Hello,

I have detected that some user submitted strings where being inserted into locales_source table.

Upon investigation I have found (using debug_backtrace() in the function locale), I have found that this module is the culprit. Look at the following lines:

...
1491             $children_box .= l(t($child_node->title), 'node/'.$child_node->nid, array('class' => 'relativity_view_' . $childtype)) . "<br />\n";
...
1639   $output .= node_get_types('name',$ancestor->type) . ': ' . l(t($ancestor->title), 'node/'.$ancestor->        nid, array('class' => 'relativity_view_' . $type));

(maybe there are more places in the .module...)

Is this a bug? I guess it is.

CommentFileSizeAuthor
#4 relativity-300834-drupal6.patch2.17 KBdawehner
#3 relativity-300834-2.patch2.09 KBjanusman
#2 relativity-300834.patch1.23 KBjanusman

Comments

yonailo’s picture

yonailo
He/him
commented
Title: function t() is being using to translate user submitted text » function t() is being used to translate user submitted text
janusman’s picture

janusman commented
Status: Active » Needs review
StatusFileSize
new relativity-300834.patch1.23 KB

Patch included

janusman’s picture

janusman commented
Version: 5.x-2.1 » 5.x-2.3
StatusFileSize
new relativity-300834-2.patch2.09 KB

Sorry, missed one t().. and this is for 5.x-2.3

dawehner’s picture

dawehner
Primary language German
commented
Status: Needs review » Reviewed & tested by the community
StatusFileSize
new relativity-300834-drupal6.patch2.17 KB

Patch works fine on DRUPAL5 version.

Here is a patch which applies clean to drupal5.

Set to "rtbc" for DRUPAL-5 Version.

tacituseu’s picture

tacituseu commented
Status: Reviewed & tested by the community » Needs work

You meant D6 ? it's already fixed in D5. And it should use check_plain().

jonhattan’s picture

jonhattan
Primary language Spanish
Location Plasencia
commented
Version: 5.x-2.3 » 6.x-1.x-dev
Status: Needs work » Fixed

Committed a fix.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.