Closed (fixed)
Project:
New Relic
Version:
6.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Task
Assigned:
Unassigned
Reporter:
Created:
17 Mar 2012 at 15:44 UTC
Updated:
12 Jun 2013 at 14:00 UTC
Jump to comment: Most recent file
Code Review complains in several places:
Potential problem: drupal_set_message() only accepts filtered text, be sure all !placeholders for $variables in t() are fully sanitized using check_plain(), filter_xss() or similar. (Drupal Docs)
According to Dynamic or static links and HTML in translatable strings the recommended practice is to use @var so that the value is formatted for HTML inclusion. Patch attached.
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | new_relic_rpm-fix-t-placeholders-1487792-1.patch | 5.56 KB | jonathan webb |
| new_relic_rpm-fix-t-placeholders.patch | 4.56 KB | jonathan webb |
Comments
Comment #1
jonathan webb commentedFound another drupal_set_message where this applied... updated patch attached.
Comment #2
neclimdulthanks berdir.