WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Pass link name and description through htmlspecialchars(). 

git-svn-id: http://svn.automattic.com/wordpress/trunk@1053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
rboren 2004-04-04 23:25:55 +00:00
parent 3402b5aa08
commit edf0fb5f39
1 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
wp-includes/links.php
View File

@ -180,36 +180,41 @@ function get_links($category = -1, $before = '', $after = '<br />',
$rel = " rel='$rel'";
}
$desc = htmlspecialchars(stripslashes($row->link_description), ENT_QUOTES);
$name = htmlspecialchars(stripslashes($row->link_name), ENT_QUOTES);
$title = $desc;
if ($show_updated) {
if (substr($row->link_updated_f,0,2) != '00') {
$desc .= ' (Last updated ' . date(get_settings('links_updated_date_format'), $row->link_updated_f + (get_settings('time_difference') * 3600)) .')';
$title .= ' (Last updated ' . date(get_settings('links_updated_date_format'), $row->link_updated_f + (get_settings('time_difference') * 3600)) .')';
}
}
if ('' != $desc) {
$desc = " title='$desc'";
if ('' != $title) {
$title = " title='$title'";
}
$alt = " alt='$name'";
$target = $row->link_target;
if ('' != $target) {
$target = " target='$target'";
}
echo("<a href='$the_link'");
echo($rel . $desc . $target);
echo($rel . $title . $target);
echo('>');
if (($row->link_image != null) && $show_images) {
echo("<img src=\"$row->link_image\" border=\"0\" alt=\"" .
stripslashes($row->link_name) . "\" title=\"" .
stripslashes($row->link_description) . "\" />");
echo("<img src=\"$row->link_image\" border=\"0\"" . $alt . $title . "/>");
} else {
echo(stripslashes($row->link_name));
echo($name);
}
echo('</a>');
if ($show_updated && $row->recently_updated) {
echo get_settings('links_recently_updated_append');
}
if ($show_description && ($row->link_description != '')) {
echo($between.stripslashes($row->link_description));
if ($show_description && ($desc != '')) {
echo($between.$desc);
}
// now do the rating