wrong file inclusion may break website
suit4 - May 9, 2008 - 11:24
| Project: | Safe HTML |
| Version: | 6.x-7.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Description
The way, safehtml.module includes files is problematic and can lead to a disfunctional site.
<?php
function safehtml_nodeapi(&$node, $op, $teaser = NULL, $page = NULL) {
if ($op == 'submit') {
$arr = array_keys(filter_list_format($node->format));
if (in_array('safehtml/0', $arr)) {
if (!defined('XML_HTMLSAX3')) {
define('XML_HTMLSAX3', '');
}
require_once('classes/safehtml.php');
if ($node->body) {
$node->body = _safehtml_parse($node->body, $node->format);
}
if ($node->teaser) {
$node->teaser = _safehtml_parse($node->teaser, $node->format);
}
}
}
}
?>should read:
<?php
function safehtml_nodeapi(&$node, $op, $teaser = NULL, $page = NULL) {
if ($op == 'submit') {
$arr = array_keys(filter_list_format($node->format));
if (in_array('safehtml/0', $arr)) {
$path = drupal_get_path('module', 'safehtml');
if (!defined('XML_HTMLSAX3')) {
define('XML_HTMLSAX3', "./$path/classes/");
}
require_once("./$path/classes/safehtml.php");
if ($node->body) {
$node->body = _safehtml_parse($node->body, $node->format);
}
if ($node->teaser) {
$node->teaser = _safehtml_parse($node->teaser, $node->format);
}
}
}
}
?>Patch attached
| Attachment | Size |
|---|---|
| safehtml_include.patch | 696 bytes |
#1
This was fixed in http://drupal.org/cvs?commit=249478 for 6.x
#2