yes and no should also run through t() for translation

Created on 16 December 2013, almost 11 years ago

Updated 30 October 2023, 11 months ago

Hi. Here's a little Bug,
1. "$settings['geofield_map_pancontrol'] ? 'Yes' : 'No')": yes and no should also run through t() for translation. Same for "'#markup' => 'Please add at least 1 geofield to the view',", please check all your strings.

2. geofield_map_plugin_style_map.inc render() looks vulnerable to XSS exploits. $style_options['alt_text'] is user provided text and printed to HTML without sanitization. Make sure to read https://drupal.org/node/28984 again. This should at least use filter_xss_admin() or similar. This is not a security issue according to our policy since an attacker would need the "administer views" permission, but this should be fixed anyway. Same for the width and height settings.

@see https://drupal.org/comment/8228129#comment-8228129

🐛 Bug report

Status

Fixed

Version

2.0

Component

Code

Created by

🇨🇳China xiukun.zhou

Live updates comments and jobs are added and updated live.

Comments & Activities

Comment 11 months ago →
System Message

poker10 → committed 188132fb on 7.x-2.x authored by xiukun.zhou →
Issue #2157347 by xiukun.zhou: yes and no should also run through t()...
Status changed to Fixed 11 months ago1:14pm 30 October 2023
Comment 11 months ago →
🇸🇰Slovakia poker10
Committed the fix for translations, thanks!

For the XSS issue, as you wrote, that should be a security hardening, because you need Administer views permission. Please create a new issue for this, so that we do not mix two unrelated fixes in one issue. Thanks!
Comment 11 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024