diff options
| author | Cash Costello <cash.costello@gmail.com> | 2011-10-08 08:22:08 -0400 |
|---|---|---|
| committer | Cash Costello <cash.costello@gmail.com> | 2011-10-08 08:22:08 -0400 |
| commit | d5f0d44d4ddf33db2248ef0bdd44633d57c31683 (patch) | |
| tree | f7e66db7616f844ea798bcd7357d633b691cbbec | |
| parent | 996a185c557357ccd3f5c257d17699eb874e1898 (diff) | |
| download | elgg-d5f0d44d4ddf33db2248ef0bdd44633d57c31683.tar.gz elgg-d5f0d44d4ddf33db2248ef0bdd44633d57c31683.tar.bz2 | |
Fixes #3411 output/url now has a is_trusted parameter - defaults to false
64 files changed, 157 insertions, 41 deletions
diff --git a/engine/classes/ElggMenuItem.php b/engine/classes/ElggMenuItem.php index b9c81fd78..8ddb1ecd8 100644 --- a/engine/classes/ElggMenuItem.php +++ b/engine/classes/ElggMenuItem.php @@ -549,6 +549,10 @@ class ElggMenuItem { } } + if (!isset($vars['rel']) && !isset($vars['is_trusted'])) { + $vars['is_trusted'] = true; + } + if ($this->confirm) { $vars['confirm'] = $this->confirm; return elgg_view('output/confirmlink', $vars); diff --git a/mod/blog/views/default/blog/group_module.php b/mod/blog/views/default/blog/group_module.php index d769fbd59..028827178 100644 --- a/mod/blog/views/default/blog/group_module.php +++ b/mod/blog/views/default/blog/group_module.php @@ -12,6 +12,7 @@ if ($group->blog_enable == "no") { $all_link = elgg_view('output/url', array( 'href' => "blog/group/$group->guid/all", 'text' => elgg_echo('link:view:all'), + 'is_trusted' => true, )); elgg_push_context('widgets'); @@ -33,6 +34,7 @@ if (!$content) { $new_link = elgg_view('output/url', array( 'href' => "blog/add/$group->guid", 'text' => elgg_echo('blog:write'), + 'is_trusted' => true, )); echo elgg_view('groups/profile/module', array( diff --git a/mod/blog/views/default/blog/sidebar/revisions.php b/mod/blog/views/default/blog/sidebar/revisions.php index c23b3b052..cd2e7f3d8 100644 --- a/mod/blog/views/default/blog/sidebar/revisions.php +++ b/mod/blog/views/default/blog/sidebar/revisions.php @@ -39,7 +39,8 @@ if (elgg_instanceof($blog, 'object', 'blog') && $blog->canEdit()) { if ($blog->status == 'published') { $load = elgg_view('output/url', array( 'href' => $load_base_url, - 'text' => elgg_echo('blog:status:published') + 'text' => elgg_echo('blog:status:published'), + 'is_trusted' => true, )); $time = "<span class='elgg-subtext'>" @@ -59,7 +60,8 @@ if (elgg_instanceof($blog, 'object', 'blog') && $blog->canEdit()) { } $load = elgg_view('output/url', array( 'href' => "$load_base_url/$revision->id", - 'text' => $revision_lang + 'text' => $revision_lang, + 'is_trusted' => true, )); $text = "$load: $time"; diff --git a/mod/blog/views/default/object/blog.php b/mod/blog/views/default/object/blog.php index ba08180b1..ab75bd09b 100644 --- a/mod/blog/views/default/object/blog.php +++ b/mod/blog/views/default/object/blog.php @@ -21,6 +21,7 @@ $owner_icon = elgg_view_entity_icon($owner, 'tiny'); $owner_link = elgg_view('output/url', array( 'href' => "blog/owner/$owner->username", 'text' => $owner->name, + 'is_trusted' => true, )); $author_text = elgg_echo('byline', array($owner_link)); $tags = elgg_view('output/tags', array('tags' => $blog->tags)); @@ -35,6 +36,7 @@ if ($blog->comments_on != 'Off') { $comments_link = elgg_view('output/url', array( 'href' => $blog->getURL() . '#blog-comments', 'text' => $text, + 'is_trusted' => true, )); } else { $comments_link = ''; diff --git a/mod/blog/views/default/widgets/blog/content.php b/mod/blog/views/default/widgets/blog/content.php index 7bbfc3c74..330171662 100644 --- a/mod/blog/views/default/widgets/blog/content.php +++ b/mod/blog/views/default/widgets/blog/content.php @@ -22,6 +22,7 @@ if ($content) { $more_link = elgg_view('output/url', array( 'href' => $blog_url, 'text' => elgg_echo('blog:moreblogs'), + 'is_trusted' => true, )); echo "<span class=\"elgg-widget-more\">$more_link</span>"; } else { diff --git a/mod/bookmarks/views/default/bookmarks/group_module.php b/mod/bookmarks/views/default/bookmarks/group_module.php index 3797de010..60a727819 100644 --- a/mod/bookmarks/views/default/bookmarks/group_module.php +++ b/mod/bookmarks/views/default/bookmarks/group_module.php @@ -14,6 +14,7 @@ if ($group->bookmarks_enable == "no") { $all_link = elgg_view('output/url', array( 'href' => "bookmarks/group/$group->guid/all", 'text' => elgg_echo('link:view:all'), + 'is_trusted' => true, )); elgg_push_context('widgets'); @@ -35,6 +36,7 @@ if (!$content) { $new_link = elgg_view('output/url', array( 'href' => "bookmarks/add/$group->guid", 'text' => elgg_echo('bookmarks:add'), + 'is_trusted' => true, )); echo elgg_view('groups/profile/module', array( diff --git a/mod/bookmarks/views/default/object/bookmarks.php b/mod/bookmarks/views/default/object/bookmarks.php index ca1f5d312..784263232 100644 --- a/mod/bookmarks/views/default/object/bookmarks.php +++ b/mod/bookmarks/views/default/object/bookmarks.php @@ -17,12 +17,13 @@ $owner_icon = elgg_view_entity_icon($owner, 'tiny'); $container = $bookmark->getContainerEntity(); $categories = elgg_view('output/categories', $vars); -$link = filter_tags(elgg_view('output/url', array('href' => $bookmark->address, 'rel' => 'nofollow'))); +$link = elgg_view('output/url', array('href' => $bookmark->address)); $description = elgg_view('output/longtext', array('value' => $bookmark->description, 'class' => 'pbl')); $owner_link = elgg_view('output/url', array( 'href' => "bookmarks/owner/$owner->username", 'text' => $owner->name, + 'is_trusted' => true, )); $author_text = elgg_echo('byline', array($owner_link)); @@ -36,6 +37,7 @@ if ($comments_count != 0) { $comments_link = elgg_view('output/url', array( 'href' => $bookmark->getURL() . '#comments', 'text' => $text, + 'is_trusted' => true, )); } else { $comments_link = ''; @@ -104,11 +106,10 @@ HTML; } } - $link = filter_tags(elgg_view('output/url', array( + $link = elgg_view('output/url', array( 'href' => $bookmark->address, 'text' => $display_text, - 'rel' => 'nofollow', - ))); + )); $content = elgg_view_icon('push-pin-alt') . "$link{$excerpt}"; diff --git a/mod/bookmarks/views/default/widgets/bookmarks/content.php b/mod/bookmarks/views/default/widgets/bookmarks/content.php index ea7816345..0b85017fc 100644 --- a/mod/bookmarks/views/default/widgets/bookmarks/content.php +++ b/mod/bookmarks/views/default/widgets/bookmarks/content.php @@ -24,6 +24,7 @@ if ($content) { $more_link = elgg_view('output/url', array( 'href' => $url, 'text' => elgg_echo('bookmarks:more'), + 'is_trusted' => true, )); echo "<span class=\"elgg-widget-more\">$more_link</span>"; } else { diff --git a/mod/developers/views/default/theme_preview/general.php b/mod/developers/views/default/theme_preview/general.php index 1a0b54c88..35d8ccbfd 100644 --- a/mod/developers/views/default/theme_preview/general.php +++ b/mod/developers/views/default/theme_preview/general.php @@ -17,6 +17,7 @@ 'text' => elgg_echo('theme_preview:breakout'), 'href' => current_page_url(), 'target' => '_parent', + 'is_trusted' => true, )); ?> </p> diff --git a/mod/diagnostics/views/default/admin/develop_utilities/diagnostics.php b/mod/diagnostics/views/default/admin/develop_utilities/diagnostics.php index 76f12b0ae..b41907da2 100644 --- a/mod/diagnostics/views/default/admin/develop_utilities/diagnostics.php +++ b/mod/diagnostics/views/default/admin/develop_utilities/diagnostics.php @@ -18,6 +18,7 @@ if (elgg_get_config('debug')) { 'text' => elgg_echo('diagnostics:test:executeall'), 'href' => 'engine/tests/suite.php', 'class' => 'elgg-button elgg-button-submit', + 'is_trusted' => true, ); $unit_tests .= '<p>' . elgg_view('output/url', $params) . '</p>'; } else { diff --git a/mod/file/views/default/file/group_module.php b/mod/file/views/default/file/group_module.php index c37b13927..ad6c58dbb 100644 --- a/mod/file/views/default/file/group_module.php +++ b/mod/file/views/default/file/group_module.php @@ -12,6 +12,7 @@ if ($group->file_enable == "no") { $all_link = elgg_view('output/url', array( 'href' => "file/group/$group->guid/all", 'text' => elgg_echo('link:view:all'), + 'is_trusted' => true, )); elgg_push_context('widgets'); @@ -33,6 +34,7 @@ if (!$content) { $new_link = elgg_view('output/url', array( 'href' => "file/add/$group->guid", 'text' => elgg_echo('file:add'), + 'is_trusted' => true, )); echo elgg_view('groups/profile/module', array( diff --git a/mod/file/views/default/icon/object/file.php b/mod/file/views/default/icon/object/file.php index 7feba7af3..ff729da94 100644 --- a/mod/file/views/default/icon/object/file.php +++ b/mod/file/views/default/icon/object/file.php @@ -36,6 +36,7 @@ if ($url) { $params = array( 'href' => $url, 'text' => $img, + 'is_trusted' => true, ); if (isset($vars['link_class'])) { $params['class'] = $vars['link_class']; diff --git a/mod/file/views/default/object/file.php b/mod/file/views/default/object/file.php index 95e190d35..fbd585b8a 100644 --- a/mod/file/views/default/object/file.php +++ b/mod/file/views/default/object/file.php @@ -24,6 +24,7 @@ $body = elgg_view('output/longtext', array('value' => $file->description)); $owner_link = elgg_view('output/url', array( 'href' => "file/owner/$owner->username", 'text' => $owner->name, + 'is_trusted' => true, )); $author_text = elgg_echo('byline', array($owner_link)); @@ -39,6 +40,7 @@ if ($comments_count != 0) { $comments_link = elgg_view('output/url', array( 'href' => $file->getURL() . '#file-comments', 'text' => $text, + 'is_trusted' => true, )); } else { $comments_link = ''; diff --git a/mod/file/views/default/widgets/filerepo/content.php b/mod/file/views/default/widgets/filerepo/content.php index 4288b9e56..f3e152de3 100644 --- a/mod/file/views/default/widgets/filerepo/content.php +++ b/mod/file/views/default/widgets/filerepo/content.php @@ -25,6 +25,7 @@ if ($content) { $more_link = elgg_view('output/url', array( 'href' => $url, 'text' => elgg_echo('file:more'), + 'is_trusted' => true, )); echo "<span class=\"elgg-widget-more\">$more_link</span>"; } else { diff --git a/mod/groups/views/default/discussion/group_module.php b/mod/groups/views/default/discussion/group_module.php index 3a46e336e..3c9961f82 100644 --- a/mod/groups/views/default/discussion/group_module.php +++ b/mod/groups/views/default/discussion/group_module.php @@ -15,6 +15,7 @@ $group = $vars['entity']; $all_link = elgg_view('output/url', array( 'href' => "discussion/owner/$group->guid", 'text' => elgg_echo('link:view:all'), + 'is_trusted' => true, )); elgg_push_context('widgets'); @@ -36,6 +37,7 @@ if (!