summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorgit2014-04-30 21:04:48 +0800
committerJohnAlbin2014-04-30 21:04:48 +0800
commit06b9fea7c6dcb4291659028c40de13ecb7bdfb3e (patch)
treedd3a0e2032a6d85c4a19f5af7c5fd53c150e5ed4
parentd69a1e5919e461468fba3fc83cf505f3c5c8f5ae (diff)
Prevent XSS privilege escalation in custom theme settings.7.x-5.5
-rw-r--r--template.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/template.php b/template.php
index 33e5c2f..c20549b 100644
--- a/template.php
+++ b/template.php
@@ -134,8 +134,8 @@ function zen_preprocess_html(&$variables, $hook) {
drupal_add_http_header('X-UA-Compatible', 'IE=edge,chrome=1');
}
- $variables['skip_link_anchor'] = theme_get_setting('zen_skip_link_anchor');
- $variables['skip_link_text'] = theme_get_setting('zen_skip_link_text');
+ $variables['skip_link_anchor'] = check_plain(theme_get_setting('zen_skip_link_anchor'));
+ $variables['skip_link_text'] = check_plain(theme_get_setting('zen_skip_link_text'));
// Return early, so the maintenance page does not call any of the code below.
if ($hook != 'html') {