Needs review
Project:
Taxonomy Image
Version:
6.x-1.6
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
23 Jul 2009 at 09:54 UTC
Updated:
3 Oct 2012 at 23:03 UTC
Jump to comment: Most recent file
Comments
Comment #1
parrottvision commentedSorry - I mean it is outputting this - see title tag:
Comment #2
bluetegu commentedHi,
I got the same in 5-x-1.6. I commented one line and now it works fine. See attached patch.
Hope this helps.
Comment #3
sadist commentedThanks, I used that against 6.x and it works.
Comment #4
nancydruPut a double quote into the text and see how it breaks with that commented out. Or even worse, use
<script><alert>Security violation!</alert></script>.Comment #5
BrandTim commentedPatch attached which fixes the ampersand encoding problem while preserving the quotes encoding and security encoding for < and >.
Patch is against 6.x-1.6.
Tim Knittel
Comment #6
saranyamohan commented--- ./taxonomy_image.module_OLD 2011-03-19 14:54:11.000000000 -0400
+++ ./taxonomy_image.module 2011-03-19 14:56:18.000000000 -0400
now change the 67 line
// Have to dump double quotes for attribute.
$current->title=strip_tags($current->title);
Comment #7
anniegreens commentedUpdated patch from #5 using Drupal patch standards.