diff --git a/includes/theme.inc b/includes/theme.inc index 6c2b640..3bf76bc 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -2214,7 +2214,7 @@ function template_preprocess_html(&$variables) { else { $head_title = array('name' => check_plain(variable_get('site_name', 'Drupal'))); if (variable_get('site_slogan', '')) { - $head_title['slogan'] = filter_xss_admin(variable_get('site_slogan', '')); + $head_title['slogan'] = strip_tags(filter_xss_admin(variable_get('site_slogan', ''))); } } $variables['head_title_array'] = $head_title; @@ -2271,7 +2271,7 @@ function template_preprocess_page(&$variables) { $variables['main_menu'] = theme_get_setting('toggle_main_menu') ? menu_main_menu() : array(); $variables['secondary_menu'] = theme_get_setting('toggle_secondary_menu') ? menu_secondary_menu() : array(); $variables['action_links'] = menu_local_actions(); - $variables['site_name'] = (theme_get_setting('toggle_name') ? filter_xss_admin(variable_get('site_name', 'Drupal')) : ''); + $variables['site_name'] = (theme_get_setting('toggle_name') ? check_plain(variable_get('site_name', 'Drupal')) : ''); $variables['site_slogan'] = (theme_get_setting('toggle_slogan') ? filter_xss_admin(variable_get('site_slogan', '')) : ''); $variables['tabs'] = menu_local_tabs(); @@ -2453,13 +2453,13 @@ function template_preprocess_maintenance_page(&$variables) { if (drupal_get_title()) { $head_title = array( 'title' => strip_tags(drupal_get_title()), - 'name' => variable_get('site_name', 'Drupal'), + 'name' => check_plain(variable_get('site_name', 'Drupal')), ); } else { - $head_title = array('name' => variable_get('site_name', 'Drupal')); + $head_title = array('name' => check_plain(variable_get('site_name', 'Drupal'))); if (variable_get('site_slogan', '')) { - $head_title['slogan'] = variable_get('site_slogan', ''); + $head_title['slogan'] = strip_tags(filter_xss_admin(variable_get('site_slogan', ''))); } } @@ -2479,8 +2479,8 @@ function template_preprocess_maintenance_page(&$variables) { $variables['messages'] = $variables['show_messages'] ? theme('status_messages') : ''; $variables['main_menu'] = array(); $variables['secondary_menu'] = array(); - $variables['site_name'] = (theme_get_setting('toggle_name') ? variable_get('site_name', 'Drupal') : ''); - $variables['site_slogan'] = (theme_get_setting('toggle_slogan') ? variable_get('site_slogan', '') : ''); + $variables['site_name'] = (theme_get_setting('toggle_name') ? check_plain(variable_get('site_name', 'Drupal')) : ''); + $variables['site_slogan'] = (theme_get_setting('toggle_slogan') ? filter_xss_admin(variable_get('site_slogan', '')) : ''); $variables['tabs'] = ''; $variables['title'] = drupal_get_title(); diff --git a/modules/system/system.test b/modules/system/system.test index 9944619..81ca205 100644 --- a/modules/system/system.test +++ b/modules/system/system.test @@ -1896,7 +1896,7 @@ class TokenReplaceTestCase extends DrupalWebTestCase { // Generate and test sanitized tokens. $tests = array(); $tests['[site:name]'] = check_plain(variable_get('site_name', 'Drupal')); - $tests['[site:slogan]'] = check_plain(variable_get('site_slogan', '')); + $tests['[site:slogan]'] = filter_xss_admin(variable_get('site_slogan', '')); $tests['[site:mail]'] = 'simpletest@example.com'; $tests['[site:url]'] = url('', $url_options); $tests['[site:url-brief]'] = preg_replace(array('!^https?://!', '!/$!'), '', url('', $url_options)); diff --git a/modules/system/system.tokens.inc b/modules/system/system.tokens.inc index 56ddf29..49c7a67 100644 --- a/modules/system/system.tokens.inc +++ b/modules/system/system.tokens.inc @@ -148,7 +148,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a case 'slogan': $slogan = variable_get('site_slogan', ''); - $replacements[$original] = $sanitize ? check_plain($slogan) : $slogan; + $replacements[$original] = $sanitize ? filter_xss_admin($slogan) : $slogan; break; case 'mail': diff --git a/themes/garland/template.php b/themes/garland/template.php index 1b144f1..ac91bb5 100644 --- a/themes/garland/template.php +++ b/themes/garland/template.php @@ -113,7 +113,7 @@ function garland_preprocess_page(&$vars) { $vars['site_html'] = implode(' ', $site_fields); // Set a variable for the site name title and logo alt attributes text. - $slogan_text = $vars['site_slogan']; + $slogan_text = strip_tags($vars['site_slogan']); $site_name_text = $vars['site_name']; $vars['site_name_and_slogan'] = $site_name_text . ' ' . $slogan_text; }