diff options
author | Cash Costello <cash.costello@gmail.com> | 2011-10-08 08:22:08 -0400 |
---|---|---|
committer | Cash Costello <cash.costello@gmail.com> | 2011-10-08 08:22:08 -0400 |
commit | d5f0d44d4ddf33db2248ef0bdd44633d57c31683 (patch) | |
tree | f7e66db7616f844ea798bcd7357d633b691cbbec /views/default/output | |
parent | 996a185c557357ccd3f5c257d17699eb874e1898 (diff) | |
download | elgg-d5f0d44d4ddf33db2248ef0bdd44633d57c31683.tar.gz elgg-d5f0d44d4ddf33db2248ef0bdd44633d57c31683.tar.bz2 |
Fixes #3411 output/url now has a is_trusted parameter - defaults to false
Diffstat (limited to 'views/default/output')
-rw-r--r-- | views/default/output/tag.php | 6 | ||||
-rw-r--r-- | views/default/output/url.php | 15 |
2 files changed, 17 insertions, 4 deletions
diff --git a/views/default/output/tag.php b/views/default/output/tag.php index abae9c4b2..3c002a31b 100644 --- a/views/default/output/tag.php +++ b/views/default/output/tag.php @@ -26,5 +26,9 @@ if (isset($vars['value'])) { $type = ""; } $url = elgg_get_site_url() . 'search?q=' . urlencode($vars['value']) . "&search_type=tags{$type}{$subtype}{$object}"; - echo elgg_view('output/url', array('href' => $url, 'text' => $vars['value'], 'rel' => 'tag')); + echo elgg_view('output/url', array( + 'href' => $url, + 'text' => $vars['value'], + 'rel' => 'tag', + )); } diff --git a/views/default/output/url.php b/views/default/output/url.php index 79ab52377..81b02087d 100644 --- a/views/default/output/url.php +++ b/views/default/output/url.php @@ -10,7 +10,7 @@ * @uses string $vars['href'] The unencoded url string * @uses bool $vars['encode_text'] Run $vars['text'] through htmlspecialchars() (false) * @uses bool $vars['is_action'] Is this a link to an action (false) - * + * @uses bool $vars['is_trusted'] Is this link trusted (false) */ $url = elgg_extract('href', $vars, null); @@ -37,11 +37,20 @@ if ($url) { if (elgg_extract('is_action', $vars, false)) { $url = elgg_add_action_tokens_to_url($url, false); - unset($vars['is_action']); + } + + if (!elgg_extract('is_trusted', $vars, false)) { + if (!isset($vars['rel'])) { + $vars['rel'] = 'nofollow'; + $url = strip_tags($url); + } } $vars['href'] = $url; } +unset($vars['is_action']); +unset($vars['is_trusted']); + $attributes = elgg_format_attributes($vars); -echo "<a $attributes>$text</a>";
\ No newline at end of file +echo "<a $attributes>$text</a>"; |