';
- $output .= check_plain($style['name']) . ' (' . l(t('view actual size'), file_create_url($preview_file) . '?' . time()) . ')';
+ $output .= htmlspecialchars($style['name'], ENT_QUOTES) . ' (' . l(t('view actual size'), file_create_url($preview_file) . '?' . time()) . ')';
$output .= '
';
$output .= '
' . theme('image', file_create_url($preview_file) . '?' . time(), t('Sample modified image'), '', $preview_attributes, FALSE) . '';
$output .= '
' . $preview_image['height'] . 'px
';
@@ -749,7 +749,7 @@ function theme_image_anchor($element) {
*/
function theme_image_resize_summary($data) {
if ($data['width'] && $data['height']) {
- return check_plain($data['width']) . 'x' . check_plain($data['height']);
+ return htmlspecialchars($data['width'], ENT_QUOTES) . 'x' . htmlspecialchars($data['height'], ENT_QUOTES);
}
else {
return ($data['width']) ? t('width @width', array('@width' => $data['width'])) : t('height @height', array('@height' => $data['height']));
Index: modules/menu/menu.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/menu/menu.admin.inc,v
retrieving revision 1.55
diff -u -p -r1.55 menu.admin.inc
--- modules/menu/menu.admin.inc 22 Aug 2009 23:18:28 -0000 1.55
+++ modules/menu/menu.admin.inc 24 Aug 2009 01:29:29 -0000
@@ -28,7 +28,7 @@ function menu_overview_page() {
* Theme the menu title and description for admin page
*/
function theme_menu_admin_overview($title, $name, $description) {
- $output = check_plain($title);
+ $output = htmlspecialchars($title, ENT_QUOTES);
$output .= '
' . filter_xss_admin($description) . '
';
return $output;
Index: modules/menu/menu.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/menu/menu.module,v
retrieving revision 1.200
diff -u -p -r1.200 menu.module
--- modules/menu/menu.module 24 Aug 2009 00:14:21 -0000 1.200
+++ modules/menu/menu.module 24 Aug 2009 01:29:36 -0000
@@ -282,7 +282,7 @@ function menu_block_list() {
$blocks = array();
foreach ($menus as $name => $title) {
// Default "Navigation" block is handled by user.module.
- $blocks[$name]['info'] = check_plain($title);
+ $blocks[$name]['info'] = htmlspecialchars($title, ENT_QUOTES);
// Menu blocks can't be cached because each menu item can have
// a custom access callback. menu.inc manages its own caching.
$blocks[$name]['cache'] = BLOCK_NO_CACHE;
@@ -295,7 +295,7 @@ function menu_block_list() {
*/
function menu_block_view($delta = '') {
$menus = menu_get_menus(FALSE);
- $data['subject'] = check_plain($menus[$delta]);
+ $data['subject'] = htmlspecialchars($menus[$delta], ENT_QUOTES);
$data['content'] = menu_tree($delta);
return $data;
}
Index: modules/node/content_types.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/content_types.inc,v
retrieving revision 1.90
diff -u -p -r1.90 content_types.inc
--- modules/node/content_types.inc 22 Aug 2009 23:18:28 -0000 1.90
+++ modules/node/content_types.inc 24 Aug 2009 01:29:42 -0000
@@ -48,8 +48,8 @@ function node_overview_types() {
}
function theme_node_admin_overview($name, $type) {
- $output = check_plain($name);
- $output .= '
(Machine name: ' . check_plain($type->type) . ')';
+ $output = htmlspecialchars($name, ENT_QUOTES);
+ $output .= '
(Machine name: ' . htmlspecialchars($type->type, ENT_QUOTES) . ')';
$output .= '
' . filter_xss_admin($type->description) . '
';
return $output;
}
Index: modules/node/node.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.admin.inc,v
retrieving revision 1.63
diff -u -p -r1.63 node.admin.inc
--- modules/node/node.admin.inc 23 Aug 2009 04:37:52 -0000 1.63
+++ modules/node/node.admin.inc 24 Aug 2009 01:30:02 -0000
@@ -448,7 +448,7 @@ function node_admin_nodes() {
$nodes[$node->nid] = '';
$options = empty($node->language) ? array() : array('language' => $languages[$node->language]);
$form['title'][$node->nid] = array('#markup' => l($node->title, 'node/' . $node->nid, $options) . ' ' . theme('mark', node_mark($node->nid, $node->changed)));
- $form['name'][$node->nid] = array('#markup' => check_plain(node_type_get_name($node)));
+ $form['name'][$node->nid] = array('#markup' => htmlspecialchars(node_type_get_name($node), ENT_QUOTES));
$form['username'][$node->nid] = array('#markup' => theme('username', $node));
$form['status'][$node->nid] = array('#markup' => ($node->status ? t('published') : t('not published')));
$form['changed'][$node->nid] = array('#markup' => format_date($node->changed, 'small'));
@@ -564,7 +564,7 @@ function node_multiple_delete_confirm(&$
'#type' => 'hidden',
'#value' => $nid,
'#prefix' => '
',
- '#suffix' => check_plain($title) . "\n",
+ '#suffix' => htmlspecialchars($title, ENT_QUOTES) . "\n",
);
}
$form['operation'] = array('#type' => 'hidden', '#value' => 'delete');
Index: modules/node/node.api.php
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.api.php,v
retrieving revision 1.36
diff -u -p -r1.36 node.api.php
--- modules/node/node.api.php 20 Aug 2009 10:56:33 -0000 1.36
+++ modules/node/node.api.php 24 Aug 2009 01:30:09 -0000
@@ -486,7 +486,7 @@ function hook_node_update_index($node) {
$text = '';
$comments = db_query('SELECT subject, comment, format FROM {comment} WHERE nid = :nid AND status = :status', array(':nid' => $node->nid, ':status' => COMMENT_PUBLISHED));
foreach ($comments as $comment) {
- $text .= '
' . check_plain($comment->subject) . '
' . check_markup($comment->comment, $comment->format);
+ $text .= '
' . htmlspecialchars($comment->subject, ENT_QUOTES) . '
' . check_markup($comment->comment, $comment->format);
}
return $text;
}
@@ -800,12 +800,12 @@ function hook_form($node, $form_state) {
$form['title'] = array(
'#type' => 'textfield',
- '#title' => check_plain($type->title_label),
+ '#title' => htmlspecialchars($type->title_label, ENT_QUOTES),
'#required' => TRUE,
);
$form['body'] = array(
'#type' => 'textarea',
- '#title' => check_plain($type->body_label),
+ '#title' => htmlspecialchars($type->body_label, ENT_QUOTES),
'#rows' => 20,
'#required' => TRUE,
);
Index: modules/node/node.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.module,v
retrieving revision 1.1110
diff -u -p -r1.1110 node.module
--- modules/node/node.module 24 Aug 2009 00:14:21 -0000 1.1110
+++ modules/node/node.module 24 Aug 2009 01:30:27 -0000
