diff --git a/core/includes/theme.inc b/core/includes/theme.inc index 84e2ec72c7a5b3171feda2cb1f567624f75c4d12..8977faf0cbfa3d3b54e835a085b19ecadbc57be3 100644 --- a/core/includes/theme.inc +++ b/core/includes/theme.inc @@ -2485,7 +2485,7 @@ function template_preprocess_html(&$variables) { else { $head_title = array('name' => check_plain($site_config->get('name'))); if ($site_config->get('slogan')) { - $head_title['slogan'] = filter_xss_admin($site_config->get('slogan')); + $head_title['slogan'] = strip_tags(filter_xss_admin($site_config->get('slogan'))); } } $variables['head_title_array'] = $head_title; @@ -2580,7 +2580,7 @@ function template_preprocess_page(&$variables) { $variables['main_menu'] = theme_get_setting('toggle_main_menu') ? menu_main_menu() : array(); $variables['secondary_menu'] = theme_get_setting('toggle_secondary_menu') ? menu_secondary_menu() : array(); $variables['action_links'] = menu_local_actions(); - $variables['site_name'] = (theme_get_setting('toggle_name') ? filter_xss_admin($site_config->get('name')) : ''); + $variables['site_name'] = (theme_get_setting('toggle_name') ? check_plain($site_config->get('name')) : ''); $variables['site_slogan'] = (theme_get_setting('toggle_slogan') ? filter_xss_admin($site_config->get('slogan')) : ''); $variables['tabs'] = menu_local_tabs(); @@ -2771,13 +2771,13 @@ function template_preprocess_maintenance_page(&$variables) { if (drupal_get_title()) { $head_title = array( 'title' => strip_tags(drupal_get_title()), - 'name' => $site_name, + 'name' => check_plain($site_name), ); } else { - $head_title = array('name' => $site_name); + $head_title = array('name' => check_plain($site_name)); if ($site_slogan) { - $head_title['slogan'] = $site_slogan; + $head_title['slogan'] = strip_tags(filter_xss_admin($site_slogan)); } } @@ -2794,8 +2794,8 @@ function template_preprocess_maintenance_page(&$variables) { $variables['messages'] = $variables['show_messages'] ? theme('status_messages') : ''; $variables['main_menu'] = array(); $variables['secondary_menu'] = array(); - $variables['site_name'] = (theme_get_setting('toggle_name') ? $site_name : ''); - $variables['site_slogan'] = (theme_get_setting('toggle_slogan') ? $site_slogan : ''); + $variables['site_name'] = (theme_get_setting('toggle_name') ? check_plain($site_name) : ''); + $variables['site_slogan'] = (theme_get_setting('toggle_slogan') ? filter_xss_admin($site_slogan) : ''); $variables['tabs'] = ''; $variables['title'] = drupal_get_title(); diff --git a/core/modules/system/lib/Drupal/system/Tests/System/TokenReplaceTest.php b/core/modules/system/lib/Drupal/system/Tests/System/TokenReplaceTest.php index c329b9683a91b5e9bfce788e374f1de98ed828aa..a78c4ce1a74ef6d575693adc920751d864749368 100644 --- a/core/modules/system/lib/Drupal/system/Tests/System/TokenReplaceTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/System/TokenReplaceTest.php @@ -119,7 +119,7 @@ function testSystemSiteTokenReplacement() { // Generate and test sanitized tokens. $tests = array(); $tests['[site:name]'] = check_plain(config('system.site')->get('name')); - $tests['[site:slogan]'] = check_plain(config('system.site')->get('slogan')); + $tests['[site:slogan]'] = filter_xss_admin(config('system.site')->get('slogan')); $tests['[site:mail]'] = 'simpletest@example.com'; $tests['[site:url]'] = url('', $url_options); $tests['[site:url-brief]'] = preg_replace(array('!^https?://!', '!/$!'), '', url('', $url_options)); diff --git a/core/modules/system/system.tokens.inc b/core/modules/system/system.tokens.inc index d3df60e6c17f1acacdce4c9c1eb42c5cadfd5f1b..f9476fd2e4ddd0d9f72d28ba7f72f145225a5f51 100644 --- a/core/modules/system/system.tokens.inc +++ b/core/modules/system/system.tokens.inc @@ -151,7 +151,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a case 'slogan': $slogan = config('system.site')->get('slogan'); - $replacements[$original] = $sanitize ? check_plain($slogan) : $slogan; + $replacements[$original] = $sanitize ? filter_xss_admin($slogan) : $slogan; break; case 'mail': diff --git a/core/themes/bartik/template.php b/core/themes/bartik/template.php index aefb861022a001de029de2e87b8ca104bd4af9c7..decc76bdf22d1b6d357605244ad89c83c56ae52d 100644 --- a/core/themes/bartik/template.php +++ b/core/themes/bartik/template.php @@ -54,7 +54,7 @@ function bartik_process_page(&$variables) { $variables['hide_site_slogan'] = theme_get_setting('toggle_slogan') ? FALSE : TRUE; if ($variables['hide_site_name']) { // If toggle_name is FALSE, the site_name will be empty, so we rebuild it. - $variables['site_name'] = filter_xss_admin($site_config->get('name')); + $variables['site_name'] = check_plain($site_config->get('name')); } if ($variables['hide_site_slogan']) { // If toggle_site_slogan is FALSE, the site_slogan will be empty, so we rebuild it. @@ -102,7 +102,7 @@ function bartik_process_maintenance_page(&$variables) { $variables['hide_site_slogan'] = theme_get_setting('toggle_slogan') ? FALSE : TRUE; if ($variables['hide_site_name']) { // If toggle_name is FALSE, the site_name will be empty, so we rebuild it. - $variables['site_name'] = filter_xss_admin($site_config->get('name')); + $variables['site_name'] = check_plain($site_config->get('name')); } if ($variables['hide_site_slogan']) { // If toggle_site_slogan is FALSE, the site_slogan will be empty, so we rebuild it.