summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorinfiniteluke2012-01-10 02:16:37 (GMT)
committer infiniteluke2012-01-10 02:16:37 (GMT)
commit7413dd16d8a3e4e8e428c640cc7287925a8d6159 (patch)
tree724e972ab68c6c2ef1c5b476700ea14ee55aa3e6
parent6d8a03b0f065f69c6f7104732db30cbbd7d4c55f (diff)
Fixing last of xss vulnerabilities.
-rw-r--r--stickynote.module9
1 files changed, 5 insertions, 4 deletions
diff --git a/stickynote.module b/stickynote.module
index 7b41852..b16109d 100644
--- a/stickynote.module
+++ b/stickynote.module
@@ -378,7 +378,8 @@ function stickynote_page_view($stickynote, $view_mode = 'full') {
field_attach_prepare_view('stickynote', array($stickynote->snid => $stickynote), $view_mode);
entity_prepare_view('stickynote', array($stickynote->snid => $stickynote));
$stickynote->content += field_attach_view('stickynote', $stickynote, $view_mode);
-
+ $note = filter_xss(nl2br($stickynote->note));
+
// @todo This can't possibly be the correct way to output a base entity field
$stickynote->content += array(
'note' => array(
@@ -397,13 +398,13 @@ function stickynote_page_view($stickynote, $view_mode = 'full') {
'#formatter' => 'text_default',
'#items' => array(
0 => array(
- 'value' => $stickynote->note,
+ 'value' => $note,
'format' => NULL,
- 'safe_value' => $stickynote->note,
+ 'safe_value' => $note,
),
),
0 => array(
- '#markup' => $stickynote->note,
+ '#markup' => $note,
),
)
);