I ran into a problem when users entered a special character in the textfield (like '&'), because theme_textimage_formatter uses $element['#item']['safe'] which contains '&'. I changed the function as follows, AFAIK there's no security risk, but I'm not sure?

function theme_textimage_formatter($element) {
  $text = $element['#item']['value']; // was $element['#item']['safe']
  $alt = $title = $element['#item']['safe'];
  if (isset($element['#item']['email'])) {
    $alt = $title = '';
  }

  return theme('textimage_image', drupal_substr($element['#formatter'], 10), $text, array(), 'png', $alt, $title);
}

Comments

mondrake’s picture

mondrake
Location 🇮🇹
commented
Issue summary: View changes
Status: Active » Closed (outdated)