@@ -1261,7 +1261,7 @@ function template_preprocess_node(&$vari
$variables['date'] = format_date($node->created);
$variables['name'] = theme('username', $node);
$variables['node_url'] = url('node/' . $node->nid);
- $variables['title'] = check_plain($node->title);
+ $variables['title'] = htmlspecialchars($node->title, ENT_QUOTES);
$variables['page'] = (bool)menu_get_object();
if (!empty($node->in_preview)) {
@@ -1515,7 +1515,7 @@ function node_search($op = 'search', $ke
$results[] = array(
'link' => url('node/' . $item->sid, array('absolute' => TRUE)),
- 'type' => check_plain(node_type_get_name($node)),
+ 'type' => htmlspecialchars(node_type_get_name($node), ENT_QUOTES),
'title' => $node->title,
'user' => theme('username', $node),
'date' => $node->changed,
@@ -2110,7 +2110,7 @@ function _node_index_node($node) {
$node = node_build_content($node, 'search_index');
$node->rendered = drupal_render($node->content);
- $text = '
' . check_plain($node->title) . '
' . $node->rendered;
+ $text = '
' . htmlspecialchars($node->title, ENT_QUOTES) . '
' . $node->rendered;
// Fetch extra data normally not visible
$extra = module_invoke_all('node_update_index', $node);
@@ -2419,7 +2419,7 @@ function node_node_access($node, $op, $a
*/
function node_list_permissions($type) {
$info = node_type_get_type($type);
- $type = check_plain($info->type);
+ $type = htmlspecialchars($info->type, ENT_QUOTES);
// Build standard list of node permissions for this type.
$perms = array(
@@ -2912,7 +2912,7 @@ function node_content_form($node, $form_
if ($type->has_title) {
$form['title'] = array(
'#type' => 'textfield',
- '#title' => check_plain($type->title_label),
+ '#title' => htmlspecialchars($type->title_label, ENT_QUOTES),
'#required' => TRUE,
'#default_value' => $node->title,
'#maxlength' => 255,
Index: modules/node/node.tokens.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.tokens.inc,v
retrieving revision 1.2
diff -u -p -r1.2 node.tokens.inc
--- modules/node/node.tokens.inc 23 Aug 2009 13:02:38 -0000 1.2
+++ modules/node/node.tokens.inc 24 Aug 2009 01:30:36 -0000
@@ -130,11 +130,11 @@ function node_tokens($type, $tokens, arr
break;
case 'name':
- $replacements[$original] = $sanitize ? check_plain($node->name) : $node->name;
+ $replacements[$original] = $sanitize ? htmlspecialchars($node->name, ENT_QUOTES) : $node->name;
break;
case 'title':
- $replacements[$original] = $sanitize ? check_plain($node->title) : $node->title;
+ $replacements[$original] = $sanitize ? htmlspecialchars($node->title, ENT_QUOTES) : $node->title;
break;
case 'body':
@@ -150,16 +150,16 @@ function node_tokens($type, $tokens, arr
break;
case 'type':
- $replacements[$original] = $sanitize ? check_plain($node->type) : $node->type;
+ $replacements[$original] = $sanitize ? htmlspecialchars($node->type, ENT_QUOTES) : $node->type;
break;
case 'type-name':
$type_name = node_get_types('name', $node->type);
- $replacements[$original] = $sanitize ? check_plain($type_name) : $type_name;
+ $replacements[$original] = $sanitize ? htmlspecialchars($type_name, ENT_QUOTES) : $type_name;
break;
case 'language':
- $replacements[$original] = $sanitize ? check_plain($node->language) : $node->language;
+ $replacements[$original] = $sanitize ? htmlspecialchars($node->language, ENT_QUOTES) : $node->language;
break;
case 'url':
Index: modules/openid/openid.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/openid/openid.pages.inc,v
retrieving revision 1.19
diff -u -p -r1.19 openid.pages.inc
--- modules/openid/openid.pages.inc 29 Jul 2009 06:39:34 -0000 1.19
+++ modules/openid/openid.pages.inc 24 Aug 2009 01:30:42 -0000
@@ -50,7 +50,7 @@ function openid_user_identities($account
$result = db_query("SELECT * FROM {authmap} WHERE module='openid' AND uid=:uid", array(':uid' => $account->uid));
foreach ($result as $identity) {
- $rows[] = array(check_plain($identity->authname), l(t('Delete'), 'user/' . $account->uid . '/openid/delete/' . $identity->aid));
+ $rows[] = array(htmlspecialchars($identity->authname, ENT_QUOTES), l(t('Delete'), 'user/' . $account->uid . '/openid/delete/' . $identity->aid));
}
$build['openid_table'] = array(
Index: modules/poll/poll.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/poll/poll.module,v
retrieving revision 1.310
diff -u -p -r1.310 poll.module
--- modules/poll/poll.module 24 Aug 2009 00:14:21 -0000 1.310
+++ modules/poll/poll.module 24 Aug 2009 01:30:53 -0000
@@ -224,7 +224,7 @@ function poll_form($node, $form_state) {
$form['title'] = array(
'#type' => 'textfield',
- '#title' => check_plain($type->title_label),
+ '#title' => htmlspecialchars($type->title_label, ENT_QUOTES),
'#required' => TRUE,
'#default_value' => $node->title,
'#weight' => -5,
@@ -614,7 +614,7 @@ function poll_teaser($node) {
if (is_array($node->choice)) {
foreach ($node->choice as $k => $choice) {
if ($choice['chtext'] != '') {
- $teaser .= '* ' . check_plain($choice['chtext']) . "\n";
+ $teaser .= '* ' . htmlspecialchars($choice['chtext'], ENT_QUOTES) . "\n";
}
}
}
@@ -632,7 +632,7 @@ function poll_view_voting(&$form_state,
if ($node->choice) {
$list = array();
foreach ($node->choice as $i => $choice) {
- $list[$i] = check_plain($choice['chtext']);
+ $list[$i] = htmlspecialchars($choice['chtext'], ENT_QUOTES);
}
$form['choice'] = array(
'#type' => 'radios',
@@ -706,7 +706,7 @@ function poll_vote($form, &$form_state)
function template_preprocess_poll_vote(&$variables) {
$form = $variables['form'];
$variables['choice'] = drupal_render($form['choice']);
- $variables['title'] = check_plain($form['#node']->title);
+ $variables['title'] = htmlspecialchars($form['#node']->title, ENT_QUOTES);
$variables['vote'] = drupal_render($form['vote']);
$variables['rest'] = drupal_render_children($form);
$variables['block'] = $form['#block'];
@@ -806,7 +806,7 @@ function template_preprocess_poll_result
if (isset($variables['vote']) && $variables['vote'] > -1 && user_access('cancel own vote')) {
$variables['cancel_form'] = drupal_render(drupal_get_form('poll_cancel_form', $variables['nid']));
}
- $variables['title'] = check_plain($variables['raw_title']);
+ $variables['title'] = htmlspecialchars($variables['raw_title'], ENT_QUOTES);
// If this is a block, allow a different tpl.php to be used.
