User: dww Branch: HEAD Date: Tue, 06 Mar 2007 09:37:48 +0000 Modified files: /tricks/cvs-release-notes cvs-release-notes.php Log message: undoing revisions 1.3 and 1.4. check_plain() has no buisness being in this script. this doesn't generate web pages, it generates sample output to use as the *input* for release notes based on cvs commit messages. even assuming this output is used for a Drupal release node (not always the case, in fact), XSS is not possible through release node bodies, since those are filtered properly (on output, by design). check_plain() in here is filtering on input (actually, pre-input), since the user is just going to turn around and further edit this output when filling in the release node form. plus, this script doesn't depend on (or necessarily even have anything to do with Drupal), so Drupal-specific functions shouldn't be called in here. Links: http://cvs.drupal.org/diff.php?path=contributions/tricks/cvs-release-notes/c...