if ($isRead) {
return;
}
- $config =& CRM_Core_Config::singleton();
// FIXME: This belongs in CRM_Utils_System_*
- if ($config->userSystem->is_drupal && function_exists('drupal_session_start')) {
+ if (CRM_Core_Config::singleton()->userSystem->is_drupal && function_exists('drupal_session_start')) {
// https://issues.civicrm.org/jira/browse/CRM-14356
if (!(isset($GLOBALS['lazy_session']) && $GLOBALS['lazy_session'] == TRUE)) {
drupal_session_start();
$session = self::singleton();
$session->initialize();
+ // Sanitize any HTML we're displaying. This helps prevent reflected XSS in error messages.
+ $text = CRM_Utils_String::purifyHTML($text);
+ $title = CRM_Utils_String::purifyHTML($title);
+
// default options
$options += array('unique' => TRUE);