summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPradeep Saran2012-08-14 22:29:20 (GMT)
committer Pradeep Saran2012-08-14 22:29:20 (GMT)
commite3fa6a25f82f6407c5ab0cb9e5d0cc973b1a1ce6 (patch)
treec80daf23e292b597820166f7b64166463dac4399
parent0640ddcb2799f6cab3f04e51b9d507977581c73a (diff)
check_plain() and check_markup() is added to avoid XSS.7.x-1.4
-rw-r--r--templates/page.tpl.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/templates/page.tpl.php b/templates/page.tpl.php
index b258952..95db29e 100644
--- a/templates/page.tpl.php
+++ b/templates/page.tpl.php
@@ -94,9 +94,9 @@
<?php if (theme_get_setting('slideshow_display', 'professional_theme')): ?>
<!-- Slides -->
<?php
- $slide1_head = check_plain(theme_get_setting('slide1_head','professional_theme')); $slide1_desc = check_markup(theme_get_setting('slide1_desc','professional_theme')); $slide1_url = check_plain(theme_get_setting('slide1_url','professional_theme'));
- $slide2_head = check_plain(theme_get_setting('slide2_head','professional_theme')); $slide2_desc = check_markup(theme_get_setting('slide2_desc','professional_theme')); $slide2_url = check_plain(theme_get_setting('slide2_url','professional_theme'));
- $slide3_head = check_plain(theme_get_setting('slide3_head','professional_theme')); $slide3_desc = check_markup(theme_get_setting('slide3_desc','professional_theme')); $slide3_url = check_plain(theme_get_setting('slide3_url','professional_theme'));
+ $slide1_head = check_plain(theme_get_setting('slide1_head','professional_theme')); $slide1_desc = check_markup(theme_get_setting('slide1_desc','professional_theme'), 'full_html'); $slide1_url = check_plain(theme_get_setting('slide1_url','professional_theme'));
+ $slide2_head = check_plain(theme_get_setting('slide2_head','professional_theme')); $slide2_desc = check_markup(theme_get_setting('slide2_desc','professional_theme'), 'full_html'); $slide2_url = check_plain(theme_get_setting('slide2_url','professional_theme'));
+ $slide3_head = check_plain(theme_get_setting('slide3_head','professional_theme')); $slide3_desc = check_markup(theme_get_setting('slide3_desc','professional_theme'), 'full_html'); $slide3_url = check_plain(theme_get_setting('slide3_url','professional_theme'));
?>
<section id="slider">
<ul class="slides">