|  | @@ -1,12 +1,7 @@
 | 
	
		
			
				|  |  |  <?php
 | 
	
		
			
				|  |  |  /**
 | 
	
		
			
				|  |  | - * @file 
 | 
	
		
			
				|  |  | - * 
 | 
	
		
			
				|  |  | - * Copyright 2011 New Signature
 | 
	
		
			
				|  |  | - * http://www.newsignature.com
 | 
	
		
			
				|  |  | - *
 | 
	
		
			
				|  |  | - * @author Andrew Marcus
 | 
	
		
			
				|  |  | - * @since Oct 4, 2011
 | 
	
		
			
				|  |  | + * @file
 | 
	
		
			
				|  |  | + * Main components.
 | 
	
		
			
				|  |  |   */
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  function addressfield_tokens_menu() {
 | 
	
	
		
			
				|  | @@ -127,7 +122,7 @@ function addressfield_tokens_field_formatter_settings_summary($field, $instance,
 | 
	
		
			
				|  |  |    if ($display['type'] == 'addressfield_components') {
 | 
	
		
			
				|  |  |      $comps = array_intersect_key(addressfield_tokens_components(), array_flip($settings['components']));
 | 
	
		
			
				|  |  |      $sep = str_replace('\n', '<br/>', $settings['separator']);
 | 
	
		
			
				|  |  | -    $summary = implode($sep, $comps);
 | 
	
		
			
				|  |  | +    $summary = filter_xss(implode($sep, $comps));
 | 
	
		
			
				|  |  |    }
 | 
	
		
			
				|  |  |    return $summary;
 | 
	
		
			
				|  |  |  }
 | 
	
	
		
			
				|  | @@ -141,26 +136,28 @@ function addressfield_tokens_field_formatter_view($entity_type, $entity, $field,
 | 
	
		
			
				|  |  |    switch ($display['type']) {
 | 
	
		
			
				|  |  |      case 'addressfield_citystate':
 | 
	
		
			
				|  |  |        $theme = array('addressfield_formatter__citystate', 'addressfield_formatter');
 | 
	
		
			
				|  |  | -      if (!empty($item['country'])) {
 | 
	
		
			
				|  |  | -        array_unshift($theme, 'addressfield_formatter__citystate__' . $item['country']);
 | 
	
		
			
				|  |  | -      }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  |        foreach ($items as $delta => $item) {
 | 
	
		
			
				|  |  | +        if (!empty($item['country'])) {
 | 
	
		
			
				|  |  | +          array_unshift($theme, 'addressfield_formatter__citystate__' . $item['country']);
 | 
	
		
			
				|  |  | +        }
 | 
	
		
			
				|  |  |          $element[$delta] = array(
 | 
	
		
			
				|  |  |            '#theme' => $theme,
 | 
	
		
			
				|  |  | -          '#address' => $item,
 | 
	
		
			
				|  |  | +          '#address' => array_map('filter_xss', $item),
 | 
	
		
			
				|  |  |          );
 | 
	
		
			
				|  |  |        }
 | 
	
		
			
				|  |  |        break;
 | 
	
		
			
				|  |  |        
 | 
	
		
			
				|  |  |      case 'addressfield_linear':
 | 
	
		
			
				|  |  |        $theme = array('addressfield_formatter__linear', 'addressfield_formatter');
 | 
	
		
			
				|  |  | -      if (!empty($item['country'])) {
 | 
	
		
			
				|  |  | -        array_unshift($theme, 'addressfield_formatter__linear__' . $item['country']);
 | 
	
		
			
				|  |  | -      }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  |        foreach ($items as $delta => $item) {
 | 
	
		
			
				|  |  | +        if (!empty($item['country'])) {
 | 
	
		
			
				|  |  | +          array_unshift($theme, 'addressfield_formatter__linear__' . $item['country']);
 | 
	
