diff options
Diffstat (limited to 'modules/poll.module')
| -rw-r--r-- | modules/poll.module | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/poll.module b/modules/poll.module index f799bf5e1..a95b13115 100644 --- a/modules/poll.module +++ b/modules/poll.module @@ -178,7 +178,7 @@ function poll_link($type, $node = 0, $main) { // Disable $url = eregi_replace("pollresults\[$node->nid\]=1", "pollresults[$node->nid]=0", request_uri()); - $links[] = "<a href=\"$url\">". t("voting form") . "</a>"; + $links[] = "<a href=\"". htmlentities($url) ."\">". t("voting form") . "</a>"; } else { // Enable @@ -189,7 +189,7 @@ function poll_link($type, $node = 0, $main) { $url = request_uri() . (strstr(request_uri(), "?") ? "&" : "?") ."pollresults[$node->nid]=1"; } - $links[] = "<a href=\"$url\">". t("view results") . "</a>"; + $links[] = "<a href=\"". htmlentities($url) ."\">". t("view results") . "</a>"; } } } @@ -258,7 +258,7 @@ function poll_view_voting(&$node, $main, $block, $links) { $url = request_uri(); - $output .= "<div class=\"poll\"><form action=\"$url\" method=\"post\">"; + $output .= "<div class=\"poll\"><form action=\"". htmlentities($url) ."\" method=\"post\">"; $output .= "<div class=\"vote-form\">"; $output .= "<div class=\"choices\">"; |