summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorgit2014-04-30 13:24:37 (GMT)
committerJohnAlbin2014-04-30 13:24:37 (GMT)
commit9597c345077aab548a179818aa05907df092c0b6 (patch)
treea5e679f702d63473e1d68d74081afe1fade4d256
parent663ac3ec1e0b6da6668b76366429a54b27df006a (diff)
Prevent XSS privilege escalation in custom theme settings.7.x-3.37.x-3.x
-rw-r--r--template.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/template.php b/template.php
index b70adb5..b639b4d 100644
--- a/template.php
+++ b/template.php
@@ -181,8 +181,8 @@ function zen_preprocess_html(&$variables, $hook) {
zen_add_conditional_styles();
}
- $variables['jump_link_target'] = theme_get_setting('zen_jump_link_target');
- $variables['jump_link_text'] = theme_get_setting('zen_jump_link_text');
+ $variables['jump_link_target'] = check_plain(theme_get_setting('zen_jump_link_target'));
+ $variables['jump_link_text'] = check_plain(theme_get_setting('zen_jump_link_text'));
// Return early, so the maintenance page does not call any of the code below.
if ($hook != 'html') {