diff --git a/core/includes/ajax.inc b/core/includes/ajax.inc index e11d366..dea6443 100644 --- a/core/includes/ajax.inc +++ b/core/includes/ajax.inc @@ -6,6 +6,7 @@ */ use Drupal\Component\Utility\Json; +use Drupal\Component\Utility\Xss; /** * @defgroup ajax Ajax framework @@ -335,7 +336,7 @@ function ajax_prepare_response($page_callback_result) { break; case MENU_SITE_OFFLINE: - $commands[] = ajax_command_alert(filter_xss_admin(t(\Drupal::config('system.maintenance')->get('message'), array('@site' => \Drupal::config('system.site')->get('name'))))); + $commands[] = ajax_command_alert(Xss::filterAdmin(t(\Drupal::config('system.maintenance')->get('message'), array('@site' => \Drupal::config('system.site')->get('name'))))); break; } } diff --git a/core/includes/common.inc b/core/includes/common.inc index d203772..9f2fe27 100644 --- a/core/includes/common.inc +++ b/core/includes/common.inc @@ -3080,9 +3080,9 @@ function _drupal_bootstrap_code() { // Set the allowed protocols once we have the config available. $allowed_protocols = \Drupal::config('system.filter')->get('protocols'); if (!isset($allowed_protocols)) { - // filter_xss_admin() is called by the installer and update.php, in which - // case the configuration may not exist (yet). Provide a minimal default set - // of allowed protocols for these cases. + // \Drupal\Component\Utility\Xss::filterAdmin() is called by the installer + // and update.php, in which case the configuration may not exist (yet). + // Provide a minimal default set of allowed protocols for these cases. $allowed_protocols = array('http', 'https'); } Url::setAllowedProtocols($allowed_protocols); diff --git a/core/includes/errors.inc b/core/includes/errors.inc index 208a679..dbde0a2 100644 --- a/core/includes/errors.inc +++ b/core/includes/errors.inc @@ -7,6 +7,7 @@ use Drupal\Core\Utility\Error; use Drupal\Component\Utility\String; +use Drupal\Component\Utility\Xss; use Symfony\Component\HttpFoundation\Response; /** @@ -70,7 +71,7 @@ function _drupal_error_handler_real($error_level, $message, $filename, $line, $c '%type' => isset($types[$error_level]) ? $severity_msg : 'Unknown error', // The standard PHP error handler considers that the error messages // are HTML. We mimick this behavior here. - '!message' => filter_xss_admin($message), + '!message' => Xss::filterAdmin($message), '%function' => $caller['function'], '%file' => $caller['file'], '%line' => $caller['line'], diff --git a/core/includes/form.inc b/core/includes/form.inc index c33ff6f..67a09c3 100644 --- a/core/includes/form.inc +++ b/core/includes/form.inc @@ -9,6 +9,7 @@ use Drupal\Component\Utility\Number; use Drupal\Component\Utility\String; use Drupal\Component\Utility\Url; +use Drupal\Component\Utility\Xss; use Drupal\Core\Database\Database; use Drupal\Core\Language\Language; use Drupal\Core\Template\Attribute; @@ -2853,7 +2854,7 @@ function theme_form_element_label($variables) { $required = drupal_render($marker); } - $title = filter_xss_admin($element['#title']); + $title = Xss::filterAdmin($element['#title']); $attributes = array(); // Style the label as class option to display inline with the element. diff --git a/core/includes/theme.inc b/core/includes/theme.inc index 4ebe08a..1bd65b0 100644 --- a/core/includes/theme.inc +++ b/core/includes/theme.inc @@ -10,6 +10,7 @@ use Drupal\Component\Utility\String; use Drupal\Component\Utility\Url; +use Drupal\Component\Utility\Xss; use Drupal\Core\Config\Config; use Drupal\Core\Language\Language; use Drupal\Core\Extension\ExtensionNameLengthException; @@ -2107,7 +2108,7 @@ function template_preprocess_html(&$variables) { else { $head_title = array('name' => String::checkPlain($site_config->get('name'))); if ($site_config->get('slogan')) { - $head_title['slogan'] = strip_tags(filter_xss_admin($site_config->get('slogan'))); + $head_title['slogan'] = strip_tags(Xss::filterAdmin($site_config->get('slogan'))); } } @@ -2207,7 +2208,7 @@ function template_preprocess_page(&$variables) { $variables['secondary_menu'] = theme_get_setting('features.secondary_menu') ? menu_secondary_menu() : array(); $variables['action_links'] = menu_get_local_actions(); $variables['site_name'] = (theme_get_setting('features.name') ? String::checkPlain($site_config->get('name')) : ''); - $variables['site_slogan'] = (theme_get_setting('features.slogan') ? filter_xss_admin($site_config->get('slogan')) : ''); + $variables['site_slogan'] = (theme_get_setting('features.slogan') ? Xss::filterAdmin($site_config->get('slogan')) : ''); $variables['tabs'] = menu_local_tabs(); if (isset($variables['page']['#title'])) { @@ -2410,7 +2411,7 @@ function template_preprocess_maintenance_page(&$variables) { else { $head_title = array('name' => String::checkPlain($site_name)); if ($site_slogan) { - $head_title['slogan'] = strip_tags(filter_xss_admin($site_slogan)); + $head_title['slogan'] = strip_tags(Xss::filterAdmin($site_slogan)); } } @@ -2456,7 +2457,7 @@ function template_preprocess_maintenance_page(&$variables) { $variables['main_menu'] = array(); $variables['secondary_menu'] = array(); $variables['site_name'] = (theme_get_setting('features.name') ? String::checkPlain($site_name) : ''); - $variables['site_slogan'] = (theme_get_setting('features.slogan') ? filter_xss_admin($site_slogan) : ''); + $variables['site_slogan'] = (theme_get_setting('features.slogan') ? Xss::filterAdmin($site_slogan) : ''); $variables['tabs'] = ''; // Compile a list of classes that are going to be applied to the body element. diff --git a/core/lib/Drupal/Core/EventSubscriber/MaintenanceModeSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/MaintenanceModeSubscriber.php index 39aad11..328c41a 100644 --- a/core/lib/Drupal/Core/EventSubscriber/MaintenanceModeSubscriber.php +++ b/core/lib/Drupal/Core/EventSubscriber/MaintenanceModeSubscriber.php @@ -7,6 +7,7 @@ namespace Drupal\Core\EventSubscriber; +use Drupal\Component\Utility\Xss; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\KernelEvents; @@ -47,7 +48,7 @@ public function onKernelRequestMaintenance(GetResponseEvent $event) { drupal_set_title(t('Site under maintenance')); $maintenance_page = array( '#theme' => 'maintenance_page', - '#content' => filter_xss_admin( + '#content' => Xss::filterAdmin( t(\Drupal::config('system.maintenance')->get('message'), array('@site' => \Drupal::config('system.site')->get('name'))) ), ); diff --git a/core/modules/block/custom_block/custom_block.pages.inc b/core/modules/block/custom_block/custom_block.pages.inc index 4cca4cc..f24e16b 100644 --- a/core/modules/block/custom_block/custom_block.pages.inc +++ b/core/modules/block/custom_block/custom_block.pages.inc @@ -5,6 +5,7 @@ * Provides page callbacks for custom blocks. */ +use Drupal\Component\Utility\Xss; use Drupal\custom_block\Entity\CustomBlockType; use Drupal\custom_block\Entity\CustomBlock; use Symfony\Component\HttpFoundation\RedirectResponse; @@ -26,7 +27,7 @@ function template_preprocess_custom_block_add_list(&$variables) { foreach ($variables['content'] as $type) { $variables['types'][$type->id()] = array( 'link' => \Drupal::l($type->label(), 'custom_block.add_form', array('custom_block_type' => $type->id()), array('query' => $query)), - 'description' => filter_xss_admin($type->description), + 'description' => Xss::filterAdmin($type->description), 'title' => $type->label(), 'localized_options' => array( 'query' => $query, diff --git a/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeListController.php b/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeListController.php index 84a8ad9..a3c7418 100644 --- a/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeListController.php +++ b/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeListController.php @@ -7,6 +7,7 @@ namespace Drupal\custom_block; +use Drupal\Component\Utility\Xss; use