opdavies/drupalcampbristol
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update to Drupal 8.1.1. For more information, see https://www.drupal.org/node/2718713

Browse source
This commit is contained in:
Pantheon Automation 2016-05-04 14:35:41 -07:00 committed by Greg Anderson
parent c0a0d5a94c
commit 9eae24d844
669 changed files with 3873 additions and 1553 deletions
Download patch file Download diff file Expand all files Collapse all files

4
core/lib/Drupal/Component/Render/FormattableMarkup.php
View file

@ -163,9 +163,9 @@ class FormattableMarkup implements MarkupInterface, \Countable {
* wrapped in quotes:
* @code
* // Secure (with quotes):
* $this->placeholderFormat('<a href=":url">@variable</a>', [':url' => $url, @variable => $variable]);
* $this->placeholderFormat('<a href=":url">@variable</a>', [':url' => $url, '@variable' => $variable]);
* // Insecure (without quotes):
* $this->placeholderFormat('<a href=:url>@variable</a>', [':url' => $url, @variable => $variable]);
* $this->placeholderFormat('<a href=:url>@variable</a>', [':url' => $url, '@variable' => $variable]);
* @endcode
* When ":variable" comes from arbitrary user input, the result is secure,
* but not guaranteed to be a valid URL (which means the resulting output