Index: includes/path.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/path.inc,v retrieving revision 1.20 diff -u -p -r1.20 path.inc --- includes/path.inc 18 Feb 2008 16:49:23 -0000 1.20 +++ includes/path.inc 5 Apr 2008 02:02:25 -0000 @@ -191,15 +191,19 @@ function drupal_get_title() { * @param $title * Optional string value to assign to the page title; or if set to NULL * (default), leaves the current title unchanged. + * @param $html + * Optional boolen - normally should be FALSE. Only set to TRUE if $title + * contains html tags and if you have removed any possible dangerous code + * from $title using a function like check_plain() or filter_xss(). * * @return * The updated title of the current page. */ -function drupal_set_title($title = NULL) { +function drupal_set_title($title = NULL, $html = FALSE) { static $stored_title; if (isset($title)) { - $stored_title = $title; + $stored_title = $html ? $title : check_plain($title); } return $stored_title; } Index: modules/aggregator/aggregator.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/aggregator/aggregator.pages.inc,v retrieving revision 1.12 diff -u -p -r1.12 aggregator.pages.inc --- modules/aggregator/aggregator.pages.inc 8 Jan 2008 10:35:40 -0000 1.12 +++ modules/aggregator/aggregator.pages.inc 5 Apr 2008 02:02:25 -0000 @@ -37,7 +37,7 @@ function aggregator_page_source($arg1, $ // $arg1 is $form_state and $arg2 is $feed. Otherwise, $arg1 is $feed. $feed = is_array($arg2) ? $arg2 : $arg1; $feed = (object)$feed; - drupal_set_title(check_plain($feed->title)); + drupal_set_title($feed->title); $feed_source = theme('aggregator_feed_source', $feed); // It is safe to include the fid in the query because it's loaded from the Index: modules/block/block.admin.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/block/block.admin.inc,v retrieving revision 1.14 diff -u -p -r1.14 block.admin.inc --- modules/block/block.admin.inc 22 Dec 2007 23:24:24 -0000 1.14 +++ modules/block/block.admin.inc 5 Apr 2008 02:02:25 -0000 @@ -171,7 +171,7 @@ function block_admin_configure(&$form_st // Get the block subject for the page title. $info = module_invoke($module, 'block', 'list'); if (isset($info[$delta])) { - drupal_set_title(t("'%name' block", array('%name' => $info[$delta]['info']))); + drupal_set_title(t("'%name' block", array('%name' => $info[$delta]['info'])), TRUE); } // Standard block configurations. Index: modules/book/book.admin.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/book/book.admin.inc,v retrieving revision 1.8 diff -u -p -r1.8 book.admin.inc --- modules/book/book.admin.inc 8 Jan 2008 10:35:41 -0000 1.8 +++ modules/book/book.admin.inc 5 Apr 2008 02:02:25 -0000 @@ -69,7 +69,7 @@ function book_admin_settings_validate($f * @ingroup forms. */ function book_admin_edit($form_state, $node) { - drupal_set_title(check_plain($node->title)); + drupal_set_title($node->title); $form = array(); $form['#node'] = $node; $form['table'] = _book_admin_table($node); Index: modules/book/book.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/book/book.pages.inc,v retrieving revision 1.5 diff -u -p -r1.5 book.pages.inc --- modules/book/book.pages.inc 22 Dec 2007 23:24:24 -0000 1.5 +++ modules/book/book.pages.inc 5 Apr 2008 02:02:25 -0000 @@ -90,7 +90,7 @@ function book_export_html($nid) { * Menu callback; show the outline form for a single node. */ function book_outline($node) { - drupal_set_title(check_plain($node->title)); + drupal_set_title($node->title); return drupal_get_form('book_outline_form', $node); } Index: modules/contact/contact.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/contact/contact.pages.inc,v retrieving revision 1.8 diff -u -p -r1.8 contact.pages.inc --- modules/contact/contact.pages.inc 25 Mar 2008 14:07:34 -0000 1.8 +++ modules/contact/contact.pages.inc 5 Apr 2008 02:02:25 -0000 @@ -164,7 +164,7 @@ function contact_user_page($account) { $output = t("You cannot send more than %number messages per hour. Please try again later.", array('%number' => variable_get('contact_hourly_threshold', 3))); } else { - drupal_set_title(check_plain($account->name)); + drupal_set_title($account->name); $output = drupal_get_form('contact_mail_user', $account); } Index: modules/filter/filter.admin.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/filter/filter.admin.inc,v retrieving revision 1.10 diff -u -p -r1.10 filter.admin.inc --- modules/filter/filter.admin.inc 19 Feb 2008 14:07:21 -0000 1.10 +++ modules/filter/filter.admin.inc 5 Apr 2008 02:02:25 -0000 @@ -302,7 +302,7 @@ function filter_admin_delete_submit($for * Menu callback; display settings defined by a format's filters. */ function filter_admin_configure_page($format) { - drupal_set_title(t("Configure %format", array('%format' => $format->name))); + drupal_set_title(t("Configure %format", array('%format' => $format->name)), TRUE); return drupal_get_form('filter_admin_configure', $format); } @@ -343,7 +343,7 @@ function filter_admin_configure_submit($ * Menu callback; display form for ordering filters for a format. */ function filter_admin_order_page($format) { - drupal_set_title(t("Rearrange %format", array('%format' => $format->name))); + drupal_set_title(t("Rearrange %format", array('%format' => $format->name)), TRUE); return drupal_get_form('filter_admin_order', $format); } Index: modules/forum/forum.module =================================================================== RCS file: /cvs/drupal/drupal/modules/forum/forum.module,v retrieving revision 1.452 diff -u -p -r1.452 forum.module --- modules/forum/forum.module 20 Feb 2008 13:46:39 -0000 1.452 +++ modules/forum/forum.module 5 Apr 2008 02:02:25 -0000 @@ -666,7 +666,7 @@ function template_preprocess_forums(&$va } } drupal_set_breadcrumb($breadcrumb); - drupal_set_title(check_plain($title)); + drupal_set_title($title); if ($variables['forums_defined'] = count($variables['forums']) || count($variables['parents'])) { // Format the "post new content" links listing. Index: modules/node/node.module =================================================================== RCS file: /cvs/drupal/drupal/modules/node/node.module,v retrieving revision 1.953 diff -u -p -r1.953 node.module --- modules/node/node.module 1 Apr 2008 19:45:21 -0000 1.953 +++ modules/node/node.module 5 Apr 2008 02:02:25 -0000 @@ -1093,7 +1093,7 @@ function node_build_content($node, $teas */ function node_show($node, $cid, $message = FALSE) { if ($message) { - drupal_set_title(t('Revision of %title from %date', array('%title' => $node->title, '%date' => format_date($node->revision_timestamp)))); + drupal_set_title(t('Revision of %title from %date', array('%title' => $node->title, '%date' => format_date($node->revision_timestamp))), TRUE); } $output = node_view($node, FALSE, TRUE); @@ -1755,7 +1755,7 @@ function node_page_default() { * Menu callback; view a single node. */ function node_page_view($node, $cid = NULL) { - drupal_set_title(check_plain($node->title)); + drupal_set_title($node->title); return node_show($node, $cid); } Index: modules/node/node.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/node/node.pages.inc,v retrieving revision 1.29 diff -u -p -r1.29 node.pages.inc --- modules/node/node.pages.inc 17 Feb 2008 19:29:07 -0000 1.29 +++ modules/node/node.pages.inc 5 Apr 2008 02:02:25 -0000 @@ -54,7 +54,7 @@ function node_add($type) { // Initialize settings: $node = array('uid' => $user->uid, 'name' => (isset($user->name) ? $user->name : ''), 'type' => $type, 'language' => ''); - drupal_set_title(t('Create @name', array('@name' => $types[$type]->name))); + drupal_set_title(t('Create @name', array('@name' => $types[$type]->name)), TRUE); $output = drupal_get_form($type .'_node_form', $node); } @@ -521,7 +521,7 @@ function node_delete_confirm_submit($for * Generate an overview table of older revisions of a node. */ function node_revision_overview($node) { - drupal_set_title(t('Revisions for %title', array('%title' => $node->title))); + drupal_set_title(t('Revisions for %title', array('%title' => $node->title)), TRUE); $header = array(t('Revision'), array('data' => t('Operations'), 'colspan' => 2)); Index: modules/openid/openid.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/openid/openid.pages.inc,v retrieving revision 1.5 diff -u -p -r1.5 openid.pages.inc --- modules/openid/openid.pages.inc 30 Jan 2008 22:11:22 -0000 1.5 +++ modules/openid/openid.pages.inc 5 Apr 2008 02:02:25 -0000 @@ -28,7 +28,7 @@ function openid_authentication_page() { * Menu callback; Manage OpenID identities for the specified user. */ function openid_user_identities($account) { - drupal_set_title(check_plain($account->name)); + drupal_set_title($account->name); drupal_add_css(drupal_get_path('module', 'openid') .'/openid.css', 'module'); // Check to see if we got a response Index: modules/path/path.admin.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/path/path.admin.inc,v retrieving revision 1.7 diff -u -p -r1.7 path.admin.inc --- modules/path/path.admin.inc 8 Jan 2008 10:35:42 -0000 1.7 +++ modules/path/path.admin.inc 5 Apr 2008 02:02:25 -0000 @@ -67,7 +67,7 @@ function path_admin_overview($keys = NUL function path_admin_edit($pid = 0) { if ($pid) { $alias = path_load($pid); - drupal_set_title(check_plain($alias['dst'])); + drupal_set_title($alias['dst']); $output = drupal_get_form('path_admin_form', $alias); } else { Index: modules/poll/poll.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/poll/poll.pages.inc,v retrieving revision 1.4 diff -u -p -r1.4 poll.pages.inc --- modules/poll/poll.pages.inc 14 Dec 2007 09:50:41 -0000 1.4 +++ modules/poll/poll.pages.inc 5 Apr 2008 02:02:25 -0000 @@ -28,7 +28,7 @@ function poll_page() { * Callback for the 'votes' tab for polls you can see other votes on */ function poll_votes($node) { - drupal_set_title(check_plain($node->title)); + drupal_set_title($node->title); $output = t('This table lists all the recorded votes for this poll. If anonymous users are allowed to vote, they will be identified by the IP address of the computer they used when they voted.'); $header[] = array('data' => t('Visitor'), 'field' => 'u.name'); @@ -50,7 +50,7 @@ function poll_votes($node) { * Callback for the 'results' tab for polls you can vote on */ function poll_results($node) { - drupal_set_title(check_plain($node->title)); + drupal_set_title($node->title); $node->show_results = TRUE; return node_show($node, 0); } Index: modules/profile/profile.admin.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/profile/profile.admin.inc,v retrieving revision 1.9 diff -u -p -r1.9 profile.admin.inc --- modules/profile/profile.admin.inc 18 Feb 2008 16:53:36 -0000 1.9 +++ modules/profile/profile.admin.inc 5 Apr 2008 02:02:25 -0000 @@ -175,7 +175,7 @@ function profile_field_form(&$form_state drupal_not_found(); return; } - drupal_set_title(t('edit %title', array('%title' => $edit['title']))); + drupal_set_title(t('edit %title', array('%title' => $edit['title'])), TRUE); $form['fid'] = array('#type' => 'value', '#value' => $fid, ); @@ -193,7 +193,7 @@ function profile_field_form(&$form_state return; } $type = $arg; - drupal_set_title(t('add new %type', array('%type' => $types[$type]))); + drupal_set_title(t('add new %type', array('%type' => $types[$type])), TRUE); $edit = array('name' => 'profile_'); $form['type'] = array('#type' => 'value', '#value' => $type); } Index: modules/statistics/statistics.admin.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/statistics/statistics.admin.inc,v retrieving revision 1.6 diff -u -p -r1.6 statistics.admin.inc --- modules/statistics/statistics.admin.inc 8 Jan 2008 10:35:42 -0000 1.6 +++ modules/statistics/statistics.admin.inc 5 Apr 2008 02:02:25 -0000 @@ -64,7 +64,7 @@ function statistics_top_pages() { $rows[] = array(array('data' => t('No statistics available.'), 'colspan' => 4)); } - drupal_set_title(t('Top pages in the past %interval', array('%interval' => format_interval(variable_get('statistics_flush_accesslog_timer', 259200))))); + drupal_set_title(t('Top pages in the past %interval', array('%interval' => format_interval(variable_get('statistics_flush_accesslog_timer', 259200)))), TRUE); $output = theme('table', $header, $rows); $output .= theme('pager', NULL, 30, 0); return $output; @@ -97,7 +97,7 @@ function statistics_top_visitors() { $rows[] = array(array('data' => t('No statistics available.'), 'colspan' => 4)); } - drupal_set_title(t('Top visitors in the past %interval', array('%interval' => format_interval(variable_get('statistics_flush_accesslog_timer', 259200))))); + drupal_set_title(t('Top visitors in the past %interval', array('%interval' => format_interval(variable_get('statistics_flush_accesslog_timer', 259200)))), TRUE); $output = theme('table', $header, $rows); $output .= theme('pager', NULL, 30, 0); return $output; @@ -109,7 +109,7 @@ function statistics_top_visitors() { function statistics_top_referrers() { $query = "SELECT url, COUNT(url) AS hits, MAX(timestamp) AS last FROM {accesslog} WHERE url NOT LIKE '%%%s%%' AND url <> '' GROUP BY url"; $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%%%s%%'"; - drupal_set_title(t('Top referrers in the past %interval', array('%interval' => format_interval(variable_get('statistics_flush_accesslog_timer', 259200))))); + drupal_set_title(t('Top referrers in the past %interval', array('%interval' => format_interval(variable_get('statistics_flush_accesslog_timer', 259200)))), TRUE); $header = array( array('data' => t('Hits'), 'field' => 'hits', 'sort' => 'desc'), Index: modules/statistics/statistics.