		
			
				|  |  | +        }
 | 
	
		
			
				|  |  |          $element[$delta] = array(
 | 
	
		
			
				|  |  |            '#theme' => $theme,
 | 
	
		
			
				|  |  | -          '#address' => $item,
 | 
	
		
			
				|  |  | +          '#address' => array_map('filter_xss', $item),
 | 
	
		
			
				|  |  |          );
 | 
	
		
			
				|  |  |        }
 | 
	
		
			
				|  |  |        break;
 | 
	
	
		
			
				|  | @@ -171,7 +168,7 @@ function addressfield_tokens_field_formatter_view($entity_type, $entity, $field,
 | 
	
		
			
				|  |  |            $country = _addressfield_tokens_country($item['country']);
 | 
	
		
			
				|  |  |            $element[$delta] = array(
 | 
	
		
			
				|  |  |              '#type' => 'markup',
 | 
	
		
			
				|  |  | -            '#markup' => $country,
 | 
	
		
			
				|  |  | +            '#markup' => filter_xss($country),
 | 
	
		
			
				|  |  |              '#prefix' => '<span class="addressfield-country">',
 | 
	
		
			
				|  |  |              '#suffix' => '</span>',
 | 
	
		
			
				|  |  |            );
 | 
	
	
		
			
				|  | @@ -185,7 +182,7 @@ function addressfield_tokens_field_formatter_view($entity_type, $entity, $field,
 | 
	
		
			
				|  |  |            $state = _addressfield_tokens_state($item['country'], $item['administrative_area']);
 | 
	
		
			
				|  |  |            $element[$delta] = array(
 | 
	
		
			
				|  |  |              '#type' => 'markup',
 | 
	
		
			
				|  |  | -            '#markup' => $state,
 | 
	
		
			
				|  |  | +            '#markup' => filter_xss($state),
 | 
	
		
			
				|  |  |              '#prefix' => '<span class="addressfield-state">',
 | 
	
		
			
				|  |  |              '#suffix' => '</span>',
 | 
	
		
			
				|  |  |            );
 | 
	
	
		
			
				|  | @@ -195,17 +192,16 @@ function addressfield_tokens_field_formatter_view($entity_type, $entity, $field,
 | 
	
		
			
				|  |  |        
 | 
	
		
			
				|  |  |      case 'addressfield_components':
 | 
	
		
			
				|  |  |        $theme = array('addressfield_formatter__components', 'addressfield_formatter');
 | 
	
		
			
				|  |  | -      if (!empty($item['country'])) {
 | 
	
		
			
				|  |  | -        array_unshift($theme, 'addressfield_formatter__components__' . $item['country']);
 | 
	
		
			
				|  |  | -      }
 | 
	
		
			
				|  |  | -      
 | 
	
		
			
				|  |  |        $settings = $display['settings'];
 | 
	
		
			
				|  |  |        foreach ($items as $delta => $item) {
 | 
	
		
			
				|  |  | +        if (!empty($item['country'])) {
 | 
	
		
			
				|  |  | +          array_unshift($theme, 'addressfield_formatter__components__' . $item['country']);
 | 
	
		
			
				|  |  | +        }      
 | 
	
		
			
				|  |  |          $element[$delta] = array(
 | 
	
		
			
				|  |  |            '#theme' => $theme,
 | 
	
		
			
				|  |  | -          '#address' => $item,
 | 
	
		
			
				|  |  | +          '#address' => array_map('filter_xss', $item),
 | 
	
		
			
				|  |  |            '#components' => $settings['components'],
 | 
	
		
			
				|  |  | -          '#separator' => $settings['separator'],
 | 
	
		
			
				|  |  | +          '#separator' => filter_xss($settings['separator']),
 | 
	
		
			
				|  |  |          );
 | 
	
		
			
				|  |  |        }
 | 
	
		
			
				|  |  |        break;
 | 
	
	
		
			
				|  | @@ -227,7 +223,7 @@ function addressfield_tokens_property_names() {
 | 
	
		
			
				|  |  |    $names = variable_get('addressfield_tokens_property_names', array());
 | 
	