if ($variables['block']) {
@@ -827,7 +827,7 @@ function template_preprocess_poll_bar(&$
if ($variables['block']) {
$variables['template_files'][] = 'poll-bar-block';
}
- $variables['title'] = check_plain($variables['title']);
+ $variables['title'] = htmlspecialchars($variables['title'], ENT_QUOTES);
$variables['percentage'] = round($variables['votes'] * 100 / max($variables['total_votes'], 1));
}
Index: modules/poll/poll.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/poll/poll.pages.inc,v
retrieving revision 1.20
diff -u -p -r1.20 poll.pages.inc
--- modules/poll/poll.pages.inc 29 Jul 2009 06:39:34 -0000 1.20
+++ modules/poll/poll.pages.inc 24 Aug 2009 01:31:02 -0000
@@ -72,8 +72,8 @@ function poll_votes($node) {
$rows = array();
foreach ($queried_votes as $vote) {
$rows[] = array(
- $vote->name ? theme('username', $vote) : check_plain($vote->hostname),
- check_plain($vote->chtext),
+ $vote->name ? theme('username', $vote) : htmlspecialchars($vote->hostname, ENT_QUOTES),
+ htmlspecialchars($vote->chtext, ENT_QUOTES),
format_date($vote->timestamp),
);
}
Index: modules/profile/profile.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/profile/profile.admin.inc,v
retrieving revision 1.29
diff -u -p -r1.29 profile.admin.inc
--- modules/profile/profile.admin.inc 22 Aug 2009 14:34:21 -0000 1.29
+++ modules/profile/profile.admin.inc 24 Aug 2009 01:31:09 -0000
@@ -22,8 +22,8 @@ function profile_admin_overview() {
$categories[] = $field->category;
// Save all field information
- $form[$field->fid]['name'] = array('#markup' => check_plain($field->name));
- $form[$field->fid]['title'] = array('#markup' => check_plain($field->title));
+ $form[$field->fid]['name'] = array('#markup' => htmlspecialchars($field->name, ENT_QUOTES));
+ $form[$field->fid]['title'] = array('#markup' => htmlspecialchars($field->title, ENT_QUOTES));
$form[$field->fid]['type'] = array('#markup' => $field->type);
$form[$field->fid]['category'] = array('#type' => 'select', '#default_value' => $field->category, '#options' => array());
$form[$field->fid]['weight'] = array('#type' => 'weight', '#default_value' => $field->weight);
@@ -422,7 +422,7 @@ function profile_admin_settings_autocomp
$matches = array();
$result = db_query_range("SELECT category FROM {profile_field} WHERE LOWER(category) LIKE LOWER(:category)", array(':category' => $string . '%'), 0, 10);
foreach ($result as $data) {
- $matches[$data->category] = check_plain($data->category);
+ $matches[$data->category] = htmlspecialchars($data->category, ENT_QUOTES);
}
drupal_json($matches);
}
Index: modules/profile/profile.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/profile/profile.module,v
retrieving revision 1.271
diff -u -p -r1.271 profile.module
--- modules/profile/profile.module 24 Aug 2009 00:14:21 -0000 1.271
+++ modules/profile/profile.module 24 Aug 2009 01:31:24 -0000
@@ -149,7 +149,7 @@ function profile_block_configure($delta
$fields = array();
$result = db_query('SELECT name, title, weight, visibility FROM {profile_field} WHERE visibility IN (:visibility) ORDER BY weight', array(':visibility' => array(PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS)));
foreach ($result as $record) {
- $fields[$record->name] = check_plain($record->title);
+ $fields[$record->name] = htmlspecialchars($record->title, ENT_QUOTES);
}
$fields['user_profile'] = t('Link to full user profile');
$form['profile_block_author_fields'] = array(
@@ -295,11 +295,11 @@ function profile_view_field($account, $f
return check_markup($value);
case 'textfield':
case 'selection':
- return $browse ? l($value, 'profile/' . $field->name . '/' . $value) : check_plain($value);
+ return $browse ? l($value, 'profile/' . $field->name . '/' . $value) : htmlspecialchars($value, ENT_QUOTES);
case 'checkbox':
- return $browse ? l($field->title, 'profile/' . $field->name) : check_plain($field->title);
+ return $browse ? l($field->title, 'profile/' . $field->name) : htmlspecialchars($field->title, ENT_QUOTES);
case 'url':
- return '
' . check_plain($value) . '';
+ return '
' . htmlspecialchars($value, ENT_QUOTES) . '';
case 'date':
$format = substr(variable_get('date_format_short', 'm/d/Y - H:i'), 0, 5);
// Note: Avoid PHP's date() because it does not handle dates before
@@ -320,7 +320,7 @@ function profile_view_field($account, $f
$fields = array();
foreach ($values as $value) {
if ($value = trim($value)) {
- $fields[] = $browse ? l($value, 'profile/' . $field->name . '/' . $value) : check_plain($value);
+ $fields[] = $browse ? l($value, 'profile/' . $field->name . '/' . $value) : htmlspecialchars($value, ENT_QUOTES);
}
}
return implode(', ', $fields);
@@ -343,7 +343,7 @@ function profile_user_view($account) {
$fields = array();
foreach ($result as $field) {
if ($value = profile_view_field($account, $field)) {
- $title = ($field->type != 'checkbox') ? check_plain($field->title) : NULL;
+ $title = ($field->type != 'checkbox') ? htmlspecialchars($field->title, ENT_QUOTES) : NULL;
// Create a single fieldset for each category.
if (!isset($account->content[$field->category])) {
@@ -385,13 +385,13 @@ function profile_form_profile($edit, $ac
foreach ($result as $field) {
$category = $field->category;
if (!isset($fields[$category])) {
- $fields[$category] = array('#type' => 'fieldset', '#title' => check_plain($category), '#weight' => $weight++);
+ $fields[$category] = array('#type' => 'fieldset', '#title' => htmlspecialchars($category, ENT_QUOTES), '#weight' => $weight++);
}
switch ($field->type) {
case 'textfield':
case 'url':
$fields[$category][$field->name] = array('#type' => 'textfield',
- '#title' => check_plain($field->title),
+ '#title' => htmlspecialchars($field->title, ENT_QUOTES),
'#default_value' => isset($edit[$field->name]) ? $edit[$field->name] : '',
'#maxlength' => 255,
'#description' => _profile_form_explanation($field),
@@ -403,7 +403,7 @@ function profile_form_profile($edit, $ac
break;
case 'textarea':
$fields[$category][$field->name] = array('#type' => 'textarea',
- '#title' => check_plain($field->title),
+ '#title' => htmlspecialchars($field->title, ENT_QUOTES),
'#default_value' => isset($edit[$field->name]) ? $edit[$field->name] : '',
'#description' => _profile_form_explanation($field),
'#required' => $field->required,
@@ -411,7 +411,7 @@ function profile_form_profile($edit, $ac
break;
case 'list':
$fields[$category][$field->name] = array('#type' => 'textarea',
- '#title' => check_plain($field->title),
+ '#title' => htmlspecialchars($field->title, ENT_QUOTES),
'#default_value' => isset($edit[$field->name]) ? $edit[$field->name] : '',
'#description' => _profile_form_explanation($field),
'#required' => $field->required,
@@ -419,7 +419,7 @@ function profile_form_profile($edit, $ac
break;
case 'checkbox':
$fields[$category][$field->name] = array('#type' => 'checkbox',
- '#title' => check_plain($field->title),
+ '#title' => htmlspecialchars($field->title, ENT_QUOTES),
'#default_value' => isset($edit[$field->name]) ? $edit[$field->name] : '',
'#description' => _profile_form_explanation($field),
'#required' => $field->required,
@@ -434,7 +434,7 @@ function profile_form_profile($edit, $ac
}
}
$fields[$category][$field->name] = array('#type' => 'select',
- '#title' => check_plain($field->title),
+ '#title' => htmlspecialchars($field->title, ENT_QUOTES),
'#default_value' => isset($edit[$field->name]) ? $edit[$field->name] : '',
'#options' => $options,
'#description' => _profile_form_explanation($field),
@@ -443,7 +443,7 @@ function profile_form_profile($edit, $ac
break;
case 'date':
$fields[$category][$field->name] = array('#type' => 'date',
- '#title' => check_plain($field->title),
+ '#title' => htmlspecialchars($field->title, ENT_QUOTES),
'#default_value' => isset($edit[$field->name]) ? $edit[$field->name] : '',
'#description' => _profile_form_explanation($field),
'#required' => $field->required,
@@ -534,7 +534,7 @@ function template_preprocess_profile_blo
// Supply filtered version of $fields that have values.
foreach ($variables['fields'] as $field) {
if ($field->value) {
- $variables['profile'][$field->name]->title = check_plain($field->title);
+ $variables['profile'][$field->name]->title = htmlspecialchars($field->title, ENT_QUOTES);
$variables['profile'][$field->name]->value = $field->value;
$variables['profile'][$field->name]->type = $field->type;
}
Index: modules/profile/profile.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/profile/profile.pages.inc,v
retrieving revision 1.18
diff -u -p -r1.18 profile.pages.inc
--- modules/profile/profile.pages.inc 26 May 2009 10:41:06 -0000 1.18
+++ modules/profile/profile.pages.inc 24 Aug 2009 01:31:46 -0000
@@ -77,10 +77,10 @@ function profile_browse() {
$output .= theme('pager', NULL);
if ($field->type == 'selection' || $field->type == 'list' || $field->type == 'textfield') {
- $title = strtr(check_plain($field->page), array('%value' => theme('placeholder', $value)));
+ $title = strtr(htmlspecialchars($field->page, ENT_QUOTES), array('%value' => theme('placeholder', $value)));
}
else {
- $title = check_plain($field->page);
+ $title = htmlspecialchars($field->page, ENT_QUOTES);
}
drupal_set_title($title, PASS_THROUGH);
@@ -130,7 +130,7 @@ function profile_autocomplete($field, $s
':value' => $string . '%',
), 0, 10)->fetchCol();
foreach ($values as $value) {
- $matches[$value] = check_plain($value);
+ $matches[$value] = htmlspecialchars($value, ENT_QUOTES);
}
}
Index: modules/search/search-block-form.tpl.php
===================================================================
RCS file: /cvs/drupal/drupal/modules/search/search-block-form.tpl.php,v
retrieving revision 1.3
diff -u -p -r1.3 search-block-form.tpl.php
--- modules/search/search-block-form.tpl.php 30 Dec 2008 16:43:18 -0000 1.3
+++ modules/search/search-block-form.tpl.php 24 Aug 2009 01:31:56 -0000
@@ -28,7 +28,7 @@
*
* To check for all available data within $search, use the code below.
*
- * '. check_plain(print_r($search, 1)) .''; ?>
+ * '. htmlspecialchars(print_r($search, 1), ENT_QUOTES) .''; ?>
*
* @see template_preprocess_search_block_form()
*/
Index: modules/search/search-result.tpl.php
===================================================================
RCS file: /cvs/drupal/drupal/modules/search/search-result.tpl.php,v
retrieving revision 1.4
diff -u -p -r1.4 search-result.tpl.php
--- modules/search/search-result.tpl.php 30 Dec 2008 16:43:18 -0000 1.4
+++ modules/search/search-result.tpl.php 24 Aug 2009 01:32:04 -0000
@@ -41,7 +41,7 @@
*
* To check for all available data within $info_split, use the code below.
*
- * '. check_plain(print_r($info_split, 1)) .''; ?>
+ * '. htmlspecialchars(print_r($info_split, 1), ENT_QUOTES) .''; ?>
*
* @see template_preprocess_search_result()
*/
Index: modules/search/search-theme-form.tpl.php
===================================================================
RCS file: /cvs/drupal/drupal/modules/search/search-theme-form.tpl.php,v
retrieving revision 1.3
diff -u -p -r1.3 search-theme-form.tpl.php
--- modules/search/search-theme-form.tpl.php 30 Dec 2008 16:43:18 -0000 1.3
+++ modules/search/search-theme-form.tpl.php 24 Aug 2009 01:32:09 -0000
@@ -28,7 +28,7 @@
*
* To check for all available data within $search, use the code below.
*
- * '. check_plain(print_r($search, 1)) .''; ?>
+ * '. htmlspecialchars(print_r($search, 1), ENT_QUOTES) .''; ?>
*
* @see template_preprocess_search_theme_form()
*/
Index: modules/search/search.api.php
===================================================================
RCS file: /cvs/drupal/drupal/modules/search/search.api.php,v
retrieving revision 1.11
diff -u -p -r1.11 search.api.php
--- modules/search/search.api.php 22 Jun 2009 09:10:06 -0000 1.11
+++ modules/search/search.api.php 24 Aug 2009 01:32:23 -0000
@@ -183,7 +183,7 @@ function hook_search($op = 'search', $ke
$results[] = array(
'link' => url('node/' . $item->sid, array('absolute' => TRUE)),
- 'type' => check_plain(node_type_get_name($node)),
+ 'type' => htmlspecialchars(node_type_get_name($node), ENT_QUOTES),
'title' => $node->title,
'user' => theme('username', $node),
'date' => $node->changed,
@@ -259,7 +259,7 @@ function hook_update_index() {
$node = node_build_content($node, 'search_index');
$node->rendered = drupal_render($node->content);
- $text = '
' . check_plain($node->title) . '
' . $node->rendered;
+ $text = '
' . htmlspecialchars($node->title, ENT_QUOTES) . '
' . $node->rendered;
// Fetch extra data normally not visible
$extra = module_invoke_all('node_update_index', $node);
Index: modules/search/search.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/search/search.pages.inc,v
retrieving revision 1.10
diff -u -p -r1.10 search.pages.inc
--- modules/search/search.pages.inc 29 Jul 2009 06:39:34 -0000 1.10
+++ modules/search/search.pages.inc 24 Aug 2009 01:32:29 -0000
@@ -92,11 +92,11 @@ function template_preprocess_search_resu
function template_preprocess_search_result(&$variables) {
$result = $variables['result'];
$variables['url'] = check_url($result['link']);
- $variables['title'] = check_plain($result['title']);
+ $variables['title'] = htmlspecialchars($result['title'], ENT_QUOTES);
$info = array();
if (!empty($result['type'])) {
- $info['type'] = check_plain($result['type']);
+ $info['type'] = htmlspecialchars($result['type'], ENT_QUOTES);
}
if (!empty($result['user'])) {
$info['user'] = $result['user'];
Index: modules/search/search.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/search/search.test,v
retrieving revision 1.30
diff -u -p -r1.30 search.test
--- modules/search/search.test 22 Aug 2009 00:58:54 -0000 1.30
+++ modules/search/search.test 24 Aug 2009 01:32:42 -0000
@@ -459,7 +459,7 @@ class SearchCommentTestCase extends Drup
$comment_body = $this->randomName(5);
variable_set('comment_preview_article', COMMENT_PREVIEW_OPTIONAL);
- // Enable check_plain() for 'Filtered HTML' text format.
+ // Enable htmlspecialchars() for 'Filtered HTML' text format.
$edit = array(
'filters[filter/filter_html_escape]' => 1,
);
@@ -502,7 +502,7 @@ class SearchCommentTestCase extends Drup
$this->assertText($edit_comment['subject'], t('Comment subject found in search results.'));
$this->assertText($comment_body, t('Comment body text found in search results.'));
$this->assertNoRaw(t('n/a'), t('HTML in comment body is not hidden.'));
- $this->assertNoRaw(check_plain($edit_comment['comment']), t('HTML in comment body is not escaped.'));
+ $this->assertNoRaw(htmlspecialchars($edit_comment['comment'], ENT_QUOTES), t('HTML in comment body is not escaped.'));
// Hide comments.
