16 Feb
2008
16 Feb
'08
12:37 a.m.
<?php function _agenda_list($node) { return agenda_list($node->nid); } ?> why not make agenda_list accept a $node instead of a nid and change inside? Why a whole wrapper? <?php function agenda_page_title($node, $text) { $return = $text . $node->title; return $return; } ?> Welcome to the wonderful word of XSS holes!!!!! You want check_plain($node->title) and likely check_plain ($text . $node->title)