diff options
author | Brett Profitt <brett.profitt@gmail.com> | 2012-05-01 17:15:42 -0700 |
---|---|---|
committer | Brett Profitt <brett.profitt@gmail.com> | 2012-05-01 17:15:42 -0700 |
commit | c0c5c0f81f40b5d72048e74842a650f974cefcd7 (patch) | |
tree | bc929b43f4dd2b36e5d11a52687a3caaf5ff25cb /views/default/output | |
parent | 72f0c8462e79333667ebddd885500e5efddd1c28 (diff) | |
download | elgg-c0c5c0f81f40b5d72048e74842a650f974cefcd7.tar.gz elgg-c0c5c0f81f40b5d72048e74842a650f974cefcd7.tar.bz2 |
Fixes #1835. Passing tagcloud URLs through output/url for proper escaping.
Diffstat (limited to 'views/default/output')
-rw-r--r-- | views/default/output/tagcloud.php | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php index 22b6cf49d..a212becd8 100644 --- a/views/default/output/tagcloud.php +++ b/views/default/output/tagcloud.php @@ -47,9 +47,15 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) { if ($size < 100) { $size = 100; } - $url = elgg_get_site_url()."search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype"; - $url = elgg_format_url($url); - $cloud .= "<a href=\"$url\" style=\"font-size: $size%\" title=\"".addslashes($tag->tag)." ($tag->total)\">" . htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8') . "</a>"; + $url = "search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype"; + + $cloud .= elgg_view('output/url', array( + 'text' => $tag->tag, + 'href' => $url, + 'style' => "font-size: $size%;", + 'title' => "$tag->tag ($tag->total)", + 'rel' => 'tag' + )); } $cloud .= elgg_view('tagcloud/extend'); |