From 62718444d01f9018b95e96b2ecc44572a9495399 Mon Sep 17 00:00:00 2001
From: Dave Reid <dave@davereid.net>
Date: Fri, 17 Jun 2011 01:54:00 -0500
Subject: [PATCH] Fixed possible XSS with field labels in Feed importer mapping
settings.
---
mappers/date.inc | 7 +++----
mappers/field.inc | 2 +-
mappers/file.inc | 2 +-
mappers/link.inc | 4 ++--
mappers/taxonomy.inc | 2 +-
5 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/mappers/date.inc b/mappers/date.inc
index 19aa65da..6cc5bcaf 100644
--- a/mappers/date.inc
+++ b/mappers/date.inc
@@ -17,14 +17,13 @@ function date_feeds_processor_targets_alter(&$targets, $entity_type, $bundle_nam
$info = field_info_field($name);
if (in_array($info['type'], array('date', 'datestamp', 'datetime'))) {
$targets[$name . ':start'] = array(
- 'name' => $instance['label'] . ': Start',
+ 'name' => t('@name: Start', array('@name' => $instance['label'])),
'callback' => 'date_feeds_set_target',
- 'description' => t('The start date for the @name field. Also use if mapping both start and end.',
- array('@name' => $instance['label'])),
+ 'description' => t('The start date for the @name field. Also use if mapping both start and end.', array('@name' => $instance['label'])),
'real_target' => $name,
);
$targets[$name . ':end'] = array(
- 'name' => $instance['label'] . ': End',
+ 'name' => t('@name: End', array('@name' => $instance['label'])),
'callback' => 'date_feeds_set_target',
'description' => t('The end date for the @name field.', array('@name' => $instance['label'])),
'real_target' => $name,
diff --git a/mappers/field.inc b/mappers/field.inc
index c6cf9993..43d62c4b 100644
--- a/mappers/field.inc
+++ b/mappers/field.inc
@@ -40,7 +40,7 @@ function field_feeds_processor_targets_alter(&$targets, $entity_type, $bundle_na
}
if (isset($callback)) {
$targets[$name] = array(
- 'name' => $instance['label'],
+ 'name' => check_plain($instance['label']),
'callback' => $callback,
'description' => t('The @label field of the node.', array('@label' => $instance['label'])),
);
diff --git a/mappers/file.inc b/mappers/file.inc
index 1439ab08..63c1e2d0 100644
--- a/mappers/file.inc
+++ b/mappers/file.inc
@@ -21,7 +21,7 @@ function file_feeds_processor_targets_alter(&$targets, $entity_type, $bundle_nam
if (in_array($info['type'], array('file', 'image'))) {
$targets[$name] = array(
- 'name' => $instance['label'],
+ 'name' => check_plain($instance['label']),
'callback' => 'file_feeds_set_target',
'description' => t('The @label field of the node.', array('@label' => $instance['label'])),
);
diff --git a/mappers/link.inc b/mappers/link.inc
index c38f904e..029b795d 100644
--- a/mappers/link.inc
+++ b/mappers/link.inc
@@ -16,14 +16,14 @@ function link_feeds_processor_targets_alter(&$targets, $entity_type, $bundle_nam
if ($info['type'] == 'link_field') {
if (array_key_exists('url', $info['columns'])) {
$targets[$name . ':url'] = array(
- 'name' => $instance['label'] . ' URL',
+ 'name' => t('@name URL', array('@name' => $instance['label'])),
'callback' => 'link_feeds_set_target',
'description' => t('The @label field of the node.', array('@label' => $instance['label'])),
);
}
if (array_key_exists('title', $info['columns'])) {
$targets[$name . ':title'] = array(
- 'name' => $instance['label'] . ' Title',
+ 'name' => t('@name Title', array('@name' => $instance['label'])),
'callback' => 'link_feeds_set_target',
'description' => t('The @label field of the node.', array('@label' => $instance['label'])),
);
diff --git a/mappers/taxonomy.inc b/mappers/taxonomy.inc
index a4186645..90e4ef85 100644
--- a/mappers/taxonomy.inc
+++ b/mappers/taxonomy.inc
@@ -48,7 +48,7 @@ function taxonomy_feeds_processor_targets_alter(&$targets, $entity_type, $bundle
$info = field_info_field($name);
if ($info['type'] == 'taxonomy_term_reference') {
$targets[$name] = array(
- 'name' => $instance['label'],
+ 'name' => check_plain($instance['label']),
'callback' => 'taxonomy_feeds_set_target',
'description' => t('The @label field of the node.', array('@label' => $instance['label'])),
);
--
GitLab