Drupal\Core\Config\Entity\ConfigEntityListController; use Drupal\Core\Entity\EntityInterface; @@ -43,7 +44,7 @@ public function buildHeader() { public function buildRow(EntityInterface $entity) { $uri = $entity->urlInfo(); $row['type'] = \Drupal::l($entity->label(), $uri['route_name'], $uri['route_parameters'], $uri['options']); - $row['description'] = filter_xss_admin($entity->description); + $row['description'] = Xss::filterAdmin($entity->description); return $row + parent::buildRow($entity); } diff --git a/core/modules/dblog/lib/Drupal/dblog/Tests/Views/ViewsIntegrationTest.php b/core/modules/dblog/lib/Drupal/dblog/Tests/Views/ViewsIntegrationTest.php index dce1106..e90436a 100644 --- a/core/modules/dblog/lib/Drupal/dblog/Tests/Views/ViewsIntegrationTest.php +++ b/core/modules/dblog/lib/Drupal/dblog/Tests/Views/ViewsIntegrationTest.php @@ -76,7 +76,8 @@ public function testIntegration() { $entries[] = array( 'message' => '@token1 !token2', 'variables' => array('@token1' => $this->randomName(), '!token2' => $this->randomName()), - // Setup a link with a tag which is filtered by filter_xss_admin. + // Setup a link with a tag which is filtered by + // \Drupal\Component\Utility\Xss::filterAdmin(). 'link' => l('Link', 'node/2', array('html' => TRUE)), ); foreach ($entries as $entry) { diff --git a/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/views/style/EntityReference.php b/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/views/style/EntityReference.php index 03fdf24..37a446b 100644 --- a/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/views/style/EntityReference.php +++ b/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/views/style/EntityReference.php @@ -7,6 +7,7 @@ namespace Drupal\entity_reference\Plugin\views\style; +use Drupal\Component\Utility\Xss; use Drupal\views\Plugin\views\style\StylePluginBase; /** @@ -92,7 +93,7 @@ public function render() { // Sanitize HTML, remove line breaks and extra whitespace. $output = $this->view->rowPlugin->render($values); $output = drupal_render($output); - $results[$values->{$id_field_alias}] = filter_xss_admin(preg_replace('/\s\s+/', ' ', str_replace("\n", '', $output))); + $results[$values->{$id_field_alias}] = Xss::filterAdmin(preg_replace('/\s\s+/', ' ', str_replace("\n", '', $output))); $this->view->row_index++; } } diff --git a/core/modules/field/field.module b/core/modules/field/field.module index 6a8b941..a0f0ba7 100644 --- a/core/modules/field/field.module +++ b/core/modules/field/field.module @@ -290,7 +290,8 @@ function field_cache_clear() { /** * Filters an HTML string to prevent cross-site-scripting (XSS) vulnerabilities. * - * Like filter_xss_admin(), but with a shorter list of allowed tags. + * Like \Drupal\Component\Utility\Xss::filterAdmin(), but with a shorter list of + * allowed tags. * * Used for items entered by administrators, like field descriptions, allowed * values, where some (mainly inline) mark-up may be desired (so diff --git a/core/modules/field/lib/Drupal/field/Plugin/views/field/Field.php b/core/modules/field/lib/Drupal/field/Plugin/views/field/Field.php index cc3dacc..96ef257 100644 --- a/core/modules/field/lib/Drupal/field/Plugin/views/field/Field.php +++ b/core/modules/field/lib/Drupal/field/Plugin/views/field/Field.php @@ -8,6 +8,7 @@ namespace Drupal\field\Plugin\views\field; use Drupal\Component\Utility\MapArray; +use Drupal\Component\Utility\Xss; use Drupal\Core\Entity\EntityInterface; use Drupal\Core\Entity\EntityManagerInterface; use Drupal\Core\Entity\EntityStorageControllerInterface; @@ -646,7 +647,7 @@ protected function renderItems($items) { } if ($this->options['multi_type'] == 'separator') { - return implode(filter_xss_admin($this->options['separator']), $items); + return implode(Xss::filterAdmin($this->options['separator']), $items); } else { $item_list = array( @@ -829,8 +830,9 @@ protected function documentSelfTokens(&$tokens) { protected function