#7 2089351-2.patch20.61 KBmeba
PASSED: [[SimpleTest]]: [MySQL] 58,705 pass(es).
[ View ]
#1 2089351-1.patch20.59 KBthedavidmeister
PASSED: [[SimpleTest]]: [MySQL] 58,784 pass(es).
[ View ]


Status:Active» Needs review
new20.59 KB
PASSED: [[SimpleTest]]: [MySQL] 58,784 pass(es).
[ View ]


Status:Needs review» Needs work

The last submitted patch, 2089351-1.patch, failed testing.

Status:Needs work» Needs review

#1: 2089351-1.patch queued for re-testing.

Issue tags:+Novice

Status:Needs review» Reviewed & tested by the community
Issue tags:+Quick fix

I have searched core/includes haven't found any other occurrence so RTBC.

Issue tags:+needs security review

Adding a Security tag

new20.61 KB
PASSED: [[SimpleTest]]: [MySQL] 58,705 pass(es).
[ View ]

Looks OK to me, rerolled to apply cleanly

Status:Reviewed & tested by the community» Fixed

Committed and pushed to 8.x. Thanks!

Automatically closed -- issue fixed for 2 weeks with no activity.

I don't understand why this was tagged with "needs security review".

There are still references to check_plain() in:

- core/includes/

There are still references to check_plain() in:

- core/includes/

// Avoid calling check_plain again on l() function.
      if ($title_callback == 'check_plain') {
        $item['localized_options']['html'] = TRUE;

Other than comments, this is the only spot, and it isn't calling check_plain();

Hmmm, I see. My bad. That's interesting, could $title_callback be expecting to use String::checkPlain() somehow?

This check was first introduced in #212409: Content Type title displays incorrectly, not sure if it is needed any more - maybe it can be safely removed?

Issue tags:-Quick fix, -Novice

Yeah, I think this needs further investigation. I'll take the novice tag off.

Status:Needs work» Closed (fixed)

The piece of code mentioned in comment #12 was removed by #2107533: Remove {menu_router}. So I think this issue is irrelevant now.