$this->drupalLogin($this->admin_user);
Index: modules/simpletest/drupal_web_test_case.php
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/drupal_web_test_case.php,v
retrieving revision 1.144
diff -u -p -r1.144 drupal_web_test_case.php
--- modules/simpletest/drupal_web_test_case.php 24 Aug 2009 00:14:21 -0000 1.144
+++ modules/simpletest/drupal_web_test_case.php 24 Aug 2009 01:32:52 -0000
@@ -1971,7 +1971,7 @@ class DrupalWebTestCase extends DrupalTe
*/
protected function assertRaw($raw, $message = '', $group = 'Other') {
if (!$message) {
- $message = t('Raw "@raw" found', array('@raw' => check_plain($raw)));
+ $message = t('Raw "@raw" found', array('@raw' => htmlspecialchars($raw, ENT_QUOTES)));
}
return $this->assert(strpos($this->content, $raw) !== FALSE, $message, $group);
}
@@ -1991,7 +1991,7 @@ class DrupalWebTestCase extends DrupalTe
*/
protected function assertNoRaw($raw, $message = '', $group = 'Other') {
if (!$message) {
- $message = t('Raw "@raw" not found', array('@raw' => check_plain($raw)));
+ $message = t('Raw "@raw" not found', array('@raw' => htmlspecialchars($raw, ENT_QUOTES)));
}
return $this->assert(strpos($this->content, $raw) === FALSE, $message, $group);
}
Index: modules/simpletest/tests/field_test.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/tests/field_test.module,v
retrieving revision 1.16
diff -u -p -r1.16 field_test.module
--- modules/simpletest/tests/field_test.module 22 Aug 2009 00:58:54 -0000 1.16
+++ modules/simpletest/tests/field_test.module 24 Aug 2009 01:32:56 -0000
@@ -418,7 +418,7 @@ function field_test_field_validate($obj_
*/
function field_test_field_sanitize($obj_type, $object, $field, $instance, $langcode, &$items) {
foreach ($items as $delta => $item) {
- $value = check_plain($item['value']);
+ $value = htmlspecialchars($item['value'], ENT_QUOTES);
$items[$delta]['safe'] = $value;
}
}
Index: modules/simpletest/tests/form_test.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/tests/form_test.module,v
retrieving revision 1.8
diff -u -p -r1.8 form_test.module
--- modules/simpletest/tests/form_test.module 17 Aug 2009 07:12:16 -0000 1.8
+++ modules/simpletest/tests/form_test.module 24 Aug 2009 01:33:02 -0000
@@ -360,7 +360,7 @@ function form_storage_test_form_submit($
$form_state['storage']['thing']['value'] = $form_state['values']['value'];
}
else {
- drupal_set_message("Title: ". check_plain($form_state['storage']['thing']['title']));
+ drupal_set_message("Title: ". htmlspecialchars($form_state['storage']['thing']['title'], ENT_QUOTES));
}
$form_state['storage']['step']++;
drupal_set_message("Form constructions: ". $_SESSION['constructions']);
Index: modules/statistics/statistics.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/statistics/statistics.admin.inc,v
retrieving revision 1.29
diff -u -p -r1.29 statistics.admin.inc
--- modules/statistics/statistics.admin.inc 22 Aug 2009 14:34:21 -0000 1.29
+++ modules/statistics/statistics.admin.inc 24 Aug 2009 01:33:24 -0000
@@ -209,7 +209,7 @@ function statistics_access_log($aid) {
array('data' => t('URL'), 'header' => TRUE),
l(url($access->path, array('absolute' => TRUE)), $access->path)
);
- // It is safe to avoid filtering $access->title through check_plain because
+ // It is safe to avoid filtering $access->title through htmlspecialchars() because
// it comes from drupal_get_title().
$rows[] = array(
array('data' => t('Title'), 'header' => TRUE),
@@ -229,7 +229,7 @@ function statistics_access_log($aid) {
);
$rows[] = array(
array('data' => t('Hostname'), 'header' => TRUE),
- check_plain($access->hostname)
+ htmlspecialchars($access->hostname, ENT_QUOTES),
);
$build['statistics_table'] = array(
Index: modules/system/system.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.install,v
retrieving revision 1.379
diff -u -p -r1.379 system.install
--- modules/system/system.install 24 Aug 2009 00:14:22 -0000 1.379
+++ modules/system/system.install 24 Aug 2009 01:33:31 -0000
@@ -1570,7 +1570,7 @@ function system_update_7003() {
$ret[] = update_sql("INSERT INTO {blocked_ips} (ip) VALUES ('$blocked->mask')");
}
else {
- $invalid_host = check_plain($blocked->mask);
+ $invalid_host = htmlspecialchars($blocked->mask, ENT_QUOTES);
$ret[] = array('success' => TRUE, 'query' => 'The host ' . $invalid_host . ' is no longer blocked because it is not a valid IP address.');
}
}
@@ -1917,7 +1917,7 @@ function system_update_7013() {
$timezone = 'UTC';
}
variable_set('date_default_timezone', $timezone);
- drupal_set_message('The default time zone has been set to
' . check_plain($timezone) . '. Please check the ' . l('date and time configuration page', 'admin/config/regional/settings') . ' to configure it correctly.', 'warning');
+ drupal_set_message('The default time zone has been set to
' . htmlspecialchars($timezone, ENT_QUOTES) . '. Please check the ' . l('date and time configuration page', 'admin/config/regional/settings') . ' to configure it correctly.', 'warning');
return $ret;
}
Index: modules/system/system.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.module,v
retrieving revision 1.766
diff -u -p -r1.766 system.module
--- modules/system/system.module 24 Aug 2009 00:14:22 -0000 1.766
+++ modules/system/system.module 24 Aug 2009 01:33:43 -0000
@@ -19,7 +19,7 @@ define('DRUPAL_CORE_COMPATIBILITY', '7.x
/**
* Minimum supported version of PHP.
*/
-define('DRUPAL_MINIMUM_PHP', '5.2.0');
+define('DRUPAL_MINIMUM_PHP', '5.2.5');
/**
* Minimum recommended value of PHP memory_limit.
@@ -2256,7 +2256,7 @@ function _system_sort_requirements($a, $
* Note - if the parameters $question, $description, $yes, or $no could contain
* any user input (such as node titles or taxonomy terms), it is the
* responsibility of the code calling confirm_form() to sanitize them first with
- * a function like check_plain() or filter_xss().
+ * a function like htmlspecialchars() or filter_xss().
