[drupal-devel] important: check_output()
Dries Buytaert
dries at buytaert.net
Fri Jul 1 06:20:35 UTC 2005
Because of the recent security issue, we were forced to modify
check_output()'s API. check_output() now takes a third paramter
$check. If check = TRUE, check_output() checks whether the current
user is allowed to use the specified input format.
Note that this will check the permissions of the current user, so you
should specify $check = FALSE when viewing other people's content.
When showing content that is not (yet) stored in the database (eg.
upon preview), set to TRUE so the user's permissions are checked.
In DRUPAL-4-6, $check defaults to FALSE. However, in HEAD, $check
defaults to TRUE for extra safety. This means you'll have to check
your code in DRUPAL-4-6 to see if you don't need to insert a TRUE,
and that you'll have to check your code in HEAD, as most of them will
need an explicit FALSE.
--
Dries Buytaert :: http://www.buytaert.net/
More information about the drupal-devel
mailing list