Commit d70777be authored by Daniel Linn's avatar Daniel Linn
Browse files

Added some more XSS checks

parent 3e118f80
name = Taxonomy Formatter
description = "Add a formatter to taxonomy terms that allows selection of element type, wrapper type, and separators."
package = Fields
core = 7.x
files[] = taxonomy_formatter.module
\ No newline at end of file
...@@ -98,20 +98,20 @@ function taxonomy_formatter_field_formatter_settings_form($field, $instance, $vi ...@@ -98,20 +98,20 @@ function taxonomy_formatter_field_formatter_settings_form($field, $instance, $vi
function taxonomy_formatter_field_formatter_settings_summary($field, $instance, $view_mode) { function taxonomy_formatter_field_formatter_settings_summary($field, $instance, $view_mode) {
$display = $instance['display'][$view_mode]; $display = $instance['display'][$view_mode];
$settings = $display['settings']; $settings = $display['settings'];
$summary = t('The Terms will be displayed separated by "') . $settings['separator_option'] . '"'; $summary = t('The Terms will be displayed separated by "@separator"', array('@separator' => $settings['separator_option']));
if ($settings['links_option']) { if ($settings['links_option']) {
$summary .= t('<br>The terms will link to the term pages'); $summary .= t('<br>The terms will link to the term pages');
} }
if ($settings['element_option']!="- None -") { if ($settings['element_option']!="- None -") {
$summary .= "<br>Elements will be wrapped in a " . $settings['element_option'] . " tag"; $summary .= t('<br>Elements will be wrapped in a "@element" tag', array('@element' => $settings['element_option']));
if (!empty($settings['element_class'])) { if (!empty($settings['element_class'])) {
$summary .= " with the class of " . $settings['element_class']; $summary .= t(' with the class of @elemclass', array('@elemclass' => $settings['element_class']));
} }
} }
if ($settings['wrapper_option']!="- None -") { if ($settings['wrapper_option']!="- None -") {
$summary .= "<br>The entire list will be wrapped in a " . $settings['wrapper_option'] . " tag"; $summary .= t('<br>The entire list will be wrapped in a "@wrapper" tag', array('@wrapper' => $settings['wrapper_option']));
if (!empty($settings['wrapper_class'])) { if (!empty($settings['wrapper_class'])) {
$summary .= " with the class of " . $settings['wrapper_class']; $summary .= t(' with the class of @wrapclass', array('@wrapclass' => $settings['wrapper_class']));
} }
} }
return $summary; return $summary;
...@@ -122,9 +122,9 @@ function taxonomy_formatter_field_formatter_settings_summary($field, $instance, ...@@ -122,9 +122,9 @@ function taxonomy_formatter_field_formatter_settings_summary($field, $instance,
function taxonomy_formatter_field_formatter_view($entity_type, $entity, $field, $instance, $langcode, $items, $display) { function taxonomy_formatter_field_formatter_view($entity_type, $entity, $field, $instance, $langcode, $items, $display) {
$settings = $display['settings']; $settings = $display['settings'];
$element = array(); $element = array();
$separator = $settings['separator_option']; $separator = check_plain($settings['separator_option']);
if ($settings['element_option']!='- None -') { if ($settings['element_option']!='- None -') {
$elementwrap[0] = '<' . $settings['element_option'] . ' class="' . $settings['element_class'] . '">'; $elementwrap[0] = '<' . $settings['element_option'] . ' class="' . check_plain($settings['element_class']) . '">';
$elementwrap[1] = '</' . $settings['element_option'] . '>'; $elementwrap[1] = '</' . $settings['element_option'] . '>';
} }
else { else {
...@@ -132,7 +132,7 @@ function taxonomy_formatter_field_formatter_view($entity_type, $entity, $field, ...@@ -132,7 +132,7 @@ function taxonomy_formatter_field_formatter_view($entity_type, $entity, $field,
$elementwrap[1] = ''; $elementwrap[1] = '';
} }
if ($settings['wrapper_option']!='- None -') { if ($settings['wrapper_option']!='- None -') {
$wrapper[0] = '<' . $settings['wrapper_option'] . ' class="' . $settings['wrapper_class'] . '">'; $wrapper[0] = '<' . $settings['wrapper_option'] . ' class="' . check_plain($settings['wrapper_class']) . '">';
$wrapper[1] = '</' . $settings['wrapper_option'] . '>'; $wrapper[1] = '</' . $settings['wrapper_option'] . '>';
} }
else { else {
...@@ -146,7 +146,7 @@ function taxonomy_formatter_field_formatter_view($entity_type, $entity, $field, ...@@ -146,7 +146,7 @@ function taxonomy_formatter_field_formatter_view($entity_type, $entity, $field,
$actterm = entity_load('taxonomy_term', $term); $actterm = entity_load('taxonomy_term', $term);
$uri = entity_uri('taxonomy_term', $actterm[$termid]); $uri = entity_uri('taxonomy_term', $actterm[$termid]);
if ($settings['links_option']) { if ($settings['links_option']) {
$formatted .= $elementwrap[0] . '<a href=\'/' . l(check_plain($actterm[$termid]->name),$uri['path']) . $elementwrap[1] . $separator; $formatted .= $elementwrap[0] . l($actterm[$termid]->name, $uri['path'], $uri['options']) . $elementwrap[1] . $separator;
} }
else { else {
$formatted .= $elementwrap[0] . check_plain($actterm[$termid]->name) . $elementwrap[1] . $separator; $formatted .= $elementwrap[0] . check_plain($actterm[$termid]->name) . $elementwrap[1] . $separator;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment