aboutsummaryrefslogtreecommitdiff
path: root/views/default/output
diff options
context:
space:
mode:
authorCash Costello <cash.costello@gmail.com>2011-10-08 08:22:08 -0400
committerCash Costello <cash.costello@gmail.com>2011-10-08 08:22:08 -0400
commitd5f0d44d4ddf33db2248ef0bdd44633d57c31683 (patch)
treef7e66db7616f844ea798bcd7357d633b691cbbec /views/default/output
parent996a185c557357ccd3f5c257d17699eb874e1898 (diff)
downloadelgg-d5f0d44d4ddf33db2248ef0bdd44633d57c31683.tar.gz
elgg-d5f0d44d4ddf33db2248ef0bdd44633d57c31683.tar.bz2
Fixes #3411 output/url now has a is_trusted parameter - defaults to false
Diffstat (limited to 'views/default/output')
-rw-r--r--views/default/output/tag.php6
-rw-r--r--views/default/output/url.php15
2 files changed, 17 insertions, 4 deletions
diff --git a/views/default/output/tag.php b/views/default/output/tag.php
index abae9c4b2..3c002a31b 100644
--- a/views/default/output/tag.php
+++ b/views/default/output/tag.php
@@ -26,5 +26,9 @@ if (isset($vars['value'])) {
$type = "";
}
$url = elgg_get_site_url() . 'search?q=' . urlencode($vars['value']) . "&search_type=tags{$type}{$subtype}{$object}";
- echo elgg_view('output/url', array('href' => $url, 'text' => $vars['value'], 'rel' => 'tag'));
+ echo elgg_view('output/url', array(
+ 'href' => $url,
+ 'text' => $vars['value'],
+ 'rel' => 'tag',
+ ));
}
diff --git a/views/default/output/url.php b/views/default/output/url.php
index 79ab52377..81b02087d 100644
--- a/views/default/output/url.php
+++ b/views/default/output/url.php
@@ -10,7 +10,7 @@
* @uses string $vars['href'] The unencoded url string
* @uses bool $vars['encode_text'] Run $vars['text'] through htmlspecialchars() (false)
* @uses bool $vars['is_action'] Is this a link to an action (false)
- *
+ * @uses bool $vars['is_trusted'] Is this link trusted (false)
*/
$url = elgg_extract('href', $vars, null);
@@ -37,11 +37,20 @@ if ($url) {
if (elgg_extract('is_action', $vars, false)) {
$url = elgg_add_action_tokens_to_url($url, false);
- unset($vars['is_action']);
+ }
+
+ if (!elgg_extract('is_trusted', $vars, false)) {
+ if (!isset($vars['rel'])) {
+ $vars['rel'] = 'nofollow';
+ $url = strip_tags($url);
+ }
}
$vars['href'] = $url;
}
+unset($vars['is_action']);
+unset($vars['is_trusted']);
+
$attributes = elgg_format_attributes($vars);
-echo "<a $attributes>$text</a>"; \ No newline at end of file
+echo "<a $attributes>$text</a>";