array( 'variables' => array( 'vss_id' => NULL, 'view' => NULL, 'settings' => NULL, 'rows' => NULL, ), 'template' => 'theme/bxslider-views-slideshow-main-frame', 'file' => 'theme/bxslider_views_slideshow.theme.inc', ), 'bxslider_views_slideshow_main_frame_row' => array( 'variables' => array( 'vss_id' => NULL, 'items' => NULL, 'count' => NULL, 'view' => NULL, ), 'template' => 'theme/bxslider-views-slideshow-main-frame-row', 'file' => 'theme/bxslider_views_slideshow.theme.inc', ), ); } /** * Gets the path to the Bxslider library. * * String @return * The path to the Bxslider library js file, or FALSE if not found. */ function _bxslider_views_slideshow_library_path() { $library_path = libraries_get_path('bxslider'); if (!empty($library_path)) { // Attempt to use minified version of bxslider plugin. $files = glob($library_path . '/jquery.bxslider.min.js'); if ($bxslider_path = array_shift($files)) { return $bxslider_path; } // Otherwise use non-minified version if available. else { $files = glob($library_path . '/jquery.bxslider.js'); if ($bxslider_path = array_shift($files)) { return $bxslider_path; } } } return FALSE; } /** * Implements hook_help(). */ function bxslider_views_slideshow_help($path, $arg) { switch ($path) { case 'admin/help#bxslider_views_slideshow': $output = '

' . t('Please read the README.txt file or create an issue on drupal.org.') . '

'; return $output; } } /** * Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities. * * Based on kses by Ulf Harnhammar, see http://sourceforge.net/projects/kses. * For examples of various XSS attacks, see: http://ha.ckers.org/xss.html. * * This code does four things: * - Removes characters and constructs that can trick browsers. * - Makes sure all HTML entities are well-formed. * - Makes sure all HTML tags and attributes are well-formed. * - Makes sure no HTML tags contain URLs with a disallowed protocol (e.g. * javascript:). * * @param $string * The string with raw HTML in it. It will be stripped of everything that can * cause an XSS attack. * @param $allowed_tags * An array of allowed tags. * * @return * An XSS safe version of $string, or an empty string if $string is not * valid UTF-8. * * @see drupal_validate_utf8() * @ingroup sanitization */ function bxslider_views_slideshow_filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd')) { // Only operate on valid UTF-8 strings. This is necessary to prevent cross // site scripting issues on Internet Explorer 6. if (!drupal_validate_utf8($string)) { return ''; } // Store the text format. _filter_xss_split($allowed_tags, TRUE); // Remove NULL characters (ignored by some browsers). $string = str_replace(chr(0), '', $string); // Remove Netscape 4 JS entities. $string = preg_replace('%&\s*\{[^}]*(\}\s*;?|$)%', '', $string); // Defuse all HTML entities. // BELOW IS THE ONLY CHANGE !!! //$string = str_replace('&', '&', $string); // Change back only well-formed entities in our whitelist: // Decimal numeric entities. $string = preg_replace('/&#([0-9]+;)/', '&#\1', $string); // Hexadecimal numeric entities. $string = preg_replace('/&#[Xx]0*((?:[0-9A-Fa-f]{2})+;)/', '&#x\1', $string); // Named entities. $string = preg_replace('/&([A-Za-z][A-Za-z0-9]*;)/', '&\1', $string); return preg_replace_callback('% ( <(?=[^a-zA-Z!/]) # a lone < | # or # a comment | # or <[^>]*(>|$) # a string that starts with a <, up until the > or the end of the string | # or > # just a > )%x', '_filter_xss_split', $string); }