Re: [development] Drupal 6.x hook_menu question regarding use of wildcards - Resolved

16 Feb 2008

      ...
<?php
function agenda_page_title($node, $text) {
$return = $text . $node->title;
return $return;
}
?>
Welcome to the wonderful word of XSS holes!!!!! You want check_plain($node->title) and likely check_plain ($text . $node->title)
Actually not.

drupal_get_title runs a check_plain on the menu_get_active_title() .

I only checked menu.inc . Sorry! 

I will update the handbook to indicate this.

Re: [development] Drupal 6.x hook_menu question regarding use of wildcards - Resolved

Karoly Negyesi