diff options
| author | Fabio Varesano <fax8@13637.no-reply.drupal.org> | 2006-06-19 20:55:12 +0000 |
|---|---|---|
| committer | Fabio Varesano <fax8@13637.no-reply.drupal.org> | 2006-06-19 20:55:12 +0000 |
| commit | 107e6f3bbc6963173e04b8350d4401ccb314e4fd (patch) | |
| tree | 5d0868c8fca1c642f363e6c006c031541e3143e5 /plugins/video_customfields/video_customfields.module | |
| parent | bff6fafe62a4201c99bdba20144313276d654bca (diff) | |
| download | video-107e6f3bbc6963173e04b8350d4401ccb314e4fd.tar.gz video-107e6f3bbc6963173e04b8350d4401ccb314e4fd.tar.bz2 | |
Corrected some XSS vulnerabilities.
Thanks to Dries Buytaert for pointing them out.
Chænged '%d' to %d for Postgres SQL compatibility
Diffstat (limited to 'plugins/video_customfields/video_customfields.module')
| -rw-r--r-- | plugins/video_customfields/video_customfields.module | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/video_customfields/video_customfields.module b/plugins/video_customfields/video_customfields.module index f6b2e50..95c993c 100644 --- a/plugins/video_customfields/video_customfields.module +++ b/plugins/video_customfields/video_customfields.module @@ -195,7 +195,7 @@ function theme_video_customfields($node) { if (($title1 . $title2 . $title3 . $title4 . $title5 . $title6) != '') { $output = '<div class="videofields">'; //Enclose all output in "videofields" div class. if ($group_title != '') { - $output .= '<div class="title"><h2>' . $group_title . '</h2></div>' . "\n"; + $output .= '<div class="title"><h2>' . check_plain($group_title) . '</h2></div>' . "\n"; } if ($title1 != '' and $node->custom_field_1 != '') { $fields[] = array('title' => $title1, 'body' => $field1); |