From 9a887f86263c5c4820a8b791c3d8164ee0df6156 Mon Sep 17 00:00:00 2001
From: Angie Byron <webchick@24967.no-reply.drupal.org>
Date: Mon, 1 Feb 2010 07:06:14 +0000
Subject: #698992 by Damien Tournoud: Small comment clarification to
 check_plain() in l().

---
 includes/common.inc | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'includes')

diff --git a/includes/common.inc b/includes/common.inc
index ebbadc125..bb0e8ffe2 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -2736,6 +2736,8 @@ function l($text, $path, array $options = array()) {
   if ($use_theme) {
     return theme('link', array('text' => $text, 'path' => $path, 'options' => $options));
   }
+  // The result of url() is a plain-text URL. Because we are using it here
+  // in an HTML argument context, we need to encode it properly.
   return '<a href="' . check_plain(url($path, $options)) . '"' . drupal_attributes($options['attributes']) . '>' . ($options['html'] ? $text : check_plain($text)) . '</a>';
 }
 
-- 
cgit v1.2.3