? common_set_failures.patch
Index: includes/coder_security.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/coder/includes/coder_security.inc,v
retrieving revision 1.15.2.17
diff -u -p -r1.15.2.17 coder_security.inc
--- includes/coder_security.inc	27 Sep 2008 16:59:30 -0000	1.15.2.17
+++ includes/coder_security.inc	30 Oct 2008 23:53:37 -0000
@@ -16,6 +16,20 @@ function coder_security_reviews() {
   $rules = array(
     array(
       '#type' => 'regex',
+      '#value' => 'drupal_set_title\(.*\$',
+      '#never' => 'drupal_set_title\(.*?array\(.*$',
+      '#source' => 'allphp',
+      '#warning_callback' => '_coder_security_drupal_set_title_filter_warning',
+    ),
+    array(
+      '#type' => 'regex',
+      '#value' => 'drupal_set_message\(.*\$',
+      '#never' => 'drupal_set_message\(.*?array\(.*$',
+      '#source' => 'allphp',
+      '#warning_callback' => '_coder_security_drupal_set_message_filter_warning',
+    ),
+    array(
+      '#type' => 'regex',
       '#value' => 'l\(check_plain\(.*',
       '#never' => '[\'"]html[\'"]\s*=>\s*(TRUE|1)',
       '#source' => 'allphp',
@@ -77,6 +91,26 @@ function coder_security_reviews() {
  * Define the warning callbacks.
  */
 
+function _coder_security_drupal_set_title_filter_warning() {
+  return t('!drupal_set_title() only accepts filtered text, be sure to use !check_plain() or !filter_xss_admin() or similar.',
+    array(
+      '!drupal_set_title' => theme('drupalapi', 'drupal_set_title'),
+      '!check_plain' => theme('drupalapi', 'check_plain'),
+      '!filter_xss_admin' => theme('drupalapi', 'filter_xss_admin'),
+    )
+  );
+}
+
+function _coder_security_drupal_set_message_filter_warning() {
+  return t('!drupal_set_message() only accepts filtered text, be sure to use !check_plain() or !filter_xss_admin() or similar.',
+    array(
+      '!drupal_set_message' => theme('drupalapi', 'drupal_set_message'),
+      '!check_plain' => theme('drupalapi', 'check_plain'),
+      '!filter_xss_admin' => theme('drupalapi', 'filter_xss_admin'),
+    )
+  );
+}
+
 function _coder_security_l_check_plain_warning() {
   return t('!l() already contains a !check_plain() call by default',
     array(