aboutsummaryrefslogtreecommitdiff
path: root/plugins/video_customfields
diff options
context:
space:
mode:
authorFabio Varesano <fax8@13637.no-reply.drupal.org>2006-06-19 20:55:12 +0000
committerFabio Varesano <fax8@13637.no-reply.drupal.org>2006-06-19 20:55:12 +0000
commit107e6f3bbc6963173e04b8350d4401ccb314e4fd (patch)
tree5d0868c8fca1c642f363e6c006c031541e3143e5 /plugins/video_customfields
parentbff6fafe62a4201c99bdba20144313276d654bca (diff)
downloadvideo-107e6f3bbc6963173e04b8350d4401ccb314e4fd.tar.gz
video-107e6f3bbc6963173e04b8350d4401ccb314e4fd.tar.bz2
Corrected some XSS vulnerabilities.
Thanks to Dries Buytaert for pointing them out. Chænged '%d' to %d for Postgres SQL compatibility
Diffstat (limited to 'plugins/video_customfields')
-rw-r--r--plugins/video_customfields/video_customfields.module2
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/video_customfields/video_customfields.module b/plugins/video_customfields/video_customfields.module
index f6b2e50..95c993c 100644
--- a/plugins/video_customfields/video_customfields.module
+++ b/plugins/video_customfields/video_customfields.module
@@ -195,7 +195,7 @@ function theme_video_customfields($node) {
if (($title1 . $title2 . $title3 . $title4 . $title5 . $title6) != '') {
$output = '<div class="videofields">'; //Enclose all output in "videofields" div class.
if ($group_title != '') {
- $output .= '<div class="title"><h2>' . $group_title . '</h2></div>' . "\n";
+ $output .= '<div class="title"><h2>' . check_plain($group_title) . '</h2></div>' . "\n";
}
if ($title1 != '' and $node->custom_field_1 != '') {
$fields[] = array('title' => $title1, 'body' => $field1);