*
* @ingroup forms
* @param $form
@@ -2722,7 +2722,7 @@ function system_actions_delete_form_subm
$aid = $form_state['values']['aid'];
$action = actions_load($aid);
actions_delete($aid);
- $description = check_plain($action->description);
+ $description = htmlspecialchars($action->description, ENT_QUOTES);
watchdog('user', 'Deleted action %aid (%action)', array('%aid' => $aid, '%action' => $description));
drupal_set_message(t('Action %action was deleted', array('%action' => $description)));
$form_state['redirect'] = 'admin/settings/actions/manage';
Index: modules/system/system.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.test,v
retrieving revision 1.71
diff -u -p -r1.71 system.test
--- modules/system/system.test 23 Aug 2009 13:02:38 -0000 1.71
+++ modules/system/system.test 24 Aug 2009 01:34:17 -0000
@@ -838,7 +838,7 @@ class PageTitleFiltering extends DrupalW
$node = $this->drupalGetNodeByTitle($edit['title']);
$this->assertNotNull($node, 'Node created and found in database');
$this->drupalGet("node/" . $node->nid);
- $this->assertText(check_plain($edit['title']), 'Check to make sure tags in the node title are converted.');
+ $this->assertText(htmlspecialchars($edit['title'], ENT_QUOTES), 'Check to make sure tags in the node title are converted.');
}
}
@@ -1221,10 +1221,10 @@ class TokenReplaceTestCase extends Drupa
$source .= '[date:small]'; // Small date format of REQUEST_TIME
$source .= '[bogus:token]'; // Nonexistent token, should be untouched
- $target = check_plain($node->title);
- $target .= check_plain($account->name);
+ $target = htmlspecialchars($node->title, ENT_QUOTES);
+ $target .= htmlspecialchars($account->name, ENT_QUOTES);
$target .= format_interval(REQUEST_TIME - $node->created, 2);
- $target .= check_plain($user->name);
+ $target .= htmlspecialchars($user->name, ENT_QUOTES);
$target .= '[user:name]';
$target .= format_date(REQUEST_TIME, 'small');
$target .= '[bogus:token]';
@@ -1239,7 +1239,7 @@ class TokenReplaceTestCase extends Drupa
$raw_tokens = array('title' => '[node:title]');
$generated = token_generate('node', $raw_tokens, array('node' => $node));
- $this->assertFalse(strcmp($generated['[node:title]'], check_plain($node->title)), t('Token sanitized.'));
+ $this->assertFalse(strcmp($generated['[node:title]'], htmlspecialchars($node->title, ENT_QUOTES)), t('Token sanitized.'));
$generated = token_generate('node', $raw_tokens, array('node' => $node), array('sanitize' => FALSE));
$this->assertFalse(strcmp($generated['[node:title]'], $node->title), t('Unsanitized token generated properly.'));
Index: modules/system/system.tokens.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.tokens.inc,v
retrieving revision 1.1
diff -u -p -r1.1 system.tokens.inc
--- modules/system/system.tokens.inc 19 Aug 2009 20:19:37 -0000 1.1
+++ modules/system/system.tokens.inc 24 Aug 2009 01:34:25 -0000
@@ -160,12 +160,12 @@ function system_tokens($type, $tokens, a
switch ($name) {
case 'name':
$site_name = variable_get('site_name', 'Drupal');
- $replacements[$original] = $sanitize ? check_plain($site_name) : $site_name;
+ $replacements[$original] = $sanitize ? htmlspecialchars($site_name, ENT_QUOTES) : $site_name;
break;
case 'slogan':
$slogan = variable_get('site_slogan', '');
- $replacements[$original] = $sanitize ? check_plain($slogan) : $slogan;
+ $replacements[$original] = $sanitize ? htmlspecialchars($slogan, ENT_QUOTES) : $slogan;
break;
case 'mission':
@@ -248,7 +248,7 @@ function system_tokens($type, $tokens, a
// Essential file data
case 'name':
- $replacements[$original] = $sanitize ? check_plain($file->filename) : $file->filename;
+ $replacements[$original] = $sanitize ? htmlspecialchars($file->filename, ENT_QUOTES) : $file->filename;
break;
case 'description':
Index: modules/taxonomy/taxonomy.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/taxonomy/taxonomy.admin.inc,v
retrieving revision 1.66
diff -u -p -r1.66 taxonomy.admin.inc
--- modules/taxonomy/taxonomy.admin.inc 23 Aug 2009 01:05:12 -0000 1.66
+++ modules/taxonomy/taxonomy.admin.inc 24 Aug 2009 01:34:33 -0000
@@ -20,10 +20,10 @@ function taxonomy_overview_vocabularies(
$types = array();
foreach ($vocabulary->nodes as $type) {
$node_type = node_type_get_name($type);
- $types[] = $node_type ? check_plain($node_type) : check_plain($type);
+ $types[] = $node_type ? htmlspecialchars($node_type, ENT_QUOTES) : htmlspecialchars($type, ENT_QUOTES);
}
$form[$vocabulary->vid]['#vocabulary'] = $vocabulary;
- $form[$vocabulary->vid]['name'] = array('#markup' => check_plain($vocabulary->name));
+ $form[$vocabulary->vid]['name'] = array('#markup' => htmlspecialchars($vocabulary->name, ENT_QUOTES));
$form[$vocabulary->vid]['types'] = array('#markup' => implode(', ', $types));
$form[$vocabulary->vid]['weight'] = array('#type' => 'weight', '#delta' => 10, '#default_value' => $vocabulary->weight);
$form[$vocabulary->vid]['edit'] = array('#markup' => l(t('edit vocabulary'), "admin/structure/taxonomy/$vocabulary->vid"));
Index: modules/taxonomy/taxonomy.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/taxonomy/taxonomy.module,v
retrieving revision 1.503
diff -u -p -r1.503 taxonomy.module
--- modules/taxonomy/taxonomy.module 24 Aug 2009 00:14:22 -0000 1.503
+++ modules/taxonomy/taxonomy.module 24 Aug 2009 01:34:47 -0000
@@ -307,7 +307,7 @@ function taxonomy_menu() {
* Return the vocabulary name given the vocabulary object.
*/
function taxonomy_admin_vocabulary_title_callback($vocabulary) {
- return check_plain($vocabulary->name);
+ return htmlspecialchars($vocabulary->name, ENT_QUOTES);
}
/**
@@ -605,7 +605,7 @@ function taxonomy_terms_static_reset() {
* @param $help
* Optional help text to use for the form element. If specified, this value
* MUST be properly sanitized and filtered (e.g. with filter_xss_admin() or
- * check_plain() if it is user-supplied) to prevent XSS vulnerabilities. If
+ * htmlspecialchars() if it is user-supplied) to prevent XSS vulnerabilities. If
* omitted, the help text stored with the vocaulary (if any) will be used.
