From 107e6f3bbc6963173e04b8350d4401ccb314e4fd Mon Sep 17 00:00:00 2001
From: Fabio Varesano <fax8@13637.no-reply.drupal.org>
Date: Mon, 19 Jun 2006 20:55:12 +0000
Subject: Corrected some XSS vulnerabilities. Thanks to Dries Buytaert for
 pointing them out.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Chænged '%d' to %d for Postgres SQL compatibility
---
 plugins/video_customfields/video_customfields.module | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins/video_customfields/video_customfields.module')

diff --git a/plugins/video_customfields/video_customfields.module b/plugins/video_customfields/video_customfields.module
index f6b2e50..95c993c 100644
--- a/plugins/video_customfields/video_customfields.module
+++ b/plugins/video_customfields/video_customfields.module
@@ -195,7 +195,7 @@ function theme_video_customfields($node) {
   if (($title1 . $title2 . $title3 . $title4 . $title5 . $title6) != '') {
     $output = '<div class="videofields">'; //Enclose all output in "videofields" div class.
     if ($group_title != '') {
-      $output .= '<div class="title"><h2>' . $group_title . '</h2></div>' . "\n";
+      $output .= '<div class="title"><h2>' . check_plain($group_title) . '</h2></div>' . "\n";
     }
     if ($title1 != '' and $node->custom_field_1 != '') {
       $fields[] = array('title' => $title1, 'body' => $field1);
-- 
cgit v1.2.3