Pass link name and description through htmlspecialchars().

git-svn-id: http://svn.automattic.com/wordpress/trunk@1053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
rboren 2004-04-04 23:25:55 +00:00
parent 3402b5aa08
commit edf0fb5f39
1 changed files with 15 additions and 10 deletions

View File

@ -180,36 +180,41 @@ function get_links($category = -1, $before = '', $after = '<br />',
$rel = " rel='$rel'"; $rel = " rel='$rel'";
} }
$desc = htmlspecialchars(stripslashes($row->link_description), ENT_QUOTES); $desc = htmlspecialchars(stripslashes($row->link_description), ENT_QUOTES);
$name = htmlspecialchars(stripslashes($row->link_name), ENT_QUOTES);
$title = $desc;
if ($show_updated) { if ($show_updated) {
if (substr($row->link_updated_f,0,2) != '00') { if (substr($row->link_updated_f,0,2) != '00') {
$desc .= ' (Last updated ' . date(get_settings('links_updated_date_format'), $row->link_updated_f + (get_settings('time_difference') * 3600)) .')'; $title .= ' (Last updated ' . date(get_settings('links_updated_date_format'), $row->link_updated_f + (get_settings('time_difference') * 3600)) .')';
} }
} }
if ('' != $desc) {
$desc = " title='$desc'"; if ('' != $title) {
$title = " title='$title'";
} }
$alt = " alt='$name'";
$target = $row->link_target; $target = $row->link_target;
if ('' != $target) { if ('' != $target) {
$target = " target='$target'"; $target = " target='$target'";
} }
echo("<a href='$the_link'"); echo("<a href='$the_link'");
echo($rel . $desc . $target); echo($rel . $title . $target);
echo('>'); echo('>');
if (($row->link_image != null) && $show_images) { if (($row->link_image != null) && $show_images) {
echo("<img src=\"$row->link_image\" border=\"0\" alt=\"" . echo("<img src=\"$row->link_image\" border=\"0\"" . $alt . $title . "/>");
stripslashes($row->link_name) . "\" title=\"" .
stripslashes($row->link_description) . "\" />");
} else { } else {
echo(stripslashes($row->link_name)); echo($name);
} }
echo('</a>'); echo('</a>');
if ($show_updated && $row->recently_updated) { if ($show_updated && $row->recently_updated) {
echo get_settings('links_recently_updated_append'); echo get_settings('links_recently_updated_append');
} }
if ($show_description && ($row->link_description != '')) { if ($show_description && ($desc != '')) {
echo($between.stripslashes($row->link_description)); echo($between.$desc);
} }
// now do the rating // now do the rating