Closed (fixed)
Project:
Workflow
Version:
6.x-1.2
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Issue tags:
Reporter:
Created:
29 Oct 2009 at 02:19 UTC
Updated:
30 Oct 2009 at 03:41 UTC
The current state displays as <strong>State</strong> rather than State. This is because check_plain() (and also t()) is being called twice on the state name, once in theme_workflow_current_state() and again in theme_workflow_history_table_row().
Patch attached that removes the calls in theme_workflow_history_table_row() but adds check_plain() and t() calls to ensure $state_name and $old_state_name don't enter theme_workflow_history_table_row() without being checked.
| Comment | File | Size | Author |
|---|---|---|---|
| workflow-state-double-check-plain.patch | 1.38 KB | serenecloud |
Comments
Comment #1
serenecloud commentedUpping priority as this is likely to affect a lot of users over the next few days if not patched.
Comment #2
bengtan commented+1
I agree.
Having a security advisory out and no fix available (I can't find 6.x-1.2) is sort of ... not the ideal situation.
Comment #3
serenecloud commentedI got the 6.x-1.2 by guessing the URL based on the 1.1 tarball download. I did a diff with what's in CVS and it's just the auto-generated info details that are added.
Comment #4
bengtan commented+1
I've tried the patch in the original post and it works.
Also bumping version to 6.x-1.2 in the hope it gets more attention that way.
Comment #5
jvandyk commented6.x-1.3 released with this fix.
Comment #6
serenecloud commentedConfirmed the fix is in 6.x-13.
Thanks :)