addSelfTokens(&$tokens, $item) { $field = $this->field_info; foreach ($field->getColumns() as $id => $column) { - // Use filter_xss_admin because it's user data and we can't be sure it is safe. - // We know nothing about the data, though, so we can't really do much else. + // Use \Drupal\Component\Utility\Xss::filterAdmin() because it's user data + // and we can't be sure it is safe. We know nothing about the data, + // though, so we can't really do much else. if (isset($item['raw'])) { // If $item['raw'] is an array then we can use as is, if it's an object @@ -839,7 +841,7 @@ protected function addSelfTokens(&$tokens, $item) { (is_object($item['raw']) ? (array)$item['raw'] : NULL); } if (isset($raw) && isset($raw[$id]) && is_scalar($raw[$id])) { - $tokens['[' . $this->options['id'] . '-' . $id . ']'] = filter_xss_admin($raw[$id]); + $tokens['[' . $this->options['id'] . '-' . $id . ']'] = Xss::filterAdmin($raw[$id]); } else { // Make sure that empty values are replaced as well. diff --git a/core/modules/forum/forum.module b/core/modules/forum/forum.module index 18e4149..bb9d447 100644 --- a/core/modules/forum/forum.module +++ b/core/modules/forum/forum.module @@ -6,6 +6,7 @@ */ use Drupal\Core\Entity\EntityInterface; +use Drupal\Component\Utility\Xss; use Drupal\field\Field; /** @@ -776,7 +777,7 @@ function template_preprocess_forum_list(&$variables) { $row = 0; // Sanitize each forum so that the template can safely print the data. foreach ($variables['forums'] as $id => $forum) { - $variables['forums'][$id]->description = filter_xss_admin($forum->description->value); + $variables['forums'][$id]->description = Xss::filterAdmin($forum->description->value); $variables['forums'][$id]->link = url("forum/" . $forum->id()); $variables['forums'][$id]->name = check_plain($forum->label()); $variables['forums'][$id]->is_container = !empty($forum->forum_container->value); diff --git a/core/modules/locale/locale.module b/core/modules/locale/locale.module index 8386be5..efa88d2 100644 --- a/core/modules/locale/locale.module +++ b/core/modules/locale/locale.module @@ -1116,9 +1116,9 @@ function locale_translation_use_remote_source() { * a & in the translation would get encoded to & by filter_xss() * before being put in the database, and thus would be displayed incorrectly. * - * The allowed tag list is like filter_xss_admin(), but omitting div and img as - * not needed for translation and likely to cause layout issues (div) or a - * possible attack vector (img). + * The allowed tag list is like \Drupal\Component\Utility\Xss::filterAdmin(), + * but omitting div and img as not needed for translation and likely to cause + * layout issues (div) or a possible attack vector (img). */ function locale_string_is_safe($string) { return decode_entities($string) == decode_entities(filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'ins', 'kbd', 'li', 'ol', 'p', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var'))); diff --git a/core/modules/menu/lib/Drupal/menu/MenuListController.php b/core/modules/menu/lib/Drupal/menu/MenuListController.php index 18a3732..c890351 100644 --- a/core/modules/menu/lib/Drupal/menu/MenuListController.php +++ b/core/modules/menu/lib/Drupal/menu/MenuListController.php @@ -6,6 +6,7 @@ namespace Drupal\menu; +use Drupal\Component\Utility\Xss; use Drupal\Core\Config\Entity\ConfigEntityListController; use Drupal\Core\Entity\EntityInterface; @@ -34,7 +35,7 @@ public function buildRow(EntityInterface $entity) { 'data' => $this->getLabel($entity), 'class' => array('menu-label'), ); - $row['description'] = filter_xss_admin($entity->description); + $row['description'] = Xss::filterAdmin($entity->description); return $row + parent::buildRow($entity); } diff --git a/core/modules/node/node.module b/core/modules/node/node.module index 5e10d96..cef39dc 100644 --- a/core/modules/node/node.module +++ b/core/modules/node/node.module @@ -9,6 +9,7 @@ */ use