* @return
* An array describing a form element to select terms for a vocabulary.
@@ -624,7 +624,7 @@ function taxonomy_form($vid, $value = 0,
$blank = ($vocabulary->required) ? 0 : t('- None -');
}
- return _taxonomy_term_select(check_plain($vocabulary->name), $value, $vid, $help, intval($vocabulary->multiple), $blank);
+ return _taxonomy_term_select(htmlspecialchars($vocabulary->name, ENT_QUOTES), $value, $vid, $help, intval($vocabulary->multiple), $blank);
}
/**
@@ -2130,7 +2130,7 @@ function _taxonomy_clean_field_cache($te
* The term name to be used as the page title.
*/
function taxonomy_term_title($term) {
- return check_plain($term->name);
+ return htmlspecialchars($term->name, ENT_QUOTES);
}
/**
Index: modules/taxonomy/taxonomy.tokens.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/taxonomy/taxonomy.tokens.inc,v
retrieving revision 1.1
diff -u -p -r1.1 taxonomy.tokens.inc
--- modules/taxonomy/taxonomy.tokens.inc 19 Aug 2009 20:19:37 -0000 1.1
+++ modules/taxonomy/taxonomy.tokens.inc 24 Aug 2009 01:35:05 -0000
@@ -111,7 +111,7 @@ function taxonomy_tokens($type, $tokens,
break;
case 'name':
- $replacements[$original] = $sanitize ? check_plain($term->name) : $term->name;
+ $replacements[$original] = $sanitize ? htmlspecialchars($term->name, ENT_QUOTES) : $term->name;
break;
case 'description':
@@ -130,13 +130,13 @@ function taxonomy_tokens($type, $tokens,
case 'vocabulary':
$vocabulary = taxonomy_vocabulary_load($term->vid);
- $replacements[$original] = check_plain($vocabulary->name);
+ $replacements[$original] = htmlspecialchars($vocabulary->name, ENT_QUOTES);
break;
case 'parent':
$parents = taxonomy_get_parents($term->tid);
$parent = array_pop($parents);
- $replacements[$original] = check_plain($parent->name);
+ $replacements[$original] = htmlspecialchars($parent->name, ENT_QUOTES);
break;
}
}
@@ -163,7 +163,7 @@ function taxonomy_tokens($type, $tokens,
break;
case 'name':
- $replacements[$original] = $sanitize ? check_plain($vocabulary->name) : $vocabulary->name;
+ $replacements[$original] = $sanitize ? htmlspecialchars($vocabulary->name, ENT_QUOTES) : $vocabulary->name;
break;
case 'description':
Index: modules/tracker/tracker.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/tracker/tracker.pages.inc,v
retrieving revision 1.23
diff -u -p -r1.23 tracker.pages.inc
--- modules/tracker/tracker.pages.inc 22 Aug 2009 14:34:23 -0000 1.23
+++ modules/tracker/tracker.pages.inc 24 Aug 2009 01:35:12 -0000
@@ -56,7 +56,7 @@ function tracker_page($account = NULL, $
}
$rows[] = array(
- check_plain(node_type_get_name($node->type)),
+ htmlspecialchars(node_type_get_name($node->type), ENT_QUOTES),
l($node->title, "node/$node->nid") . ' ' . theme('mark', node_mark($node->nid, $node->changed)),
theme('username', $node),
array('class' => array('replies'), 'data' => $comments),
Index: modules/trigger/trigger.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/trigger/trigger.admin.inc,v
retrieving revision 1.15
diff -u -p -r1.15 trigger.admin.inc
--- modules/trigger/trigger.admin.inc 22 Aug 2009 15:35:36 -0000 1.15
+++ modules/trigger/trigger.admin.inc 24 Aug 2009 01:35:20 -0000
@@ -87,7 +87,7 @@ function trigger_unassign_submit($form,
->condition('aid', $aid)
->execute();
$actions = actions_get_all_actions();
- watchdog('actions', 'Action %action has been unassigned.', array('%action' => check_plain($actions[$aid]['description'])));
+ watchdog('actions', 'Action %action has been unassigned.', array('%action' => htmlspecialchars($actions[$aid]['description'], ENT_QUOTES)));
drupal_set_message(t('Action %action has been unassigned.', array('%action' => $actions[$aid]['description'])));
$hook = $form_values['hook'] == 'node' ? 'node' : $form_values['hook'];
$form_state['redirect'] = 'admin/structure/trigger/' . $hook;
Index: modules/update/update.report.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/update/update.report.inc,v
retrieving revision 1.20
diff -u -p -r1.20 update.report.inc
--- modules/update/update.report.inc 24 Aug 2009 00:42:34 -0000 1.20
+++ modules/update/update.report.inc 24 Aug 2009 01:35:29 -0000
@@ -84,7 +84,7 @@ function theme_update_report($data) {
$row .= '
' . t('Up to date') . '';
break;
default:
- $row .= check_plain($project['reason']);
+ $row .= htmlspecialchars($project['reason'], ENT_QUOTES);
break;
}
$row .= '
' . $icon . '';
@@ -96,13 +96,13 @@ function theme_update_report($data) {
$row .= l($project['title'], $project['link']);
}
else {
- $row .= check_plain($project['title']);
+ $row .= htmlspecialchars($project['title'], ENT_QUOTES);
}
}
else {
- $row .= check_plain($project['name']);
+ $row .= htmlspecialchars($project['name'], ENT_QUOTES);
}
- $row .= ' ' . check_plain($project['existing_version']);
+ $row .= ' ' . htmlspecialchars($project['existing_version'], ENT_QUOTES);
if ($project['install_type'] == 'dev' && !empty($project['datestamp'])) {
$row .= '
(' . format_date($project['datestamp'], 'custom', 'Y-M-d') . ')';
}
@@ -171,7 +171,7 @@ function theme_update_report($data) {
$row .= '