);
}
else {
- $output = ' \n";
if (!$page) {
- $output .= "
". ($main ? l($node->title, "node/$node->nid") : $node->title) ." \n";
+ $output .= "
". ($main ? l($node->title, "node/$node->nid") : check_plain($node->title)) ." \n";
}
$output .= "
\n";
cvs diff: Diffing themes/chameleon/marvin
cvs diff: Diffing themes/engines
cvs diff: Diffing themes/engines/xtemplate
Index: themes/engines/xtemplate/xtemplate.engine
===================================================================
RCS file: /cvs/drupal/drupal/themes/engines/xtemplate/xtemplate.engine,v
retrieving revision 1.11
diff -u -r1.11 xtemplate.engine
--- themes/engines/xtemplate/xtemplate.engine 24 Dec 2004 06:39:59 -0000 1.11
+++ themes/engines/xtemplate/xtemplate.engine 9 Mar 2005 02:48:36 -0000
@@ -45,7 +45,7 @@
array("%a" => format_name($node),
"%b" => format_date($node->created))) : '',
"link" => url("node/$node->nid"),
- "title" => $node->title,
+ "title" => check_plain($node->title),
"author" => format_name($node),
"date" => format_date($node->created),
"sticky" => ($main && $node->sticky) ? 'sticky' : '',
@@ -116,7 +116,7 @@
$xtemplate->template->assign(array(
"language" => $GLOBALS['locale'],
- "head_title" => (drupal_get_title() ? drupal_get_title() ." | ". variable_get("site_name", "drupal") : variable_get("site_name", "drupal") ." | ". variable_get("site_slogan", "")),
+ "head_title" => (drupal_get_title() ? strip_tags(drupal_get_title()) ." | ". variable_get("site_name", "drupal") : variable_get("site_name", "drupal") ." | ". variable_get("site_slogan", "")),
"head" => drupal_get_html_head(),
"styles" => theme_get_styles(),
"onload_attributes" => theme_onload_attribute(),