Commit d70777be authored by Daniel Linn's avatar Daniel Linn
Browse files

Added some more XSS checks

parent 3e118f80
name = Taxonomy Formatter
description = "Add a formatter to taxonomy terms that allows selection of element type, wrapper type, and separators."
package = Fields
core = 7.x
files[] = taxonomy_formatter.module
\ No newline at end of file
......@@ -98,20 +98,20 @@ function taxonomy_formatter_field_formatter_settings_form($field, $instance, $vi
function taxonomy_formatter_field_formatter_settings_summary($field, $instance, $view_mode) {
$display = $instance['display'][$view_mode];
$settings = $display['settings'];
$summary = t('The Terms will be displayed separated by "') . $settings['separator_option'] . '"';
$summary = t('The Terms will be displayed separated by "@separator"', array('@separator' => $settings['separator_option']));
if ($settings['links_option']) {
$summary .= t('<br>The terms will link to the term pages');
}
if ($settings['element_option']!="- None -") {
$summary .= "<br>Elements will be wrapped in a " . $settings['element_option'] . " tag";
$summary .= t('<br>Elements will be wrapped in a "@element" tag', array('@element' => $settings['element_option']));
if (!empty($settings['element_class'])) {
$summary .= " with the class of " . $settings['element_class'];
$summary .= t(' with the class of @elemclass', array('@elemclass' => $settings['element_class']));
}
}
if ($settings['wrapper_option']!="- None -") {
$summary .= "<br>The entire list will be wrapped in a " . $settings['wrapper_option'] . " tag";
$summary .= t('<br>The entire list will be wrapped in a "@wrapper" tag', array('@wrapper' => $settings['wrapper_option']));
if (!empty($settings['wrapper_class'])) {
$summary .= " with the class of " . $settings['wrapper_class'];
$summary .= t(' with the class of @wrapclass', array('@wrapclass' => $settings['wrapper_class']));
}
}
return $summary;
......@@ -122,9 +122,9 @@ function taxonomy_formatter_field_formatter_settings_summary($field, $instance,
function taxonomy_formatter_field_formatter_view($entity_type, $entity, $field, $instance, $langcode, $items, $display) {
$settings = $display['settings'];
$element = array();
$separator = $settings['separator_option'];
$separator = check_plain($settings['separator_option']);
if ($settings['element_option']!='- None -') {
$elementwrap[0] = '<' . $settings['element_option'] . ' class="' . $settings['element_class'] . '">';
$elementwrap[0] = '<' . $settings['element_option'] . ' class="' . check_plain($settings['element_class']) . '">';
$elementwrap[1] = '</' . $settings['element_option'] . '>';
}
else {
......@@ -132,7 +132,7 @@ function taxonomy_formatter_field_formatter_view($entity_type, $entity, $field,
$elementwrap[1] = '';
}
if ($settings['wrapper_option']!='- None -') {
$wrapper[0] = '<' . $settings['wrapper_option'] . ' class="' . $settings['wrapper_class'] . '">';
$wrapper[0] = '<' . $settings['wrapper_option'] . ' class="' . check_plain($settings['wrapper_class']) . '">';
$wrapper[1] = '</' . $settings['wrapper_option'] . '>';
}
else {
......@@ -146,7 +146,7 @@ function taxonomy_formatter_field_formatter_view($entity_type, $entity, $field,
$actterm = entity_load('taxonomy_term', $term);
$uri = entity_uri('taxonomy_term', $actterm[$termid]);
if ($settings['links_option']) {
$formatted .= $elementwrap[0] . '<a href=\'/' . l(check_plain($actterm[$termid]->name),$uri['path']) . $elementwrap[1] . $separator;
$formatted .= $elementwrap[0] . l($actterm[$termid]->name, $uri['path'], $uri['options']) . $elementwrap[1] . $separator;
}
else {
$formatted .= $elementwrap[0] . check_plain($actterm[$termid]->name) . $elementwrap[1] . $separator;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment