#1134074 by dereine: Sanitize the prefix only with xss not check_plain
authorDaniel Wehner
Wed, 8 Jun 2011 21:56:16 +0000 (23:56 +0200)
committerDaniel Wehner
Wed, 8 Jun 2011 21:56:16 +0000 (23:56 +0200)
handlers/views_handler_field_numeric.inc

index 61bc9ca..791747d 100644 (file)
@@ -120,6 +120,6 @@ class views_handler_field_numeric extends views_handler_field {
       $value = format_plural($value, $this->options['format_plural_singular'], $this->options['format_plural_plural']);
     }
 
-    return check_plain($this->options['prefix'] . $value . $this->options['suffix']);
+    return filter_xss($this->options['prefix']) . check_plain($value) . filter_xss($this->options['suffix']);
   }
 }