Control panel shows description without check_plain it
sinasquax - April 18, 2009 - 18:02
| Project: | Control Panel |
| Version: | 6.x-1.2 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Description
There is a little bug in line 170 of controlpanel.module :
<?php
$content .= '<img src="' . base_path() . $src . '" alt="'. $menu_item['link']['title'] .'" title="'. strip_tags($menu_item['link']['description']) .'" />';
?>must be :
<?php
$content .= '<img src="' . base_path() . $src . '" alt="'. $menu_item['link']['title'] .'" title="'. check_plain(strip_tags($menu_item['link']['description'])) .'" />';
?>else if you have special chars in description, they can make problems (like description in 'Page' content type, it contains " and break the title attribute of img tag, check it with w3 validator)