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/statistics/statistics.pages.inc,v retrieving revision 1.2 diff -u -p -r1.2 statistics.pages.inc --- modules/statistics/statistics.pages.inc 20 Oct 2007 21:57:50 -0000 1.2 +++ modules/statistics/statistics.pages.inc 5 Apr 2008 02:02:25 -0000 @@ -29,7 +29,7 @@ function statistics_node_tracker() { $rows[] = array(array('data' => t('No statistics available.'), 'colspan' => 4)); } - drupal_set_title(check_plain($node->title)); + drupal_set_title($node->title); $output = theme('table', $header, $rows); $output .= theme('pager', NULL, 30, 0); return $output; @@ -60,7 +60,7 @@ function statistics_user_tracker() { $rows[] = array(array('data' => t('No statistics available.'), 'colspan' => 3)); } - drupal_set_title(check_plain($account->name)); + drupal_set_title($account->name); $output = theme('table', $header, $rows); $output .= theme('pager', NULL, 30, 0); return $output; Index: modules/taxonomy/taxonomy.admin.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/taxonomy/taxonomy.admin.inc,v retrieving revision 1.24 diff -u -p -r1.24 taxonomy.admin.inc --- modules/taxonomy/taxonomy.admin.inc 14 Feb 2008 18:41:16 -0000 1.24 +++ modules/taxonomy/taxonomy.admin.inc 5 Apr 2008 02:02:25 -0000 @@ -258,7 +258,7 @@ function taxonomy_overview_terms(&$form_ return taxonomy_vocabulary_confirm_reset_alphabetical($form_state, $vocabulary->vid); } - drupal_set_title(t('Terms in %vocabulary', array('%vocabulary' => $vocabulary->name))); + drupal_set_title(t('Terms in %vocabulary', array('%vocabulary' => $vocabulary->name)), TRUE); $form = array( '#vocabulary' => (array)$vocabulary, '#tree' => TRUE, @@ -628,7 +628,7 @@ function theme_taxonomy_overview_terms($ * Menu callback; return the edit form for a new term after setting the title. */ function taxonomy_add_term_page($vocabulary) { - drupal_set_title(t('Add term to %vocabulary', array('%vocabulary' => $vocabulary->name))); + drupal_set_title(t('Add term to %vocabulary', array('%vocabulary' => $vocabulary->name)), TRUE); return drupal_get_form('taxonomy_form_term' , $vocabulary); } Index: modules/tracker/tracker.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/tracker/tracker.pages.inc,v retrieving revision 1.5 diff -u -p -r1.5 tracker.pages.inc --- modules/tracker/tracker.pages.inc 28 Nov 2007 10:29:20 -0000 1.5 +++ modules/tracker/tracker.pages.inc 5 Apr 2008 02:02:25 -0000 @@ -19,7 +19,7 @@ function tracker_page($account = NULL, $ // When viewed from user/%user/track, display the name of the user // as page title -- the tab title remains Track so this needs to be done // here and not in the menu definiton. - drupal_set_title(check_plain($account->name)); + drupal_set_title($account->name); } // TODO: These queries are very expensive, see http://drupal.org/node/105639 $sql = 'SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, GREATEST(n.changed, l.last_comment_timestamp) AS last_updated, l.comment_count FROM {node} n INNER JOIN {node_comment_statistics} l ON n.nid = l.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid AND (c.status = %d OR c.status IS NULL) WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d) ORDER BY last_updated DESC'; Index: modules/translation/translation.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/translation/translation.pages.inc,v retrieving revision 1.2 diff -u -p -r1.2 translation.pages.inc --- modules/translation/translation.pages.inc 7 Jan 2008 13:18:40 -0000 1.2 +++ modules/translation/translation.pages.inc 5 Apr 2008 02:02:25 -0000 @@ -54,6 +54,6 @@ function translation_node_overview($node $rows[] = array($language_name, $title, $status, implode(" | ", $options)); } - drupal_set_title(t('Translations of %title', array('%title' => $node->title))); + drupal_set_title(t('Translations of %title', array('%title' => $node->title)), TRUE); return theme('table', $header, $rows); } Index: modules/user/user.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.pages.inc,v retrieving revision 1.12 diff -u -p -r1.12 user.pages.inc --- modules/user/user.pages.inc 18 Feb 2008 16:53:37 -0000 1.12 +++ modules/user/user.pages.inc 5 Apr 2008 02:02:25 -0000 @@ -147,7 +147,7 @@ function user_logout() { * Menu callback; Displays a user or user profile page. */ function user_view($account) { - drupal_set_title(check_plain($account->name)); + drupal_set_title($account->name); // Retrieve all profile fields and attach to $account->content. user_build_content($account); @@ -218,7 +218,7 @@ function template_preprocess_user_profil * @see user_edit_submit() */ function user_edit($account, $category = 'account') { - drupal_set_title(check_plain($account->name)); + drupal_set_title($account->name); return drupal_get_form('user_profile_form', $account, $category); }