summaryrefslogtreecommitdiffstats
path: root/common/contrib/eu_cookie_compliance/SA-CONTRIB-2019-033.patch
blob: 2e84dadc1f74a29d7863c9987a6c9e0a34d236cb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
diff --git a/eu_cookie_compliance.module b/eu_cookie_compliance.module
index 000dbc7..424a8c0 100644
--- a/eu_cookie_compliance.module
+++ b/eu_cookie_compliance.module
@@ -43,10 +43,10 @@ function eu_cookie_compliance_footer() {
   $popup_settings = eu_cookie_compliance_get_settings();
   if (!empty($popup_settings['popup_enabled']) && user_access( 'see EU Cookie Compliance popup' )) {
     global $language;
-    $popup_text_info = str_replace(array("\r", "\n"), '', $popup_settings['popup_info']['value']);
-    $popup_text_agreed = str_replace(array("\r", "\n"), '', $popup_settings['popup_agreed']['value']);
-    $html_info = theme('eu_cookie_compliance_popup_info', check_markup($popup_text_info, $popup_settings['popup_info']['format'], FALSE),$popup_settings['popup_agree_button_message'],$popup_settings['popup_disagree_button_message']);
-    $html_agreed = theme('eu_cookie_compliance_popup_agreed', check_markup($popup_text_agreed, $popup_settings['popup_agreed']['format'], FALSE),$popup_settings['popup_hide_button_message'],$popup_settings['popup_find_more_button_message']);
+    $popup_text_info = str_replace(array("\r", "\n"), '', filter_xss($popup_settings['popup_info']['value']));
+    $popup_text_agreed = str_replace(array("\r", "\n"), '', filter_xss($popup_settings['popup_agreed']['value']));
+    $html_info = theme('eu_cookie_compliance_popup_info', check_markup($popup_text_info, $popup_settings['popup_info']['format'], FALSE), filter_xss($popup_settings['popup_agree_button_message']), filter_xss($popup_settings['popup_disagree_button_message']));
+    $html_agreed = theme('eu_cookie_compliance_popup_agreed', check_markup($popup_text_agreed, $popup_settings['popup_agreed']['format'], FALSE), filter_xss($popup_settings['popup_hide_button_message']), filter_xss($popup_settings['popup_find_more_button_message']));
     $clicking_confirmation = (isset($popup_settings['popup_clicking_confirmation']))? $popup_settings['popup_clicking_confirmation'] : TRUE ;
     $variables = array(
       'popup_enabled' => $popup_settings['popup_enabled'],
@@ -60,7 +60,7 @@ function eu_cookie_compliance_footer() {
       'popup_height' => ($popup_settings['popup_height']) ? (int) $popup_settings['popup_height'] : 'auto',
       'popup_width' => (drupal_substr($popup_settings['popup_width'], -1) == '%') ? $popup_settings['popup_width'] : (int) $popup_settings['popup_width'],
       'popup_delay' => (int) ($popup_settings['popup_delay'] * 1000),
-      'popup_link' => empty($popup_settings['popup_link']) ? FALSE : $popup_settings['popup_link'],
+      'popup_link' => empty($popup_settings['popup_link']) ? FALSE : url($popup_settings['popup_link']),
       'popup_position' => empty($popup_settings['popup_position']) ? NULL : $popup_settings['popup_position'],
       'popup_language' => $language->language,
     );