diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 80563ef..d194319 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -218,12 +218,16 @@ define('LANGUAGE_RTL', 1); define('REQUEST_TIME', (int) $_SERVER['REQUEST_TIME']); /** - * Flag for drupal_set_title(); text is not sanitized, so run check_plain(). + * Flag used to indicate that text is not sanitized, so run check_plain(). + * + * @see drupal_set_title() */ define('CHECK_PLAIN', 0); /** - * Flag for drupal_set_title(); text has already been sanitized. + * Flag used to indicate that text has already been sanitized. + * + * @see drupal_set_title() */ define('PASS_THROUGH', -1); diff --git a/modules/image/image.admin.inc b/modules/image/image.admin.inc index f6d8e68..7e62621 100644 --- a/modules/image/image.admin.inc +++ b/modules/image/image.admin.inc @@ -313,7 +313,7 @@ function image_style_name_validate($element, $form_state) { function image_style_delete_form($form, &$form_state, $style) { $form_state['image_style'] = $style; - $replacement_styles = array_diff_key(image_style_options(), array($style['name'] => '')); + $replacement_styles = array_diff_key(image_style_options(TRUE, PASS_THROUGH), array($style['name'] => '')); $form['replacement'] = array( '#title' => t('Replacement style'), '#type' => 'select', diff --git a/modules/image/image.field.inc b/modules/image/image.field.inc index 60c0f5a..2354738 100644 --- a/modules/image/image.field.inc +++ b/modules/image/image.field.inc @@ -311,7 +311,7 @@ function image_field_widget_settings_form($field, $instance) { $form['preview_image_style'] = array( '#title' => t('Preview image style'), '#type' => 'select', - '#options' => image_style_options(FALSE), + '#options' => image_style_options(FALSE, PASS_THROUGH), '#empty_option' => '<' . t('no preview') . '>', '#default_value' => $settings['preview_image_style'], '#description' => t('The preview image will be shown while editing the content.'), @@ -495,7 +495,7 @@ function image_field_formatter_settings_form($field, $instance, $view_mode, $for $display = $instance['display'][$view_mode]; $settings = $display['settings']; - $image_styles = image_style_options(FALSE); + $image_styles = image_style_options(FALSE, PASS_THROUGH); $element['image_style'] = array( '#title' => t('Image style'), '#type' => 'select', @@ -528,7 +528,7 @@ function image_field_formatter_settings_summary($field, $instance, $view_mode) { $summary = array(); - $image_styles = image_style_options(FALSE); + $image_styles = image_style_options(FALSE, PASS_THROUGH); // Unset possible 'No defined styles' option. unset($image_styles['']); // Styles could be lost because of enabled/disabled modules that defines diff --git a/modules/image/image.module b/modules/image/image.module index cb9938c..fcbf62c 100644 --- a/modules/image/image.module +++ b/modules/image/image.module @@ -766,18 +766,26 @@ function image_style_effects($style) { * * @param $include_empty * If TRUE a option will be inserted in the options array. + * @param $output + * Optional flag determining how the options will be sanitized on output. + * Leave this at the default (CHECK_PLAIN) if you are using the output of + * this function directly in an HTML context, such as for checkbox or radio + * button labels, and do not plan to sanitize it on your own. If using the + * output of this function as select list options (its primary use case), you + * should instead set this flag to PASS_THROUGH to avoid double-escaping of + * the output (the form API sanitizes select list options by default). * * @return * Array of image styles with the machine name as key and the label as value. */ -function image_style_options($include_empty = TRUE) { +function image_style_options($include_empty = TRUE, $output = CHECK_PLAIN) { $styles = image_styles(); $options = array(); if ($include_empty && !empty($styles)) { $options[''] = t(''); } foreach ($styles as $name => $style) { - $options[$name] = $style['label']; + $options[$name] = ($output == PASS_THROUGH) ? $style['label'] : check_plain($style['label']); } if (empty($options)) { diff --git a/modules/user/user.admin.inc b/modules/user/user.admin.inc index 932c205..6ca330b 100644 --- a/modules/user/user.admin.inc +++ b/modules/user/user.admin.inc @@ -406,7 +406,7 @@ function user_admin_settings() { $form['personalization']['pictures']['settings']['user_picture_style'] = array( '#type' => 'select', '#title' => t('Picture display style'), - '#options' => image_style_options(TRUE), + '#options' => image_style_options(TRUE, PASS_THROUGH), '#default_value' => variable_get('user_picture_style', ''), '#description' => t('The style selected will be used on display, while the original image is retained. Styles may be configured in the Image styles administration area.', array('!url' => url('admin/config/media/image-styles'))), );