Project

General

Profile

Revision b0dc3a2e

Added by Julien Enselme over 7 years ago

Update to Drupal 7.52

View differences:

drupal7/modules/dblog/dblog.admin.inc
294 294
    else {
295 295
      $output = t($event->message, unserialize($event->variables));
296 296
    }
297
    // If the output is expected to be a link, strip all the tags and
298
    // special characters by using filter_xss() without any allowed tags.
299
    // If not, use filter_xss_admin() to allow some tags.
297 300
    if ($variables['link'] && isset($event->wid)) {
298
      // Truncate message to 56 chars.
301
      // Truncate message to 56 chars after stripping all the tags.
299 302
      $output = truncate_utf8(filter_xss($output, array()), 56, TRUE, TRUE);
300 303
      $output = l($output, 'admin/reports/event/' . $event->wid, array('html' => TRUE));
301 304
    }
305
    else {
306
      // Prevent XSS in log detail pages.
307
      $output = filter_xss_admin($output);
308
    }
302 309
  }
303 310
  return $output;
304 311
}

Also available in: Unified diff