diff options
| author | Dries Buytaert <dries@buytaert.net> | 2006-10-18 18:00:40 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2006-10-18 18:00:40 +0000 |
| commit | 8306444494c9fd69dc3df04904fe9a2b1f56e39f (patch) | |
| tree | 2dcbdf42d7b4e22b733d789d4593fa83b810deee /includes | |
| parent | 04db6f2c41d3a52bd9944a65e20e088f1741983b (diff) | |
| download | brdo-8306444494c9fd69dc3df04904fe9a2b1f56e39f.tar.gz brdo-8306444494c9fd69dc3df04904fe9a2b1f56e39f.tar.bz2 | |
- Patch #78399 by Eaton and chx: don't allow HTML in the title.
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/theme.inc | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/includes/theme.inc b/includes/theme.inc index 65be70305..043e4e2bd 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -530,12 +530,18 @@ function theme_links($links, $attributes = array('class' => 'links')) { $extra_class = ($i == 1) ? 'first ' : (($i == $num_links) ? 'last ' : ''); $output .= '<li class="'. $extra_class . $class .'">'; + // Is the title HTML? + $html = isset($link['html']) && $link['html']; + if ($link['href']) { - $output .= l($link['title'], $link['href'], $link['attributes'], $link['query'], $link['fragment']); + $output .= l($link['title'], $link['href'], $link['attributes'], $link['query'], $link['fragment'], FALSE, $html); } else if ($link['title']) { //Some links are actually not links, but we wrap these in <span> for adding title and class attributes - $output .= '<span'. drupal_attributes($link['attributes']) .'>'. check_plain($link['title']) .'</span>'; + if (!$html) { + $link['title'] = check_plain($link['title']); + } + $output .= '<span'. drupal_attributes($link['attributes']) .'>'. $link['title'] .'</span>'; } $i++; |