On 18 Jun 2006, at 23:44, Dries Buytaert wrote:
1. Your code has various XSS problems. For example:
t('play %link', array('%link' => $node->title))
should be:
t('play %link', array('%link' => theme('placeholder', $node-
title)))
The following modules or files make the exact same security mistake (XSS): acidfree/acidfree.module acidfree/class_album.inc acidfree/class_photo.inc acidfree/class_video.inc aggregator2/aggregator2.module amazontools/amazon.module bugs/bugs.module citizenspeak/citizenspeak.theme.php commentmail/commentmail.module cvbuilder/cvbuilder.module discography/discography.module eatlocal/resource/resource.module ecommerce/contrib/auction/auction.module ecommerce/subproducts/subproducts.inc eventrepeat/eventrepeat.module export_docbook/export_docbook.module faq/faq.module gojoingo/modules/gjg_event/gjg_event.module groups/groups.module img_assist/img_assist.module interview/interview.module listhandler/listhandler.module macrotags/macros.inc mail/mail.module moviereview/moviereview.module naggregator/naggregator.module naggregator/naggregator_convert.php news_page/news_page.module node_aggregator/naggregator.convert.php node_image/node_image.module playlist/playlist.module pr/pr.module print/print.node.tpl.php project/update-project.php publication/publication.module recipe/recipe.module send/send.inc shortcuts/shortcuts.module spam/spam.module staffbio/staffbio.module tagnode/tagnode.module tec/tec.module term_access/patches/book.patch topic/topic.module trackback/trackback.module upcomingorg/upcomingorg.module userreview/userreview.module wallpaper/wallpaper.module webcomic/webcomic_theme.inc webform/webform.module whatsrelated/whatsrelated.module wishlist/wishlist.module (There might be some false positives.) -- Dries Buytaert :: http://www.buytaert.net/