$content) { $new_link = elgg_view('output/url', array( 'href' => "discussion/add/" . $group->getGUID(), 'text' => elgg_echo('groups:addtopic'), + 'is_trusted' => true, )); echo elgg_view('groups/profile/module', array( diff --git a/mod/groups/views/default/groups/invitationrequests.php b/mod/groups/views/default/groups/invitationrequests.php index 9c2df8b9c..e644b6bdc 100644 --- a/mod/groups/views/default/groups/invitationrequests.php +++ b/mod/groups/views/default/groups/invitationrequests.php @@ -15,6 +15,7 @@ if (!empty($vars['invitations']) && is_array($vars['invitations'])) { $group_title = elgg_view('output/url', array( 'href' => $group->getURL(), 'text' => $group->name, + 'is_trusted' => true, )); $url = elgg_add_action_tokens_to_url(elgg_get_site_url()."action/groups/join?user_guid={$user->guid}&group_guid={$group->guid}"); @@ -22,6 +23,7 @@ if (!empty($vars['invitations']) && is_array($vars['invitations'])) { 'href' => $url, 'text' => elgg_echo('accept'), 'class' => 'elgg-button elgg-button-submit', + 'is_trusted' => true, )); $url = "action/groups/killinvitation?user_guid={$user->getGUID()}&group_guid={$group->getGUID()}"; diff --git a/mod/groups/views/default/groups/membershiprequests.php b/mod/groups/views/default/groups/membershiprequests.php index 7f33b83e0..489d6f5e3 100644 --- a/mod/groups/views/default/groups/membershiprequests.php +++ b/mod/groups/views/default/groups/membershiprequests.php @@ -16,6 +16,7 @@ if (!empty($vars['requests']) && is_array($vars['requests'])) { $user_title = elgg_view('output/url', array( 'href' => $user->getURL(), 'text' => $user->name, + 'is_trusted' => true, )); $url = "action/groups/addtogroup?user_guid={$user->guid}&group_guid={$vars['entity']->guid}"; @@ -24,6 +25,7 @@ if (!empty($vars['requests']) && is_array($vars['requests'])) { 'href' => $url, 'text' => elgg_echo('accept'), 'class' => 'elgg-button elgg-button-submit', + 'is_trusted' => true, )); $url = 'action/groups/killrequest?user_guid=' . $user->guid . '&group_guid=' . $vars['entity']->guid; diff --git a/mod/groups/views/default/groups/profile/activity_module.php b/mod/groups/views/default/groups/profile/activity_module.php index 5e557b443..832ff4a4b 100644 --- a/mod/groups/views/default/groups/profile/activity_module.php +++ b/mod/groups/views/default/groups/profile/activity_module.php @@ -19,6 +19,7 @@ if (!$group) { $all_link = elgg_view('output/url', array( 'href' => "groups/activity/$group->guid", 'text' => elgg_echo('link:view:all'), + 'is_trusted' => true, )); diff --git a/mod/groups/views/default/groups/profile/summary.php b/mod/groups/views/default/groups/profile/summary.php index b7ae51070..54abcb1e5 100644 --- a/mod/groups/views/default/groups/profile/summary.php +++ b/mod/groups/views/default/groups/profile/summary.php @@ -28,6 +28,7 @@ $owner = $group->getOwnerEntity(); echo elgg_view('output/url', array( 'text' => $owner->name, 'value' => $owner->getURL(), + 'is_trusted' => true, )); ?> </p> diff --git a/mod/groups/views/default/groups/sidebar/members.php b/mod/groups/views/default/groups/sidebar/members.php index 7249ffbf4..49f14697c 100644 --- a/mod/groups/views/default/groups/sidebar/members.php +++ b/mod/groups/views/default/groups/sidebar/members.php @@ -13,6 +13,7 @@ $limit = elgg_extract('limit', $vars, 10); $all_link = elgg_view('output/url', array( 'href' => 'groups/members/' . $vars['entity']->guid, 'text' => elgg_echo('groups:members:more'), + 'is_trusted' => true, )); $body = elgg_list_entities_from_relationship(array( diff --git a/mod/groups/views/default/object/groupforumtopic.php b/mod/groups/views/default/object/groupforumtopic.php index 22589b84d..f3d5f96d5 100644 --- a/mod/groups/views/default/object/groupforumtopic.php +++ b/mod/groups/views/default/object/groupforumtopic.php @@ -20,6 +20,7 @@ $poster_icon = elgg_view_entity_icon($poster, 'tiny'); $poster_link = elgg_view('output/url', array( 'href' => $poster->getURL(), 'text' => $poster->name, + 'is_trusted' => true, )); $poster_text = elgg_echo('groups:started', array($poster->name)); @@ -42,6 +43,7 @@ if ($num_replies != 0) { $replies_link = elgg_view('output/url', array( 'href' => $topic->getURL() . '#group-replies', 'text' => elgg_echo('group:replies') . " ($num_replies)", + 'is_trusted' => true, )); } diff --git a/mod/groups/views/default/widgets/a_users_groups/content.php b/mod/groups/views/default/widgets/a_users_groups/content.php index 114fd7565..fe1a46e39 100644 --- a/mod/groups/views/default/widgets/a_users_groups/content.php +++ b/mod/groups/views/default/widgets/a_users_groups/content.php @@ -25,6 +25,7 @@ if ($content) { $more_link = elgg_view('output/url', array( 'href' => $url, 'text' => elgg_echo('groups:more'), + 'is_trusted' => true, )); echo "<span class=\"elgg-widget-more\">$more_link</span>"; } else { diff --git a/mod/likes/views/default/annotation/likes.php b/mod/likes/views/default/annotation/likes.php index 2dd01b6cd..314d0790d 100644 --- a/mod/likes/views/default/annotation/likes.php +++ b/mod/likes/views/default/annotation/likes.php @@ -20,6 +20,7 @@ $user_icon = elgg_view_entity_icon($user, 'tiny'); $user_link = elgg_view('output/url', array( 'href' => $user->getURL(), 'text' => $user->name, + 'is_trusted' => true, )); $likes_string = elgg_echo('likes:this'); diff --git a/mod/likes/views/default/likes/button.php b/mod/likes/views/default/likes/button.php index 383e1bb63..3f2f073cc 100644 --- a/mod/likes/views/default/likes/button.php +++ b/mod/likes/views/default/likes/button.php @@ -20,6 +20,7 @@ if (elgg_is_logged_in() && $vars['entity']->canAnnotate(0, 'likes')) { 'text' => elgg_view_icon('thumbs-up'), 'title' => elgg_echo('likes:likethis'), 'is_action' => true, + 'is_trusted' => true, ); $likes_button = elgg_view('output/url', $params); } else { @@ -34,6 +35,7 @@ if (elgg_is_logged_in() && $vars['entity']->canAnnotate(0, 'likes')) { 'text' => elgg_view_icon('thumbs-up-alt'), 'title' => elgg_echo('likes:remove'), 'is_action' => true, + 'is_trusted' => true, ); $likes_button = elgg_view('output/url', $params); } diff --git a/mod/logbrowser/views/default/logbrowser/table.php b/mod/logbrowser/views/default/logbrowser/table.php index 86c8a1423..b7f6a1f20 100644 --- a/mod/logbrowser/views/default/logbrowser/table.php +++ b/mod/logbrowser/views/default/logbrowser/table.php @@ -24,11 +24,13 @@ $log_entries = $vars['log_entries']; if ($user) { $user_link = elgg_view('output/url', array( 'href' => $user->getURL(), - 'text' => $user->name + 'text' => $user->name, + 'is_trusted' => true, )); $user_guid_link = elgg_view('output/url', array( 'href' => "admin/overview/logbrowser?user_guid=$user->guid", - 'text' => $user->getGUID() + 'text' => $user->getGUID(), + 'is_trusted' => true, )); } else { $user_guid_link = $user_link = ' '; @@ -38,7 +40,8 @@ $log_entries = $vars['log_entries']; if (is_callable(array($object, 'getURL'))) { $object_link = elgg_view('output/url', array( 'href' => $object->getURL(), - 'text' => $entry->object_class + 'text' => $entry->object_class, + 'is_trusted' => true, )); } else { $object_link = $entry->object_class; diff --git a/mod/messageboard/views/default/widgets/messageboard/content.php b/mod/messageboard/views/default/widgets/messageboard/content.php index 63f389e6a..35954e7a3 100644 --- a/mod/messageboard/views/default/widgets/messageboard/content.php +++ b/mod/messageboard/views/default/widgets/messageboard/content.php @@ -31,4 +31,5 @@ if ($owner instanceof ElggGroup) { echo elgg_view('output/url', array( 'href' => $url, 'text' => elgg_echo('messageboard:viewall'), + 'is_trusted' => true, ));
\ No newline at end of file diff --git a/mod/messages/views/default/object/messages.php b/mod/messages/views/default/object/messages.php index b6f9ed6d5..8c840dd57 100644 --- a/mod/messages/views/default/object/messages.php +++ b/mod/messages/views/default/object/messages.php @@ -24,6 +24,7 @@ if ($message->toId == elgg_get_page_owner_guid()) { $user_link = elgg_view('output/url', array( 'href' => "messages/compose?send_to=$user->guid", 'text' => $user->name, + 'is_trusted' => true, )); } else { $icon = ''; @@ -45,6 +46,7 @@ if ($message->toId == elgg_get_page_owner_guid()) { $user_link = elgg_view('output/url', array( 'href' => "messages/compose?send_to=$user->guid", 'text' => elgg_echo('messages:to_user', array($user->name)), + 'is_trusted' => true, )); } else { $icon = ''; @@ -63,6 +65,7 @@ if (!$full) { $subject_info .= elgg_view('output/url', array( 'href' => $message->getURL(), 'text' => $message->title, + 'is_trusted' => true, )); $delete_link = elgg_view("output/confirmlink", array( diff --git a/mod/pages/views/default/annotation/page.php b/mod/pages/views/default/annotation/page.php index f7a7a78a1..a621b9281 100644 --- a/mod/pages/views/default/annotation/page.php +++ b/mod/pages/views/default/annotation/page.php @@ -21,6 +21,7 @@ if (!$owner) { $owner_link = elgg_view('output/url', array( 'href' => $owner->getURL(), 'text' => $owner->name, + 'is_trusted' => true, )); $date = elgg_view_friendly_time($annotation->time_created); @@ -28,6 +29,7 @@ $date = elgg_view_friendly_time($annotation->time_created); $title_link = elgg_view('output/url', array( 'href' => $annotation->getURL(), 'text' => $page->title, + 'is_trusted' => true, )); $subtitle = elgg_echo('pages:revision:subtitle', array($date, $owner_link)); diff --git a/mod/pages/views/default/object/page_top.php b/mod/pages/views/default/object/page_top.php index 8ba9fc298..0f7b51a0e 100644 --- a/mod/pages/views/default/object/page_top.php +++ b/mod/pages/views/default/object/page_top.php @@ -40,6 +40,7 @@ $editor = get_entity($annotation->owner_guid); $editor_link = elgg_view('output/url', array( 'href' => "pages/owner/$editor->username", 'text' => $editor->name, + 'is_trusted' => true, )); $date = elgg_view_friendly_time($annotation->time_created); @@ -53,6 +54,7 @@ if ($comments_count != 0 && !$revision) { $comments_link = elgg_view('output/url', array( 'href' => $page->getURL() . '#page-comments', 'text' => $text, + 'is_trusted' => true, )); } else { $comments_link = ''; diff --git a/mod/pages/views/default/pages/group_module.php b/mod/pages/views/default/pages/group_module.php index 7e2656ca3..0d7df96ac 100644 --- a/mod/pages/views/default/pages/group_module.php +++ b/mod/pages/views/default/pages/group_module.php @@ -15,6 +15,7 @@ if ($group->pages_enable == "no") { $all_link = elgg_view('output/url', array( 'href' => "pages/group/$group->guid/all", 'text' => elgg_echo('link:view:all'), + 'is_trusted' => true, )); @@ -37,6 +38,7 @@ if (!$content) { $new_link = elgg_view('output/url', array( 'href' => "pages/add/$group->guid", 'text' => elgg_echo('pages:add'), + 'is_trusted' => true, )); echo elgg_view('groups/profile/module', array( diff --git a/mod/pages/views/default/widgets/pages/content.php b/mod/pages/views/default/widgets/pages/content.php index 3ae0b8454..f63777c09 100644 --- a/mod/pages/views/default/widgets/pages/content.php +++ b/mod/pages/views/default/widgets/pages/content.php @@ -24,6 +24,7 @@ if ($content) { $more_link = elgg_view('output/url', array( 'href' => $url, 'text' => elgg_echo('pages:more'), + 'is_trusted' => true, )); echo "<span class=\"elgg-widget-more\">$more_link</span>"; } else { diff --git a/mod/reportedcontent/views/default/object/reported_content.php b/mod/reportedcontent/views/default/object/reported_content.php index 6bcbf6e5d..0e733e154 100644 --- a/mod/reportedcontent/views/default/object/reported_content.php +++ b/mod/reportedcontent/views/default/object/reported_content.php @@ -29,6 +29,7 @@ if ($report->state == 'archived') { 'href' => $archive_url, 'text' => elgg_echo('reportedcontent:archive'), 'is_action' => true, + 'is_trusted' => true, 'class' => 'elgg-button elgg-button-action', ); echo elgg_view('output/url', $params); @@ -37,6 +38,7 @@ if ($report->state == 'archived') { 'href' => $delete_url, 'text' => elgg_echo('reportedcontent:delete'), 'is_action' => true, + 'is_trusted' => true, 'class' => 'elgg-button elgg-button-action', ); echo elgg_view('output/url', $params); @@ -46,7 +48,8 @@ if ($report->state == 'archived') { <b><?php echo elgg_echo('reportedcontent:by'); ?