summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStella Power2012-02-22 22:14:34 (GMT)
committer Stella Power2012-02-22 22:14:34 (GMT)
commit912f1d2a490f8fde729fb4f880fcb50d02c7d1d9 (patch)
treec0d65e9632dbaf0dd57d2cde139954909ffed0cc
parent2991dd94e70a2881571a4b777645f4dcc42c1f10 (diff)
Sec issue #62869 - fix for XSS vulnerability6.x-1.13
-rw-r--r--faq.admin.inc2
-rw-r--r--faq.module1
2 files changed, 2 insertions, 1 deletions
diff --git a/faq.admin.inc b/faq.admin.inc
index bf776b8..e5889c5 100644
--- a/faq.admin.inc
+++ b/faq.admin.inc
@@ -412,7 +412,7 @@ function faq_order_settings_form($form_state, $category = NULL) {
while ($node = db_fetch_object($result)) {
- $options[$node->nid] = $node->title;
+ $options[$node->nid] = check_plain($node->title);
}
$form['weight']['faq_category'] = array(
diff --git a/faq.module b/faq.module
index a56ebbb..6c21067 100644
--- a/faq.module
+++ b/faq.module
@@ -1152,6 +1152,7 @@ function faq_view_question(&$data, $node, $path = NULL, $anchor = NULL) {
}
if (variable_get('faq_display', 'questions_top') != 'hide_answer' && !empty($node->detailed_question) && variable_get('faq_question_length', 'short') == 'both') {
+ $node->detailed_question = check_markup($node->detailed_question, $node->format, FALSE);
$question .= '<div class="faq-detailed-question">'. $node->detailed_question .'</div>';
}
$data['question'] = $question;