From 1a0705d63257095ba3a9bcd46ee92d59209f70e8 Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Sun, 4 Apr 2004 23:25:55 +0000 Subject: [PATCH] Pass link name and description through htmlspecialchars(). git-svn-id: https://develop.svn.wordpress.org/trunk@1053 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-includes/links.php | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/wp-includes/links.php b/wp-includes/links.php index 4f96044149..f6ce5170b5 100644 --- a/wp-includes/links.php +++ b/wp-includes/links.php @@ -180,36 +180,41 @@ function get_links($category = -1, $before = '', $after = '
', $rel = " rel='$rel'"; } $desc = htmlspecialchars(stripslashes($row->link_description), ENT_QUOTES); + $name = htmlspecialchars(stripslashes($row->link_name), ENT_QUOTES); + + $title = $desc; + if ($show_updated) { if (substr($row->link_updated_f,0,2) != '00') { - $desc .= ' (Last updated ' . date(get_settings('links_updated_date_format'), $row->link_updated_f + (get_settings('time_difference') * 3600)) .')'; + $title .= ' (Last updated ' . date(get_settings('links_updated_date_format'), $row->link_updated_f + (get_settings('time_difference') * 3600)) .')'; } } - if ('' != $desc) { - $desc = " title='$desc'"; + + if ('' != $title) { + $title = " title='$title'"; } + $alt = " alt='$name'"; + $target = $row->link_target; if ('' != $target) { $target = " target='$target'"; } echo("'); if (($row->link_image != null) && $show_images) { - echo("link_image\" border=\"0\" alt=\"" . - stripslashes($row->link_name) . "\" title=\"" . - stripslashes($row->link_description) . "\" />"); + echo("link_image\" border=\"0\"" . $alt . $title . "/>"); } else { - echo(stripslashes($row->link_name)); + echo($name); } echo(''); if ($show_updated && $row->recently_updated) { echo get_settings('links_recently_updated_append'); } - if ($show_description && ($row->link_description != '')) { - echo($between.stripslashes($row->link_description)); + if ($show_description && ($desc != '')) { + echo($between.$desc); } // now do the rating