[development] Video module getting ready for 4.7 release: need help debugging

Dries Buytaert dries.buytaert at gmail.com
Mon Jun 19 05:26:57 UTC 2006

On 19 Jun 2006, at 01:42, Steven Wittens wrote:
>>>   t('play %link', array('%link' => $node->title))
>> this is used as title attribute for a link... maybe check_plain()
>> should be used insted of theme('placeholder') as suggested.
> Neither check_plain() or theme('placeholder') are necessary or even  
> make sense here. Title attributes cannot contain HTML, so their  
> content is passed as plain-text to l(). The attribute content is  
> escaped right before outputting in drupal_attributes().

Yes, I picked the wrong example.  There are still dozens of other  
security bugs in the video module though.

   drupal_set_title(t('Playing') . ' ' . $node->title);

Dries Buytaert  ::  http://www.buytaert.net/

More information about the development mailing list