summaryrefslogtreecommitdiffstats
path: root/modules/color/color.module
diff options
context:
space:
mode:
Diffstat (limited to 'modules/color/color.module')
-rw-r--r--modules/color/color.module13
1 files changed, 13 insertions, 0 deletions
diff --git a/modules/color/color.module b/modules/color/color.module
index 407a93c..44c2a31 100644
--- a/modules/color/color.module
+++ b/modules/color/color.module
@@ -46,6 +46,7 @@ function color_form_alter(&$form, $form_state, $form_id) {
'#theme' => 'color_scheme_form',
);
$form['color'] += color_scheme_form($form_state, arg(4));
+ $form['#validate'][] = 'color_scheme_form_validate';
$form['#submit'][] = 'color_scheme_form_submit';
}
}
@@ -237,6 +238,18 @@ function theme_color_scheme_form($form) {
}
/**
+ * Validation handler for color change form.
+ */
+function color_scheme_form_validate($form, &$form_state) {
+ // Only accept hexadecimal CSS color strings to avoid XSS upon use.
+ foreach ($form_state['values']['palette'] as $key => $color) {
+ if (!preg_match('/^#([a-f0-9]{3}){1,2}$/iD', $color)) {
+ form_set_error('palette][' . $key, t('%name must be a valid hexadecimal CSS color value.', array('%name' => $form['color']['palette'][$key]['#title'])));
+ }
+ }
+}
+
+/**
* Submit handler for color change form.
*/
function color_scheme_form_submit($form, &$form_state) {