Hey all,

Great module, but i found 1 minor issue. I used the ' character in a title, that's now being changed to html code. This happens because when executing drupal_set_title() there's a check_plain() inside that, and that should not be there i believe.

From ./includes/bootstrap.inc :
* @param $output
* Optional flag - normally should be left as CHECK_PLAIN. Only set to
* PASS_THROUGH if you have already removed any possibly dangerous code
* from $title using a function like check_plain() or filter_xss(). With this
* flag the string will be passed through unchanged.

And from: http://api.drupal.org/api/drupal/includes!bootstrap.inc/function/drupal_...
$stored_title = ($output == PASS_THROUGH) ? $title : check_plain($title);

So it's actually already ran through check_plain() if i'm right, here's a patch that fixes this.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

behindthepage’s picture

Thanks I will look into it.

Regards
Geoff

DeNelo’s picture

Edit: Moved

behindthepage’s picture

Status: Needs review » Closed (fixed)

Hi Rob C,

I have applied this patch and it is included in 7.x-1.4 release.

Thanks
Geoff

Rob C’s picture

Hey Geoff,

Nice, another one bites the dust.

Thanks!