On 15 Oct 2009, at 07:24, Justin Klein Keane wrote: > Applying the following patch mitigates these threats. > > - --- site_map/site_map.module 2009-09-30 15:09:49.295134033 -0400 > +++ site_map/site_map.module 2009-09-30 15:09:30.011119976 -0400 > @@ -14,7 +14,7 @@ function site_map_help($path, $arg) { > switch ($path) { > case 'sitemap': > $output = _sitemap_get_message(); > - - - return $output ? '<p>'. filter_xss($output) .'</p>' : ''; > + return $output ? '<p>'. $output .'</p>' : ''; > } > }
Surely that should be the other way around? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/