On 15 Oct 2009, at 07:24, Justin Klein Keane wrote:
> Applying the following patch mitigates these threats.
>
> - --- site_map/site_map.module 2009-09-30 15:09:49.295134033 -0400
> +++ site_map/site_map.module 2009-09-30 15:09:30.011119976 -0400
> @@ -14,7 +14,7 @@ function site_map_help($path, $arg) {
> switch ($path) {
> case 'sitemap':
> $output = _sitemap_get_message();
> - - - return $output ? '<p>'. filter_xss($output) .'</p>' : '';
> + return $output ? '<p>'. $output .'</p>' : '';
> }
> }
Surely that should be the other way around?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
