Potential problem in drupal_set_message()

Line 194: Potential problem: drupal_set_message() only accepts filtered text, be sure to use check_plain(), filter_xss() or similar to ensure your $variable is fully sanitized. (Drupal Docs) [security_dsm]

drupal_set_message($message, 'status');

Line 241: Potential problem: drupal_set_message() only accepts filtered text, be sure to use check_plain(), filter_xss() or similar to ensure your $variable is fully sanitized. (Drupal Docs) [security_dsm]

drupal_set_message($message, 'status');

Comment	File	Size	Author
#2	Potential_problem-2853135-2.patch	866 bytes	Munavijayalakshmi
#2	7.x-1.x: PHP 5.3 & MySQL 5.5, D7 5 pass

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

16 February 2017 at 10:54

Munavijayalakshmi created an issue. See original summary.

Log in or register to post comments

Comment #2

Munavijayalakshmi CreditAttribution: Munavijayalakshmi at Valuebound commented 16 February 2017 at 11:03

Status:

Active

» Needs review

File	Size
Potential_problem-2853135-2.patch	866 bytes
7.x-1.x: PHP 5.3 & MySQL 5.5, D7 5 pass

Log in or register to post comments

dstol’s picture

Comment #3

English

CreditAttribution: dstol as a volunteer commented 23 February 2017 at 22:02

Status:

Needs review

» Closed (works as designed)

If you take a look at the comments prior to the drupal_set_message() call you'll see that $message is already sanitized.

Log in or register to post comments