>:</b> <?php echo elgg_view('output/url', array( 'href' => $reporter->getURL(), - 'text' => $reporter->name + 'text' => $reporter->name, + 'is_trusted' => true, )); ?>, <?php echo elgg_view_friendly_time($report->time_created); ?> @@ -68,7 +71,8 @@ if ($report->state == 'archived') { <b><?php echo elgg_echo('reportedcontent:objecturl'); ?>:</b> <?php echo elgg_view('output/url', array( 'href' => $report->address, - 'text' => elgg_echo('reportedcontent:visit') + 'text' => elgg_echo('reportedcontent:visit'), + 'is_trusted' => true, )); ?> </p> diff --git a/mod/thewire/views/default/object/thewire.php b/mod/thewire/views/default/object/thewire.php index 2727df60d..134c87243 100644 --- a/mod/thewire/views/default/object/thewire.php +++ b/mod/thewire/views/default/object/thewire.php @@ -26,6 +26,7 @@ $owner_icon = elgg_view_entity_icon($owner, 'tiny'); $owner_link = elgg_view('output/url', array( 'href' => "thewire/owner/$owner->username", 'text' => $owner->name, + 'is_trusted' => true, )); $author_text = elgg_echo('byline', array($owner_link)); $date = elgg_view_friendly_time($post->time_created); diff --git a/mod/thewire/views/default/river/object/thewire/create.php b/mod/thewire/views/default/river/object/thewire/create.php index c3c434858..fbf592664 100644 --- a/mod/thewire/views/default/river/object/thewire/create.php +++ b/mod/thewire/views/default/river/object/thewire/create.php @@ -12,12 +12,14 @@ $subject_link = elgg_view('output/url', array( 'href' => $subject->getURL(), 'text' => $subject->name, 'class' => 'elgg-river-subject', + 'is_trusted' => true, )); $object_link = elgg_view('output/url', array( 'href' => "thewire/owner/$subject->username", 'text' => elgg_echo('thewire:wire'), 'class' => 'elgg-river-object', + 'is_trusted' => true, )); $summary = elgg_echo("river:create:object:thewire", array($subject_link, $object_link)); diff --git a/mod/thewire/views/default/thewire/profile_status.php b/mod/thewire/views/default/thewire/profile_status.php index 6ab47bccb..ab20b5341 100644 --- a/mod/thewire/views/default/thewire/profile_status.php +++ b/mod/thewire/views/default/thewire/profile_status.php @@ -28,6 +28,7 @@ if ($latest_wire && count($latest_wire) > 0) { 'text' => elgg_echo('thewire:update'), 'href' => $url_to_wire, 'class' => 'elgg-button elgg-button-action right', + 'is_trusted' => true, )); } diff --git a/mod/thewire/views/default/widgets/thewire/content.php b/mod/thewire/views/default/widgets/thewire/content.php index 835a328b0..7212d4397 100644 --- a/mod/thewire/views/default/widgets/thewire/content.php +++ b/mod/thewire/views/default/widgets/thewire/content.php @@ -22,6 +22,7 @@ if ($content) { $more_link = elgg_view('output/url', array( 'href' => $owner_url, 'text' => elgg_echo('thewire:moreposts'), + 'is_trusted' => true, )); echo "<span class=\"elgg-widget-more\">$more_link</span>"; } else { diff --git a/mod/twitter_api/views/default/forms/twitter_api/interstitial_settings.php b/mod/twitter_api/views/default/forms/twitter_api/interstitial_settings.php index fdeafd46d..2592013c6 100644 --- a/mod/twitter_api/views/default/forms/twitter_api/interstitial_settings.php +++ b/mod/twitter_api/views/default/forms/twitter_api/interstitial_settings.php @@ -58,4 +58,5 @@ echo elgg_view('output/url', array( 'class' => 'right', 'text' => elgg_echo('twitter_api:interstitial:no_thanks'), 'href' => '/', + 'is_trusted' => true, ));
\ No newline at end of file diff --git a/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php b/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php index 2872b7a0c..0e1461058 100644 --- a/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php +++ b/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php @@ -52,27 +52,30 @@ $bulk_actions_checkbox = '<label><input type="checkbox" class="unvalidated-users . elgg_echo('uservalidationbyemail:check_all') . '</label>'; $validate = elgg_view('output/url', array( - 'is_action' => TRUE, - 'js' => 'title="' . elgg_echo('uservalidationbyemail:confirm_validate_checked') . '"', - 'href' => $vars['url'] . "action/uservalidationbyemail/validate/", + 'href' => 'action/uservalidationbyemail/validate/', 'text' => elgg_echo('uservalidationbyemail:admin:validate'), + 'title' => elgg_echo('uservalidationbyemail:confirm_validate_checked'), 'class' => 'unvalidated-users-bulk-post', + 'is_action' => true, + 'is_trusted' => true, )); $resend_email = elgg_view('output/url', array( - 'is_action' => TRUE, - 'js' => 'title="' . elgg_echo('uservalidationbyemail:confirm_resend_validation_checked') . '"', - 'href' => $vars['url'] . "action/uservalidationbyemail/resend_validation/", + 'href' => 'action/uservalidationbyemail/resend_validation/', 'text' => elgg_echo('uservalidationbyemail:admin:resend_validation'), + 'title' => elgg_echo('uservalidationbyemail:confirm_resend_validation_checked'), 'class' => 'unvalidated-users-bulk-post', + 'is_action' => true, + 'is_trusted' => true, )); $delete = elgg_view('output/url', array( - 'is_action' => TRUE, - 'js' => 'title="' . elgg_echo('uservalidationbyemail:confirm_delete_checked') . '"', - 'href' => $vars['url'] . "action/uservalidationbyemail/delete/", + 'href' => 'action/uservalidationbyemail/delete/', 'text' => elgg_echo('uservalidationbyemail:admin:delete'), + 'title' => elgg_echo('uservalidationbyemail:confirm_delete_checked'), 'class' => 'unvalidated-users-bulk-post', + 'is_action' => true, + 'is_trusted' => true, )); $bulk_actions = <<<___END diff --git a/views/default/admin/appearance/default_widgets.php b/views/default/admin/appearance/default_widgets.php index 4416dc8f6..1bf5791ac 100644 --- a/views/default/admin/appearance/default_widgets.php +++ b/views/default/admin/appearance/default_widgets.php @@ -17,6 +17,7 @@ if ($object) { 'text' => elgg_echo('upgrade'), 'href' => 'action/widgets/upgrade', 'is_action' => true, + 'is_trusted' => true, 'class' => 'elgg_button elgg-button-submit', 'title' => 'Upgrade your default widgets to work on Elgg 1.8', )); diff --git a/views/default/admin/appearance/profile_fields/list.php b/views/default/admin/appearance/profile_fields/list.php index 6e79838ea..f4ff1e986 100644 --- a/views/default/admin/appearance/profile_fields/list.php +++ b/views/default/admin/appearance/profile_fields/list.php @@ -39,8 +39,9 @@ foreach ($items as $item) { //$even_odd = ( 'odd' != $even_odd ) ? 'odd' : 'even'; $url = elgg_view('output/url', array( 'href' => "action/profile/fields/delete?id={$item->shortname}", - 'is_action' => TRUE, 'text' => elgg_view_icon('delete-alt'), + 'is_action' => true, + 'is_trusted' => true, )); $type = elgg_echo($item->type); echo <<<HTML diff --git a/views/default/admin/header.php b/views/default/admin/header.php index 3919c017e..331190a88 100644 --- a/views/default/admin/header.php +++ b/views/default/admin/header.php @@ -7,10 +7,12 @@ $admin_title = elgg_get_site_entity()->name . ' ' . elgg_echo('admin'); $view_site = elgg_view('output/url', array( 'href' => elgg_get_site_url(), 'text' => elgg_echo('admin:view_site'), + 'is_trusted' => true, )); $logout = elgg_view('output/url', array( 'href' => 'action/logout', 'text' => elgg_echo('logout'), + 'is_trusted' => true, )); ?> <h1 class="elgg-heading-site"> diff --git a/views/default/icon/default.php b/views/default/icon/default.php index 3abd96b96..533b92c43 100644 --- a/views/default/icon/default.php +++ b/views/default/icon/default.php @@ -39,6 +39,7 @@ if ($url) { echo elgg_view('output/url', array( 'href' => $url, 'text' => $img, + 'is_trusted' => true, )); } else { echo $img; diff --git a/views/default/icon/user/default.php b/views/default/icon/user/default.php index aca03521f..0eb3691bd 100644 --- a/views/default/icon/user/default.php +++ b/views/default/icon/user/default.php @@ -66,6 +66,7 @@ if ($show_menu) { echo elgg_view('output/url', array( 'href' => $user->getURL(), 'text' => $icon, + 'is_trusted' => true, )); ?> </div> diff --git a/views/default/navigation/breadcrumbs.php b/views/default/navigation/breadcrumbs.php index bad73c4b3..88577a8ff 100644 --- a/views/default/navigation/breadcrumbs.php +++ b/views/default/navigation/breadcrumbs.php @@ -30,6 +30,7 @@ if (is_array($breadcrumbs) && count($breadcrumbs) > 0) { $crumb = elgg_view('output/url', array( 'href' => $breadcrumb['link'], 'text' => $breadcrumb['title'], + 'is_trusted' => true, )); } else { $crumb = $breadcrumb['title']; diff --git a/views/default/navigation/menu/user_hover.php b/views/default/navigation/menu/user_hover.php index e32e5ab57..5c89e585c 100644 --- a/views/default/navigation/menu/user_hover.php +++ b/views/default/navigation/menu/user_hover.php @@ -19,6 +19,7 @@ echo '<ul class="elgg-menu elgg-menu-hover">'; $name_link = elgg_view('output/url', array( 'href' => $user->getURL(), 'text' => "<span class=\"elgg-heading-basic\">$user->name</span>@$user->username", + 'is_trusted' => true, )); echo "<li>$name_link</li>"; diff --git a/views/default/navigation/pagination.php b/views/default/navigation/pagination.php index c0cb801dd..4df5cf575 100644 --- a/views/default/navigation/pagination.php +++ b/views/default/navigation/pagination.php @@ -42,10 +42,12 @@ $pages = new stdClass(); $pages->prev = array( 'text' => '« ' . elgg_echo('previous'), 'href' => '', + 'is_trusted' => true, ); $pages->next = array( 'text' => elgg_echo('next') . ' »', 'href' => '', + 'is_trusted' => true, ); $pages->items = array(); diff --git a/views/default/navigation/tabs.php b/views/default/navigation/tabs.php index 0108126ad..e8fde3579 100644 --- a/views/default/navigation/tabs.php +++ b/views/default/navigation/tabs.php @@ -47,7 +47,7 @@ if (isset($vars['tabs']) && is_array($vars['tabs']) && !empty($vars['tabs'])) { $options = array( 'href' => $url, 'title' => $title, - 'text' => $title + 'text' => $title, ); if (isset($info['url_class'])) { @@ -58,6 +58,10 @@ if (isset($vars['tabs']) && is_array($vars['tabs']) && !empty($vars['tabs'])) { $options['id'] = $info['url_id']; } + if (!isset($info['rel']) && !isset($info['is_trusted'])) { + $options['is_trusted'] = true; + } + $link = elgg_view('output/url', $options); echo "<li $class_str $js>$link</li>"; diff --git a/views/default/object/admin_notice.php b/views/default/object/admin_notice.php index 086eddb1f..11524567e 100644 --- a/views/default/object/admin_notice.php +++ b/views/default/object/admin_notice.php @@ -11,7 +11,8 @@ if (isset($vars['entity']) && elgg_instanceof($vars['entity'], 