Drupal\Component\Utility\String; +use Drupal\Component\Utility\Xss; use Drupal\Core\Language\Language; use Symfony\Component\HttpFoundation\Response; use Drupal\Core\Cache\Cache; @@ -133,12 +134,12 @@ function node_help($path, $arg) { case 'node/%/edit': $node = node_load($arg[1]); $type = node_type_load($node->bundle()); - return (!empty($type->help) ? filter_xss_admin($type->help) : ''); + return (!empty($type->help) ? Xss::filterAdmin($type->help) : ''); } if ($arg[0] == 'node' && $arg[1] == 'add' && $arg[2]) { $type = node_type_load($arg[2]); - return (!empty($type->help) ? filter_xss_admin($type->help) : ''); + return (!empty($type->help) ? Xss::filterAdmin($type->help) : ''); } } diff --git a/core/modules/node/node.pages.inc b/core/modules/node/node.pages.inc index 44ccc9e..811455a 100644 --- a/core/modules/node/node.pages.inc +++ b/core/modules/node/node.pages.inc @@ -11,6 +11,7 @@ use Symfony\Component\HttpFoundation\RedirectResponse; use Drupal\node\NodeInterface; +use Drupal\Component\Utility\Xss; /** * Prepares variables for list of available node type templates. @@ -30,7 +31,7 @@ function template_preprocess_node_add_list(&$variables) { $variables['types'][$type->type] = array( 'type' => $type->type, 'add_link' => l($type->name, 'node/add/' . $type->type), - 'description' => filter_xss_admin($type->description), + 'description' => Xss::filterAdmin($type->description), ); } } diff --git a/core/modules/system/lib/Drupal/system/Tests/System/PageTitleTest.php b/core/modules/system/lib/Drupal/system/Tests/System/PageTitleTest.php index 33f2f47..529e35d 100644 --- a/core/modules/system/lib/Drupal/system/Tests/System/PageTitleTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/System/PageTitleTest.php @@ -7,6 +7,7 @@ namespace Drupal\system\Tests\System; +use Drupal\Component\Utility\Xss; use Drupal\Core\Utility\Title; use Drupal\simpletest\WebTestBase; @@ -91,7 +92,7 @@ function testTitleXSS() { $title_filtered = check_plain($title); $slogan = ''; - $slogan_filtered = filter_xss_admin($slogan); + $slogan_filtered = Xss::filterAdmin($slogan); // Activate needed appearance settings. $edit = array( diff --git a/core/modules/system/system.admin.inc b/core/modules/system/system.admin.inc index 4a6005d..02e565f 100644 --- a/core/modules/system/system.admin.inc +++ b/core/modules/system/system.admin.inc @@ -6,6 +6,7 @@ */ use Drupal\Core\Cache\Cache; +use Drupal\Component\Utility\Xss; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; @@ -149,7 +150,7 @@ function theme_admin_block_content($variables) { foreach ($content as $item) { $output .= '
' . l($item['title'], $item['link_path'], $item['localized_options']) . '
'; if (!$compact && isset($item['description'])) { - $output .= '
' . filter_xss_admin($item['description']) . '
'; + $output .= '
' . Xss::filterAdmin($item['description']) . '
'; } } $output .= ''; diff --git a/core/modules/system/system.tokens.inc b/core/modules/system/system.tokens.inc index 4c27e2c..3750ff2 100644 --- a/core/modules/system/system.tokens.inc +++ b/core/modules/system/system.tokens.inc @@ -7,6 +7,8 @@ * This file handles tokens for the global 'site' and 'date' tokens. */ +use Drupal\Component\Utility\Xss; + /** * Implements hook_token_info(). */ @@ -109,7 +111,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a case 'slogan': $slogan = \Drupal::config('system.site')->get('slogan'); - $replacements[$original] = $sanitize ? filter_xss_admin($slogan) : $slogan; + $replacements[$original] = $sanitize ? Xss::filterAdmin($slogan) : $slogan; break; case 'mail': diff --git a/core/modules/text/lib/Drupal/text/Tests/Formatter/TextPlainUnitTest.php b/core/modules/text/lib/Drupal/text/Tests/Formatter/TextPlainUnitTest.php index 2890f27..c586f29 100644 --- a/core/modules/text/lib/Drupal/text/Tests/Formatter/TextPlainUnitTest.php +++ b/core/modules/text/lib/Drupal/text/Tests/Formatter/TextPlainUnitTest.php @@ -10,6 +10,7 @@ use