Skip to content

Commit

Permalink
D7-2647542: Use check_plain to sanitize query value before use.
Browse files Browse the repository at this point in the history
  • Loading branch information
@laryn
laryn committed Jun 12, 2024
1 parent 7e8bb6d commit 9be88e1
Showing 1 changed file with 17 additions and 3 deletions.
20 changes: 17 additions & 3 deletions plugins/views/views_plugin_argument_default_query.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@
*/
class views_plugin_argument_default_query extends views_plugin_argument_default {

/**
*
*/
function option_definition() {
$options = parent::option_definition();
$options['parameter'] = array('default' => '');
Expand All @@ -18,6 +21,9 @@ class views_plugin_argument_default_query extends views_plugin_argument_default
return $options;
}

/**
*
*/
function options_form(&$form, &$form_state) {
parent::options_form($form, $form_state);

Expand All @@ -35,16 +41,24 @@ class views_plugin_argument_default_query extends views_plugin_argument_default
);
}

/**
*
*/
function get_argument() {
$query_parameters = backdrop_get_query_parameters();

if (($parameter = $this->options['parameter']) && !empty($query_parameters[$parameter])) {
return $query_parameters[$parameter];
$argument = $query_parameters[$parameter];
}

return isset($this->options['default_value']) ? $this->options['default_value'] : '';
else {
$argument = isset($this->options['default_value']) ? $this->options['default_value'] : '';
}
return check_plain($argument);
}

/**
*
*/
function convert_options(&$options) {
if (!isset($options['parameter']) && isset($this->argument->options['default_argument_query'])) {
$options['parameter'] = $this->argument->options['default_argument_query'];
Expand Down

0 comments on commit 9be88e1

Please sign in to comment.