diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-02-01 07:06:14 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-02-01 07:06:14 +0000 |
| commit | 9a887f86263c5c4820a8b791c3d8164ee0df6156 (patch) | |
| tree | c7f3315d92d6789b5be4210a6f405f41f8017e92 /includes | |
| parent | 8b57f3bf132185436003df88e34fed0c37ce23c1 (diff) | |
| download | brdo-9a887f86263c5c4820a8b791c3d8164ee0df6156.tar.gz brdo-9a887f86263c5c4820a8b791c3d8164ee0df6156.tar.bz2 | |
#698992 by Damien Tournoud: Small comment clarification to check_plain() in l().
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/common.inc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/includes/common.inc b/includes/common.inc index ebbadc125..bb0e8ffe2 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -2736,6 +2736,8 @@ function l($text, $path, array $options = array()) { if ($use_theme) { return theme('link', array('text' => $text, 'path' => $path, 'options' => $options)); } + // The result of url() is a plain-text URL. Because we are using it here + // in an HTML argument context, we need to encode it properly. return '<a href="' . check_plain(url($path, $options)) . '"' . drupal_attributes($options['attributes']) . '>' . ($options['html'] ? $text : check_plain($text)) . '</a>'; } |