Drupal\Core\Entity\ContentEntityInterface; use Drupal\Core\Entity\Display\EntityViewDisplayInterface; use Drupal\Core\Language\Language; +use Drupal\Component\Utility\Xss; use Drupal\simpletest\DrupalUnitTestBase; /** diff --git a/core/modules/tour/lib/Drupal/tour/Plugin/tour/tip/TipPluginText.php b/core/modules/tour/lib/Drupal/tour/Plugin/tour/tip/TipPluginText.php index d883490..1858370 100644 --- a/core/modules/tour/lib/Drupal/tour/Plugin/tour/tip/TipPluginText.php +++ b/core/modules/tour/lib/Drupal/tour/Plugin/tour/tip/TipPluginText.php @@ -7,6 +7,7 @@ namespace Drupal\tour\Plugin\tour\tip; +use Drupal\Component\Utility\Xss; use Drupal\Core\Plugin\ContainerFactoryPluginInterface; use Drupal\Core\Utility\Token; use Drupal\tour\TipPluginBase; @@ -119,7 +120,7 @@ public function getAttributes() { */ public function getOutput() { $output = '

' . check_plain($this->getLabel()) . '

'; - $output .= '

' . filter_xss_admin($this->token->replace($this->getBody())) . '

'; + $output .= '

' . Xss::filterAdmin($this->token->replace($this->getBody())) . '

'; return array('#markup' => $output); } diff --git a/core/modules/views/lib/Drupal/views/Plugin/views/area/TextCustom.php b/core/modules/views/lib/Drupal/views/Plugin/views/area/TextCustom.php index 4494caa..6c29de8 100644 --- a/core/modules/views/lib/Drupal/views/Plugin/views/area/TextCustom.php +++ b/core/modules/views/lib/Drupal/views/Plugin/views/area/TextCustom.php @@ -53,7 +53,7 @@ public function render($empty = FALSE) { } /** - * Render a text area with filter_xss_admin. + * Render a text area with \Drupal\Component\Utility\Xss::filterAdmin(). */ public function renderTextarea($value) { if ($value) { diff --git a/core/modules/views/lib/Drupal/views/Plugin/views/field/Boolean.php b/core/modules/views/lib/Drupal/views/Plugin/views/field/Boolean.php index c0676a3..484aeb5 100644 --- a/core/modules/views/lib/Drupal/views/Plugin/views/field/Boolean.php +++ b/core/modules/views/lib/Drupal/views/Plugin/views/field/Boolean.php @@ -7,6 +7,7 @@ namespace Drupal\views\Plugin\views\field; +use Drupal\Component\Utility\Xss as UtilityXss; use Drupal\views\ResultRow; use Drupal\views\ViewExecutable; use Drupal\views\Plugin\views\display\DisplayPluginBase; @@ -110,7 +111,7 @@ public function render(ResultRow $values) { } if ($this->options['type'] == 'custom') { - return $value ? filter_xss_admin($this->options['type_custom_true']) : filter_xss_admin($this->options['type_custom_false']); + return $value ? UtilityXss::filterAdmin($this->options['type_custom_true']) : UtilityXss::filterAdmin($this->options['type_custom_false']); } elseif (isset($this->formats[$this->options['type']])) { return $value ? $this->formats[$this->options['type']][0] : $this->formats[$this->options['type']][1]; diff --git a/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php b/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php index aaf6e89..2a9abdc 100644 --- a/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php +++ b/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php @@ -12,6 +12,7 @@ use Drupal\views\Plugin\views\display\DisplayPluginBase; use Drupal\views\ResultRow; use Drupal\views\ViewExecutable; +use Drupal\Component\Utility\Xss; /** * @defgroup views_field_handlers Views field handlers @@ -1251,7 +1252,7 @@ public function renderText($alter) { if ($this->options['alter']['more_link'] && strlen($value) < $length) { $tokens = $this->getRenderTokens($alter); $more_link_text = $this->options['alter']['more_link_text'] ? $this->options['alter']['more_link_text'] : t('more'); - $more_link_text = strtr(filter_xss_admin($more_link_text), $tokens); + $more_link_text = strtr(Xss::filterAdmin($more_link_text), $tokens); $more_link_path = $this->options['alter']['more_link_path']; $more_link_path = strip_tags(decode_entities(strtr($more_link_path, $tokens))); @@ -1288,7 +1289,7 @@ public function renderText($alter) { */ protected function renderAltered($alter, $tokens) { // Filter this right away as our substitutions are already sanitized. - $value = filter_xss_admin($alter['text']); + $value = Xss::filterAdmin($alter['text']); $value = strtr($value, $tokens); return $value; @@ -1314,7 +1315,7 @@ protected function renderAsLink($alter, $text, $tokens) { $value = ''; if (!empty($alter['prefix'])) { - $value .