Sanitizing token output. 5.x-2.5
authorNathan Haug
Thu, 17 Jun 2010 00:26:45 +0000 (00:26 +0000)
committerNathan Haug
Thu, 17 Jun 2010 00:26:45 +0000 (00:26 +0000)
filefield.module

index 2b37a5d..6e7a85a 100644 (file)
@@ -930,9 +930,9 @@ function filefield_token_values($type, $object = NULL) {
   if ($type == 'field') {
     $item = $object[0];
     $tokens['fid']         = $item['fid'];
-    $tokens['description'] = $item['description'];
-    $tokens['filename']    = $item['filename'];
-    $tokens['filepath']    = $item['filepath'];
+    $tokens['description'] = check_plain($item['description']);
+    $tokens['filename']    = check_plain($item['filename']);
+    $tokens['filepath']    = check_plain($item['filepath']);
     $tokens['filemime']    = $item['filemime'];
     $tokens['filesize']    = $item['filesize'];
     $tokens['view']        = $item['view'];