summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPradeep Saran2012-08-11 08:11:36 (GMT)
committer Pradeep Saran2012-08-11 08:11:36 (GMT)
commit0640ddcb2799f6cab3f04e51b9d507977581c73a (patch)
tree445c11be515e7d832022c669f5ffc8d083a25e4d
parenta9b0fd3909fd7aec097170933bab657a3b989c25 (diff)
check_plain() and check_markup() is added to avoid XSS.7.x-1.3
-rw-r--r--templates/page.tpl.php12
1 files changed, 6 insertions, 6 deletions
diff --git a/templates/page.tpl.php b/templates/page.tpl.php
index d7566ac..b258952 100644
--- a/templates/page.tpl.php
+++ b/templates/page.tpl.php
@@ -94,9 +94,9 @@
<?php if (theme_get_setting('slideshow_display', 'professional_theme')): ?>
<!-- Slides -->
<?php
- $slide1_head = theme_get_setting('slide1_head','professional_theme'); $slide1_desc = theme_get_setting('slide1_desc','professional_theme'); $slide1_url = theme_get_setting('slide1_url','professional_theme');
- $slide2_head = theme_get_setting('slide2_head','professional_theme'); $slide2_desc = theme_get_setting('slide2_desc','professional_theme'); $slide2_url = theme_get_setting('slide2_url','professional_theme');
- $slide3_head = theme_get_setting('slide3_head','professional_theme'); $slide3_desc = theme_get_setting('slide3_desc','professional_theme'); $slide3_url = theme_get_setting('slide3_url','professional_theme');
+ $slide1_head = check_plain(theme_get_setting('slide1_head','professional_theme')); $slide1_desc = check_markup(theme_get_setting('slide1_desc','professional_theme')); $slide1_url = check_plain(theme_get_setting('slide1_url','professional_theme'));
+ $slide2_head = check_plain(theme_get_setting('slide2_head','professional_theme')); $slide2_desc = check_markup(theme_get_setting('slide2_desc','professional_theme')); $slide2_url = check_plain(theme_get_setting('slide2_url','professional_theme'));
+ $slide3_head = check_plain(theme_get_setting('slide3_head','professional_theme')); $slide3_desc = check_markup(theme_get_setting('slide3_desc','professional_theme')); $slide3_url = check_plain(theme_get_setting('slide3_url','professional_theme'));
?>
<section id="slider">
<ul class="slides">
@@ -107,7 +107,7 @@
<h2 class="entry-title"><a href="<?php print url($slide1_url); ?>"><?php print $slide1_head; ?></a></h2>
</header><!-- .entry-header -->
<div class="entry-summary">
- <p><?php print $slide1_desc; ?></p>
+ <?php print $slide1_desc; ?>
</div><!-- .entry-summary -->
<div class="clear"></div>
</div><!-- .entry-container -->
@@ -124,7 +124,7 @@
<h2 class="entry-title"><a href="<?php print url($slide2_url); ?>"><?php print $slide2_head; ?></a></h2>
</header><!-- .entry-header -->
<div class="entry-summary">
- <p><?php print $slide2_desc; ?></p>
+ <?php print $slide2_desc; ?>
</div><!-- .entry-summary -->
<div class="clear"></div>
</div><!-- .entry-container -->
@@ -141,7 +141,7 @@
<h2 class="entry-title"><a href="<?php print url($slide3_url); ?>"><?php print $slide3_head; ?></a></h2>
</header><!-- .entry-header -->
<div class="entry-summary">
- <p><?php print $slide3_desc; ?></p>
+ <?php print $slide3_desc; ?>
</div><!-- .entry-summary -->
<div class="clear"></div>
</div><!-- .entry-container -->