diff options
| author | Dries Buytaert <dries@buytaert.net> | 2006-10-18 18:00:40 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2006-10-18 18:00:40 +0000 |
| commit | 8306444494c9fd69dc3df04904fe9a2b1f56e39f (patch) | |
| tree | 2dcbdf42d7b4e22b733d789d4593fa83b810deee | |
| parent | 04db6f2c41d3a52bd9944a65e20e088f1741983b (diff) | |
| download | brdo-8306444494c9fd69dc3df04904fe9a2b1f56e39f.tar.gz brdo-8306444494c9fd69dc3df04904fe9a2b1f56e39f.tar.bz2 | |
- Patch #78399 by Eaton and chx: don't allow HTML in the title.
| -rw-r--r-- | includes/theme.inc | 10 | ||||
| -rw-r--r-- | modules/comment/comment.module | 9 |
2 files changed, 14 insertions, 5 deletions
diff --git a/includes/theme.inc b/includes/theme.inc index 65be70305..043e4e2bd 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -530,12 +530,18 @@ function theme_links($links, $attributes = array('class' => 'links')) { $extra_class = ($i == 1) ? 'first ' : (($i == $num_links) ? 'last ' : ''); $output .= '<li class="'. $extra_class . $class .'">'; + // Is the title HTML? + $html = isset($link['html']) && $link['html']; + if ($link['href']) { - $output .= l($link['title'], $link['href'], $link['attributes'], $link['query'], $link['fragment']); + $output .= l($link['title'], $link['href'], $link['attributes'], $link['query'], $link['fragment'], FALSE, $html); } else if ($link['title']) { //Some links are actually not links, but we wrap these in <span> for adding title and class attributes - $output .= '<span'. drupal_attributes($link['attributes']) .'>'. check_plain($link['title']) .'</span>'; + if (!$html) { + $link['title'] = check_plain($link['title']); + } + $output .= '<span'. drupal_attributes($link['attributes']) .'>'. $link['title'] .'</span>'; } $i++; diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 95570f67f..d2f85e895 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -230,7 +230,7 @@ function comment_link($type, $node = NULL, $teaser = FALSE) { ); } else { - $links['comment_forbidden']['#title'] = theme('comment_post_forbidden', $node->nid); + $links['comment_forbidden']['title'] = theme('comment_post_forbidden', $node->nid); } } } @@ -252,7 +252,7 @@ function comment_link($type, $node = NULL, $teaser = FALSE) { } } else { - $links['comment_forbidden']['#title'] = theme('comment_post_forbidden', $node->nid); + $links['comment_forbidden']['title'] = theme('comment_post_forbidden', $node->nid); } } } @@ -261,6 +261,9 @@ function comment_link($type, $node = NULL, $teaser = FALSE) { if ($type == 'comment') { $links = comment_links($node, $teaser); } + if (isset($links['comment_forbidden'])) { + $links['comment_forbidden']['html'] = TRUE; + } return $links; } @@ -735,7 +738,7 @@ function comment_links($comment, $return = 1) { ); } else { - $links['comment_forbidden']['#title'] = theme('comment_post_forbidden', $comment->nid); + $links['comment_forbidden']['title'] = theme('comment_post_forbidden', $comment->nid); } } |