diff --git a/includes/theme.inc b/includes/theme.inc index c4b7122..b2e0a1a 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -766,7 +766,7 @@ function _theme_build_registry($theme, $base_theme, $theme_engine) { * their base theme), direct sub-themes of sub-themes, etc. The keys are * the themes' machine names, and the values are the themes' human-readable * names. This element is not set if there are no themes on the system that - * declare this theme as their base theme. + * declare this theme as their base theme. */ function list_themes($refresh = FALSE) { $list = &drupal_static(__FUNCTION__, array()); @@ -2482,7 +2482,7 @@ function template_preprocess_html(&$variables) { else { $head_title = array('name' => check_plain(variable_get('site_name', 'Drupal'))); if (variable_get('site_slogan', '')) { - $head_title['slogan'] = filter_xss_admin(variable_get('site_slogan', '')); + $head_title['slogan'] = strip_tags(variable_get('site_slogan', '')); } } $variables['head_title_array'] = $head_title; @@ -2539,7 +2539,7 @@ function template_preprocess_page(&$variables) { $variables['main_menu'] = theme_get_setting('toggle_main_menu') ? menu_main_menu() : array(); $variables['secondary_menu'] = theme_get_setting('toggle_secondary_menu') ? menu_secondary_menu() : array(); $variables['action_links'] = menu_local_actions(); - $variables['site_name'] = (theme_get_setting('toggle_name') ? filter_xss_admin(variable_get('site_name', 'Drupal')) : ''); + $variables['site_name'] = (theme_get_setting('toggle_name') ? check_plain(variable_get('site_name', 'Drupal')) : ''); $variables['site_slogan'] = (theme_get_setting('toggle_slogan') ? filter_xss_admin(variable_get('site_slogan', '')) : ''); $variables['tabs'] = menu_local_tabs(); @@ -2721,13 +2721,13 @@ function template_preprocess_maintenance_page(&$variables) { if (drupal_get_title()) { $head_title = array( 'title' => strip_tags(drupal_get_title()), - 'name' => variable_get('site_name', 'Drupal'), + 'name' => check_plain(variable_get('site_name', 'Drupal')), ); } else { - $head_title = array('name' => variable_get('site_name', 'Drupal')); + $head_title = array('name' => check_plain(variable_get('site_name', 'Drupal'))); if (variable_get('site_slogan', '')) { - $head_title['slogan'] = variable_get('site_slogan', ''); + $head_title['slogan'] = strip_tags(filter_xss_admin(variable_get('site_slogan', ''))); } } @@ -2747,8 +2747,8 @@ function template_preprocess_maintenance_page(&$variables) { $variables['messages'] = $variables['show_messages'] ? theme('status_messages') : ''; $variables['main_menu'] = array(); $variables['secondary_menu'] = array(); - $variables['site_name'] = (theme_get_setting('toggle_name') ? variable_get('site_name', 'Drupal') : ''); - $variables['site_slogan'] = (theme_get_setting('toggle_slogan') ? variable_get('site_slogan', '') : ''); + $variables['site_name'] = (theme_get_setting('toggle_name') ? check_plain(variable_get('site_name', 'Drupal')) : ''); + $variables['site_slogan'] = (theme_get_setting('toggle_slogan') ? strip_tags(filter_xss_admin(variable_get('site_slogan', ''))) : ''); $variables['tabs'] = ''; $variables['title'] = drupal_get_title(); diff --git a/modules/system/system.tokens.inc b/modules/system/system.tokens.inc index b612d10..1440b6a 100644 --- a/modules/system/system.tokens.inc +++ b/modules/system/system.tokens.inc @@ -151,7 +151,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a case 'slogan': $slogan = variable_get('site_slogan', ''); - $replacements[$original] = $sanitize ? check_plain($slogan) : $slogan; + $replacements[$original] = $sanitize ? filter_xss_admin($slogan) : $slogan; break; case 'mail': diff --git a/themes/bartik/template.php b/themes/bartik/template.php index 7466e05..42e7532 100644 --- a/themes/bartik/template.php +++ b/themes/bartik/template.php @@ -50,7 +50,7 @@ function bartik_process_page(&$variables) { $variables['hide_site_slogan'] = theme_get_setting('toggle_slogan') ? FALSE : TRUE; if ($variables['hide_site_name']) { // If toggle_name is FALSE, the site_name will be empty, so we rebuild it. - $variables['site_name'] = filter_xss_admin(variable_get('site_name', 'Drupal')); + $variables['site_name'] = check_plain(variable_get('site_name', 'Drupal')); } if ($variables['hide_site_slogan']) { // If toggle_site_slogan is FALSE, the site_slogan will be empty, so we rebuild it. @@ -97,7 +97,7 @@ function bartik_process_maintenance_page(&$variables) { $variables['hide_site_slogan'] = theme_get_setting('toggle_slogan') ? FALSE : TRUE; if ($variables['hide_site_name']) { // If toggle_name is FALSE, the site_name will be empty, so we rebuild it. - $variables['site_name'] = filter_xss_admin(variable_get('site_name', 'Drupal')); + $variables['site_name'] = check_plain(variable_get('site_name', 'Drupal')); } if ($variables['hide_site_slogan']) { // If toggle_site_slogan is FALSE, the site_slogan will be empty, so we rebuild it.