diff -Naur original/lib/Drupal/views/Plugin/views/area/AreaPluginBase.php patched/lib/Drupal/views/Plugin/views/area/AreaPluginBase.php
--- original/lib/Drupal/views/Plugin/views/area/AreaPluginBase.php 2013-01-14 12:10:23.000000000 +0100
+++ patched/lib/Drupal/views/Plugin/views/area/AreaPluginBase.php 2013-01-14 20:15:36.000000000 +0100
@@ -132,7 +132,7 @@
if (!empty($options[$type])) {
$items = array();
foreach ($options[$type] as $key => $value) {
- $items[] = $key . ' == ' . $value;
+ $items[] = $key . ' == ' . check_plain($value);
}
$form['tokens']['tokens'] = array(
'#theme' => 'item_list',
diff -Naur original/lib/Drupal/views/Plugin/views/display/DisplayPluginBase.php patched/lib/Drupal/views/Plugin/views/display/DisplayPluginBase.php
--- original/lib/Drupal/views/Plugin/views/display/DisplayPluginBase.php 2013-01-14 12:10:23.000000000 +0100
+++ patched/lib/Drupal/views/Plugin/views/display/DisplayPluginBase.php 2013-01-14 20:45:00.000000000 +0100
@@ -932,6 +932,7 @@
if (!empty($handler->options['relationship']) && !empty($relationships[$handler->options['relationship']])) {
$options[$id] = '(' . $relationships[$handler->options['relationship']] . ') ' . $options[$id];
}
+ $options[$id] = check_plain($label);
}
return $options;
}
diff -Naur original/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php patched/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php
--- original/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php 2013-01-14 12:10:23.000000000 +0100
+++ patched/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php 2013-01-14 20:13:48.000000000 +0100
@@ -869,7 +869,7 @@
if (!empty($options[$type])) {
$items = array();
foreach ($options[$type] as $key => $value) {
- $items[] = $key . ' == ' . $value;
+ $items[] = $key . ' == ' . check_plain($value);
}
$output .= theme('item_list',
array(
diff -Naur original/views_ui/js/views-admin.js patched/views_ui/js/views-admin.js
--- original/views_ui/js/views-admin.js 2013-01-14 12:10:23.000000000 +0100
+++ patched/views_ui/js/views-admin.js 2013-01-14 21:32:54.000000000 +0100
@@ -244,7 +244,7 @@
"use strict";
// Perhaps we should precache the text div, too.
- this.$selected_div.find('.views-selected-options').html(this.checkedItems.join(', '));
+ this.$selected_div.find('.views-selected-options').html(Drupal.checkPlain(this.checkedItems.join(', ')));
Drupal.viewsUi.resizeModal('', true);
};
diff -Naur original/views_ui/lib/Drupal/views_ui/ViewListController.php patched/views_ui/lib/Drupal/views_ui/ViewListController.php
--- original/views_ui/lib/Drupal/views_ui/ViewListController.php 2013-01-14 12:10:23.000000000 +0100
+++ patched/views_ui/lib/Drupal/views_ui/ViewListController.php 2013-01-14 20:35:42.000000000 +0100
@@ -41,8 +41,8 @@
return array(
'data' => array(
'view_name' => theme('views_ui_view_info', array('view' => $view)),
- 'description' => $view->get('description'),
- 'tag' => $view->get('tag'),
+ 'description' => check_plain($view->get('description')),
+ 'tag' => check_plain($view->get('tag')),
'path' => implode(', ', $view->getPaths()),
'operations' => array(
'data' => $this->buildOperations($view),
diff -Naur original/views_ui/views_ui.theme.inc patched/views_ui/views_ui.theme.inc
--- original/views_ui/views_ui.theme.inc 2013-01-14 12:10:23.000000000 +0100
+++ patched/views_ui/views_ui.theme.inc 2013-01-14 20:49:22.000000000 +0100
@@ -69,7 +69,7 @@
*/
function theme_views_ui_view_info($variables) {
$output = '';
- $output .= '' . $variables['title'] . "
\n";
+ $output .= '' . check_plain($variables['title']) . "
\n";
$output .= '' . $variables['displays'] . "
\n";
return $output;
}
@@ -195,7 +195,7 @@
$display = &$form[$key];
$row = array();
- $row[] = drupal_render($display['title']);
+ $row[] = check_plain(drupal_render($display['title']));
$form[$key]['weight']['#attributes']['class'] = array('weight');
$row[] = drupal_render($form[$key]['weight']);
if (isset($display['removed'])) {