= filter_xss_admin(strtr($alter['prefix'], $tokens)); + $value .= Xss::filterAdmin(strtr($alter['prefix'], $tokens)); } $options = array( @@ -1454,7 +1455,7 @@ protected function renderAsLink($alter, $text, $tokens) { $value .= l($text, $path, $options); if (!empty($alter['suffix'])) { - $value .= filter_xss_admin(strtr($alter['suffix'], $tokens)); + $value .= Xss::filterAdmin(strtr($alter['suffix'], $tokens)); } return $value; diff --git a/core/modules/views/tests/modules/views_test_data/lib/Drupal/views_test_data/Plugin/views/display/DisplayTest.php b/core/modules/views/tests/modules/views_test_data/lib/Drupal/views_test_data/Plugin/views/display/DisplayTest.php index a297fc3..1447c67 100644 --- a/core/modules/views/tests/modules/views_test_data/lib/Drupal/views_test_data/Plugin/views/display/DisplayTest.php +++ b/core/modules/views/tests/modules/views_test_data/lib/Drupal/views_test_data/Plugin/views/display/DisplayTest.php @@ -7,6 +7,7 @@ namespace Drupal\views_test_data\Plugin\views\display; +use Drupal\Component\Utility\Xss; use Drupal\views\Plugin\views\display\DisplayPluginBase; /** @@ -124,7 +125,7 @@ public function execute() { $render = $this->view->render(); // Render the test option as the title before the view output. - $render['#prefix'] = '

' . filter_xss_admin($this->options['test_option']) . '

'; + $render['#prefix'] = '

' . Xss::filterAdmin($this->options['test_option']) . '

'; return $render; } diff --git a/core/modules/views/views.theme.inc b/core/modules/views/views.theme.inc index ffca581..7667d12 100644 --- a/core/modules/views/views.theme.inc +++ b/core/modules/views/views.theme.inc @@ -62,7 +62,7 @@ function template_preprocess_views_view(&$variables) { // @todo: Figure out whether this belongs into views_ui_preprocess_views_view. // Render title for the admin preview. - $variables['title'] = !empty($view->views_ui_context) ? filter_xss_admin($view->getTitle()) : ''; + $variables['title'] = !empty($view->views_ui_context) ? Xss::filterAdmin($view->getTitle()) : ''; if ($view->display_handler->renderPager()) { $exposed_input = isset($view->exposed_raw_input) ? $view->exposed_raw_input : NULL; @@ -227,7 +227,7 @@ function template_preprocess_views_view_fields(&$variables) { } if (!empty($variables['options']['separator']) && $previous_inline && $object->inline && $object->content) { - $object->separator = filter_xss_admin($variables['options']['separator']); + $object->separator = Xss::filterAdmin($variables['options']['separator']); } $object->class = drupal_clean_css_identifier($id); @@ -475,7 +475,7 @@ function template_preprocess_views_view_summary_unformatted(&$variables) { foreach ($variables['rows'] as $id => $row) { // Only false on first time. if ($count++) { - $variables['rows'][$id]->separator = filter_xss_admin($variables['options']['separator']); + $variables['rows'][$id]->separator = Xss::filterAdmin($variables['options']['separator']); } $variables['rows'][$id]->attributes = array(); $variables['rows'][$id]->link = $argument->summaryName($row); @@ -665,7 +665,7 @@ function template_preprocess_views_view_table(&$variables) { // Place the field into the column, along with an optional separator. if (!empty($column_reference['content'])) { if (!empty($options['info'][$column]['separator'])) { - $column_reference['content'] .= filter_xss_admin($options['info'][$column]['separator']); + $column_reference['content'] .