'object', 'admin_ 'href' => "action/admin/delete_admin_notice?guid=$notice->guid", 'text' => '<span class="elgg-icon elgg-icon-delete"></span>', 'is_action' => true, - 'class' => 'elgg-admin-notice' + 'class' => 'elgg-admin-notice', + 'is_trusted' => true, )); echo "<p>$delete$message</p>"; diff --git a/views/default/object/default.php b/views/default/object/default.php index a50f19387..a9c3e15ca 100644 --- a/views/default/object/default.php +++ b/views/default/object/default.php @@ -28,6 +28,7 @@ if ($owner) { $owner_link = elgg_view('output/url', array( 'href' => $owner->getURL(), 'text' => $owner->name, + 'is_trusted' => true, )); } diff --git a/views/default/object/elements/summary.php b/views/default/object/elements/summary.php index 10cf0b148..3ca4de2be 100644 --- a/views/default/object/elements/summary.php +++ b/views/default/object/elements/summary.php @@ -29,6 +29,7 @@ if ($title_link === '') { $params = array( 'text' => $text, 'href' => $entity->getURL(), + 'is_trusted' => true, ); $title_link = elgg_view('output/url', $params); } diff --git a/views/default/object/plugin/advanced.php b/views/default/object/plugin/advanced.php index 1fabaff04..db4e4dbcc 100644 --- a/views/default/object/plugin/advanced.php +++ b/views/default/object/plugin/advanced.php @@ -40,9 +40,10 @@ if ($reordering) { )); $links .= "<li>" . elgg_view('output/url', array( - 'href' => $top_url, - 'text' => elgg_echo('top'), - 'is_action' => true + 'href' => $top_url, + 'text' => elgg_echo('top'), + 'is_action' => true, + 'is_trusted' => true, )) . "</li>"; $up_url = elgg_http_add_url_query_elements($actions_base . 'set_priority', array( @@ -52,9 +53,10 @@ if ($reordering) { )); $links .= "<li>" . elgg_view('output/url', array( - 'href' => $up_url, - 'text' => elgg_echo('up'), - 'is_action' => true + 'href' => $up_url, + 'text' => elgg_echo('up'), + 'is_action' => true, + 'is_trusted' => true, )) . "</li>"; } @@ -67,9 +69,10 @@ if ($reordering) { )); $links .= "<li>" . elgg_view('output/url', array( - 'href' => $down_url, - 'text' => elgg_echo('down'), - 'is_action' => true + 'href' => $down_url, + 'text' => elgg_echo('down'), + 'is_action' => true, + 'is_trusted' => true, )) . "</li>"; $bottom_url = elgg_http_add_url_query_elements($actions_base . 'set_priority', array( @@ -81,7 +84,8 @@ if ($reordering) { $links .= "<li>" . elgg_view('output/url', array( 'href' => $bottom_url, 'text' => elgg_echo('bottom'), - 'is_action' => true + 'is_action' => true, + 'is_trusted' => true, )) . "</li>"; } } else { @@ -93,7 +97,8 @@ if ($reordering) { // always let them deactivate $options = array( - 'is_action' => true + 'is_action' => true, + 'is_trusted' => true, ); if ($active) { $active_class = 'elgg-state-active'; @@ -163,7 +168,8 @@ $author = '<span>' . elgg_echo('admin:plugins:label:author') . '</span>: ' $version = htmlspecialchars($plugin->getManifest()->getVersion()); $website = elgg_view('output/url', array( 'href' => $plugin->getManifest()->getWebsite(), - 'text' => $plugin->getManifest()->getWebsite() + 'text' => $plugin->getManifest()->getWebsite(), + 'is_trusted' => true, )); $copyright = elgg_view('output/text', array('value' => $plugin->getManifest()->getCopyright())); @@ -179,7 +185,8 @@ if ($files) { $url = 'admin_plugin_text_file/' . $plugin->getID() . "/$file"; $link = elgg_view('output/url', array( 'text' => $file, - 'href' => $url + 'href' => $url, + 'is_trusted' => true, )); $docs .= "<li>$link</li>"; diff --git a/views/default/object/plugin/simple.php b/views/default/object/plugin/simple.php index f4cc944f4..4d392e71a 100644 --- a/views/default/object/plugin/simple.php +++ b/views/default/object/plugin/simple.php @@ -49,7 +49,8 @@ foreach ($files as $file => $path) { $url = 'admin_plugin_text_file/' . $plugin->getID() . "/$file"; $link = elgg_view('output/url', array( 'text' => $file, - 'href' => $url + 'href' => $url, + 'is_trusted' => true, )); $plugin_footer .= "<li>$link</li>"; diff --git a/views/default/object/widget/elements/controls.php b/views/default/object/widget/elements/controls.php index abf2154fc..6d06d28bc 100644 --- a/views/default/object/widget/elements/controls.php +++ b/views/default/object/widget/elements/controls.php @@ -24,6 +24,7 @@ if ($widget->canEdit()) { 'title' => elgg_echo('widget:delete', array($widget->getTitle())), 'href' => "action/widgets/delete?guid=$widget->guid", 'is_action' => true, + 'is_trusted' => true, 'class' => 'elgg-widget-delete-button', 'id' => "elgg-widget-delete-button-$widget->guid" ); diff --git a/views/default/output/tag.php b/views/default/output/tag.php index abae9c4b2..3c002a31b 100644 --- a/views/default/output/tag.php +++ b/views/default/output/tag.php @@ -26,5 +26,9 @@ if (isset($vars['value'])) { $type = ""; } $url = elgg_get_site_url() . 'search?q=' . urlencode($vars['value']) . "&search_type=tags{$type}{$subtype}{$object}"; - echo elgg_view('output/url', array('href' => $url, 'text' => $vars['value'], 'rel' => 'tag')); + echo elgg_view('output/url', array( + 'href' => $url, + 'text' => $vars['value'], + 'rel' => 'tag', + )); } diff --git a/views/default/output/url.php b/views/default/output/url.php index 79ab52377..81b02087d 100644 --- a/views/default/output/url.php +++ b/views/default/output/url.php @@ -10,7 +10,7 @@ * @uses string $vars['href'] The unencoded url string * @uses bool $vars['encode_text'] Run $vars['text'] through htmlspecialchars() (false) * @uses bool $vars['is_action'] Is this a link to an action (false) - * + * @uses bool $vars['is_trusted'] Is this link trusted (false) */ $url = elgg_extract('href', $vars, null); @@ -37,11 +37,20 @@ if ($url) { if (elgg_extract('is_action', $vars, false)) { $url = elgg_add_action_tokens_to_url($url, false); - unset($vars['is_action']); + } + + if (!elgg_extract('is_trusted', $vars, false)) { + if (!isset($vars['rel'])) { + $vars['rel'] = 'nofollow'; + $url = strip_tags($url); + } } $vars['href'] = $url; } +unset($vars['is_action']); +unset($vars['is_trusted']); + $attributes = elgg_format_attributes($vars); -echo "<a $attributes>$text</a>";
