membership_entity.devel.inc
Line 203: Potential problem: drupal_set_message() only accepts filtered text, be sure all !placeholders for $variables in t() are fully sanitized using check_plain(), filter_xss() or similar. (Drupal Docs) [security_3]
drupal_set_message(t('!num generated.', array(

membership_entity.pages.inc
Line 489: Potential problem: FAPI elements '#title' and '#description' only accept filtered text, be sure to use check_plain(), filter_xss() or similar to ensure your $variable is fully sanitized. (Drupal Docs) [security_fapi_title]
'#title' => $filter['title'],

Line 944: Potential problem: confirm_form() only accepts filtered text, be sure all !placeholders for $variables in t() are fully sanitized using check_plain(), filter_xss() or similar. (Drupal Docs) [security_7]
return confirm_form($form, t('Are you sure you want to delete this membership?'), 'membership/' . $membership->mid, t('This action cannot be undone.'), t('Delete'), t('Cancel'));

Comments

draenen’s picture

draenen commented
Status: Active » Closed (works as designed)

membership_entity.devel.inc:203
!num is generated by format_plural() which sanitizes input. !placeholder is necessary here to prevent duplicate sensitization.

membership_entity.pages.inc:489
$filter['title'] is already sanitized by membership_entity_filters().

membership_entity.pages.inc:944
We're not using any !placeholders and all text is sanitized by t().

draenen’s picture

draenen commented
Title: Code sensitization cleanup » Code sanitization cleanup