booktree.module prints an "n/a" at the top when viewed.
| Project: | Booktree |
| Version: | 6.x-1.4 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | mdlamar |
| Status: | needs review |
Jump to:
Using booktree 6.x-1.4 multi-site setup on Drupal 6.14 with a custom theme.
I narrowed down the offending code to this line:
drupal_set_title(check_plain($node->title));
> $content = '<p>'. check_markup($node->body, $node->format, FALSE) .'</p>';
$ricursione = 1;The root node is set to 0 in order to display the contents of all the books' sub-trees in the site.
But on the first line when viewing mysite.org/site_name/booktree printed n/a
I changed the line to
$content = '<h1>'. variable_get('site_name') .'</h1>';
so it now displays the site name at the top. I'm not sure if the check_markup call was really important in certain situations, but it might be worth changing the module in future releases so it doesn't print out n/a.
My personal fix probably isn't an acceptable solution because some people want to display the content of specific books rather than the entire site's sub-trees.
Please comment why the call to check_markup was returning n/a if you have an idea on that, or challenge me to write up some conditionals to either print the site_name if the root node is 0 or the root node's title. Or if you have time, write it yourself and contrib! :)
Thanks,
Milo
#1
sorry it was variable_get('site_name', '') ... i forgot the 2nd arg.
#2
Attention: The check_markup call is really important to prevent XSS attack of yours system.
To fix this issue you can move all your books in a root book node.
#3
Thank you for the reply. I'll check into doing that while preserving the navigation look. Is there if you know an easy way to toggle display of the root book while still displaying its sub-books, do advise :)
#4
I also am concerned about the cross site scripting vulnerability. Is there a way to detect such scripting?
#5
Ultimately the easiest, quickest, and safest fix for me is to just put the check_markup return in a hidden div.