\ No newline at end of file +echo "<a $attributes>$text</a>"; diff --git a/views/default/page/elements/footer.php b/views/default/page/elements/footer.php index 06fdb84a5..596d17bd3 100644 --- a/views/default/page/elements/footer.php +++ b/views/default/page/elements/footer.php @@ -17,5 +17,6 @@ echo elgg_view('output/url', array( 'href' => 'http://elgg.org', 'text' => "<img src=\"$powered_url\" alt=\"Powered by Elgg\" width=\"106\" height=\"15\" />", 'class' => '', + 'is_trusted' => true, )); echo '</div>'; diff --git a/views/default/page/elements/tagcloud_block.php b/views/default/page/elements/tagcloud_block.php index 8b67c9e37..258951c41 100644 --- a/views/default/page/elements/tagcloud_block.php +++ b/views/default/page/elements/tagcloud_block.php @@ -50,6 +50,7 @@ $cloud .= elgg_view_icon('tag'); $cloud .= elgg_view('output/url', array( 'href' => 'tags', 'text' => elgg_echo('tagcloud:allsitetags'), + 'is_trusted' => true, )); $cloud .= '</p>'; diff --git a/views/default/page/layouts/widgets/add_button.php b/views/default/page/layouts/widgets/add_button.php index 89e83b096..c33a45f99 100644 --- a/views/default/page/layouts/widgets/add_button.php +++ b/views/default/page/layouts/widgets/add_button.php @@ -10,6 +10,7 @@ 'text' => elgg_echo('widgets:add'), 'class' => 'elgg-button elgg-button-action', 'rel' => 'toggle', + 'is_trusted' => true, )); ?> </div> diff --git a/views/default/river/elements/body.php b/views/default/river/elements/body.php index c5a525733..6894b81e2 100644 --- a/views/default/river/elements/body.php +++ b/views/default/river/elements/body.php @@ -27,6 +27,7 @@ if ($summary === false) { 'href' => $subject->getURL(), 'text' => $subject->name, 'class' => 'elgg-river-subject', + 'is_trusted' => true, )); } @@ -52,6 +53,7 @@ if ($container instanceof ElggGroup && $container->guid != elgg_get_page_owner_g $group_link = elgg_view('output/url', array( 'href' => $container->getURL(), 'text' => $container->name, + 'is_trusted' => true, )); $group_string = elgg_echo('river:ingroup', array($group_link)); } diff --git a/views/default/river/elements/responses.php b/views/default/river/elements/responses.php index 8c5be6316..f6c32e142 100644 --- a/views/default/river/elements/responses.php +++ b/views/default/river/elements/responses.php @@ -50,6 +50,7 @@ if ($comments) { $params = array( 'href' => $url, 'text' => elgg_echo('river:comments:more', array($num_more_comments)), + 'is_trusted' => true, ); $link = elgg_view('output/url', $params); echo "<div class=\"elgg-river-more\">$link</div>"; diff --git a/views/default/river/elements/summary.php b/views/default/river/elements/summary.php index 4d80c29a6..84941131f 100644 --- a/views/default/river/elements/summary.php +++ b/views/default/river/elements/summary.php @@ -15,12 +15,14 @@ $subject_link = elgg_view('output/url', array( 'href' => $subject->getURL(), 'text' => $subject->name, 'class' => 'elgg-river-subject', + 'is_trusted' => true, )); $object_link = elgg_view('output/url', array( 'href' => $object->getURL(), 'text' => $object->title ? $object->title : $object->name, 'class' => 'elgg-river-object', + 'is_trusted' => true, )); $action = $item->action_type; @@ -32,6 +34,7 @@ if ($container instanceof ElggGroup) { $params = array( 'href' => $container->getURL(), 'text' => $container->name, + 'is_trusted' => true, ); $group_link = elgg_view('output/url', $params); $group_string = elgg_echo('river:ingroup', array($group_link)); diff --git a/views/default/river/user/default/profileiconupdate.php b/views/default/river/user/default/profileiconupdate.php index c7f691533..5c96747bd 100644 --- a/views/default/river/user/default/profileiconupdate.php +++ b/views/default/river/user/default/profileiconupdate.php @@ -10,6 +10,7 @@ $subject_link = elgg_view('output/url', array( 'href' => $subject->getURL(), 'text' => $subject->name, 'class' => 'elgg-river-subject', + 'is_trusted' => true, )); $string = elgg_echo('river:update:user:avatar', array($subject_link)); diff --git a/views/default/river/user/default/profileupdate.php b/views/default/river/user/default/profileupdate.php index a344131d6..69b69b106 100644 --- a/views/default/river/user/default/profileupdate.php +++ b/views/default/river/user/default/profileupdate.php @@ -9,6 +9,7 @@ $subject_link = elgg_view('output/url', array( 'href' => $subject->getURL(), 'text' => $subject->name, 'class' => 'elgg-river-subject', + 'is_trusted' => true, )); $string = elgg_echo('river:update:user:profile', array($subject_link)); diff --git a/views/default/widgets/content_stats/content.php b/views/default/widgets/content_stats/content.php index 6a652166c..56772047d 100644 --- a/views/default/widgets/content_stats/content.php +++ b/views/default/widgets/content_stats/content.php @@ -23,5 +23,6 @@ echo '<div class="mtm">'; echo elgg_view('output/url', array( 'href' => 'admin/statistics/overview', 'text' => elgg_echo('more'), + 'is_trusted' => true, )); echo '</div>'; |