= Xss::filterAdmin($options['info'][$column]['separator']); } } else { diff --git a/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php b/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php index 9d3b6bd..334a239 100644 --- a/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php +++ b/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php @@ -12,6 +12,7 @@ use Drupal\Core\Ajax\ReplaceCommand; use Drupal\Component\Utility\NestedArray; use Drupal\Component\Utility\String; +use Drupal\Component\Utility\Xss; use Drupal\user\TempStoreFactory; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\DependencyInjection\ContainerInterface; @@ -1044,7 +1045,7 @@ public function getFormBucket(ViewUI $view, $type, $display) { $field_name = '(' . $relationships[$field['relationship']] . ') ' . $field_name; } - $description = filter_xss_admin($handler->adminSummary()); + $description = Xss::filterAdmin($handler->adminSummary()); $link_text = $field_name . (empty($description) ? '' : " ($description)"); $link_attributes = array('class' => array('views-ajax-link')); if (!empty($field['exclude'])) { diff --git a/core/modules/views_ui/lib/Drupal/views_ui/ViewUI.php b/core/modules/views_ui/lib/Drupal/views_ui/ViewUI.php index 965f676..1773633 100644 --- a/core/modules/views_ui/lib/Drupal/views_ui/ViewUI.php +++ b/core/modules/views_ui/lib/Drupal/views_ui/ViewUI.php @@ -9,6 +9,7 @@ use Drupal\Component\Utility\String; use Drupal\Component\Utility\Timer; +use Drupal\Component\Utility\Xss; use Drupal\views\Views; use Drupal\Core\Entity\EntityStorageControllerInterface; use Drupal\views\ViewExecutable; @@ -670,7 +671,7 @@ public function renderPreview($display_id, $args = array()) { } } if ($show_info) { - $rows['query'][] = array('' . t('Title') . '', filter_xss_admin($this->executable->getTitle())); + $rows['query'][] = array('' . t('Title') . '', Xss::filterAdmin($this->executable->getTitle())); if (isset($path)) { $path = l($path, $path); } diff --git a/core/themes/bartik/bartik.theme b/core/themes/bartik/bartik.theme index 59133a5..25bc428 100644 --- a/core/themes/bartik/bartik.theme +++ b/core/themes/bartik/bartik.theme @@ -5,6 +5,7 @@ * Functions to support theming in the Bartik theme. */ +use Drupal\Component\Utility\Xss; use Drupal\Core\Template\RenderWrapper; /** @@ -190,6 +191,6 @@ function _bartik_process_page(&$variables) { } if ($variables['hide_site_slogan']) { // If toggle_site_slogan is FALSE, the site_slogan will be empty, so we rebuild it. - $variables['site_slogan'] = filter_xss_admin($site_config->get('slogan')); + $variables['site_slogan'] = Xss::filterAdmin($site_config->get('slogan')); } } diff --git a/core/themes/seven/seven.theme b/core/themes/seven/seven.theme index 409632b..9abecef 100644 --- a/core/themes/seven/seven.theme +++ b/core/themes/seven/seven.theme @@ -7,6 +7,7 @@ use Drupal\Core\Template\RenderWrapper; use Drupal\Component\Utility\String; +use Drupal\Component\Utility\Xss; /** * Implements hook_library_info(). @@ -158,7 +159,7 @@ function seven_node_add_list($variables) { foreach ($content as $type) { $output .= '
  • '; $content = '' . check_plain($type->name) . ''; - $content .= '
    ' . filter_xss_admin($type->description) . '
    '; + $content .= '
    ' . Xss::filterAdmin($type->description) . '
    '; $options['html'] = TRUE; $output .= l($content, 'node/add/' . $type->type, $options); $output .= '
    • '; @@ -183,7 +184,7 @@ function seven_custom_block_add_list($variables) { foreach ($variables['types'] as $id => $type) { $output .= '
  • '; $content = '' . check_plain($type['title']) . ''; - $content .= '
    ' . filter_xss_admin($type['description']) . '
    '; + $content .= '
    ' . Xss::filterAdmin($type['description']) . '
    '; $options = $type['localized_options']; $options['html'] = TRUE; $output .= \Drupal::l($content, 'custom_block.add_form', array('custom_block_type' => $id), $options); @@ -206,11 +207,11 @@ function seven_admin_block_content($variables) { $output = system_admin_compact_mode() ? '