		
			
				|  |  |    if (empty($names)) {
 | 
	
		
			
				|  |  |      $props = addressfield_data_property_info();
 | 
	
		
			
				|  |  | -    foreach($props as $name => $prop) {
 | 
	
		
			
				|  |  | +    foreach ($props as $name => $prop) {
 | 
	
		
			
				|  |  |        $names[$name] = $prop['label'];
 | 
	
		
			
				|  |  |      }
 | 
	
		
			
				|  |  |    }
 | 
	
	
		
			
				|  | @@ -277,24 +273,26 @@ function _addressfield_tokens_country($country) {
 | 
	
		
			
				|  |  |    // Country abbreviations will always be two uppercase letters. 
 | 
	
		
			
				|  |  |    $country = drupal_strtoupper($country);
 | 
	
		
			
				|  |  |    if (!empty($country) && isset($countries[$country])) {
 | 
	
		
			
				|  |  | -    return $countries[$country];
 | 
	
		
			
				|  |  | +    return check_plain($countries[$country]);
 | 
	
		
			
				|  |  |    }
 | 
	
		
			
				|  |  | -  return $country;
 | 
	
		
			
				|  |  | +  return check_plain($country);
 | 
	
		
			
				|  |  |  }
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  /**
 | 
	
		
			
				|  |  |   * Gets the abbreviation of the country with the given name
 | 
	
		
			
				|  |  |   * 
 | 
	
		
			
				|  |  | - * @param string The name of the country
 | 
	
		
			
				|  |  | - * @return string $country The 2-letter abbreviation of the country, or FALSE.
 | 
	
		
			
				|  |  | + * @param string
 | 
	
		
			
				|  |  | + *   The name of the country.
 | 
	
		
			
				|  |  | + * @return string $country
 | 
	
		
			
				|  |  | + *   The 2-letter abbreviation of the country, or FALSE.
 | 
	
		
			
				|  |  |   */
 | 
	
		
			
				|  |  |  function _addressfield_tokens_country_abbr($country) {
 | 
	
		
			
				|  |  |    $countries = array_flip(array_map('strtolower', _addressfield_tokens_countries()));
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |    if (isset($countries[strtolower($country)])) {
 | 
	
		
			
				|  |  | -    return $countries[strtolower($country)];
 | 
	
		
			
				|  |  | +    return check_plain($countries[strtolower($country)]);
 | 
	
		
			
				|  |  |    }
 | 
	
		
			
				|  |  | -  return $country;
 | 
	
		
			
				|  |  | +  return check_plain($country);
 | 
	
		
			
				|  |  |  }
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  /**
 | 
	
	
		
			
				|  | @@ -341,20 +339,20 @@ function _addressfield_tokens_state($country, $state) {
 | 
	
		
			
				|  |  |    // State abbreviations will usually be two uppercase letters. 
 | 
	
		
			
				|  |  |    $state = drupal_strtoupper($state);
 | 
	
		
			
				|  |  |    if (!empty($state) && !empty($states[$state])) {
 | 
	
		
			
				|  |  | -    return $states[$state];
 | 
	
		
			
				|  |  | +    return check_plain($states[$state]);
 | 
	
		
			
				|  |  |    }
 | 
	
		
			
				|  |  | -  return $state;
 | 
	
		
			
				|  |  | +  return check_plain($state);
 | 
	
		
			
				|  |  |  }
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  /** 
 | 
	
		
			
				|  |  |   * Implements hook_webform_component_info(). 
 | 
	
		
			
				|  |  |   */
 | 
	
		
			
				|  |  |  function addressfield_tokens_webform_component_info() {
 | 
	
		
			
				|  |  | -  $components = array ();
 | 
	
		
			
				|  |  | -  $components['addressfield'] = array (
 | 
	
		
			
				|  |  | +  $components = array();
 | 
	
		
			
				|  |  | +  $components['addressfield'] = array(
 | 
	
		
			
				|  |  |      'label'       => t('Address'),
 | 
	
		
			
				|  |  |      'description' => t('Address field.'),
 | 
	
		
			
				|  |  | -    'features'    => array (
 | 
	
		
			
				|  |  | +    'features'    => array(
 | 
	
		
			
				|  |  |        // Add content to CSV downloads. Defaults to TRUE.
 | 
	
		
			
				|  |  |        'csv'           => TRUE,
 | 
	
		
			
				|  |  |        // Show this component in e-mailed submissions. Defaults to TRUE.
 |