aboutsummaryrefslogtreecommitdiff
path: root/views/default
diff options
context:
space:
mode:
authorCash Costello <cash.costello@gmail.com>2011-10-08 08:22:08 -0400
committerCash Costello <cash.costello@gmail.com>2011-10-08 08:22:08 -0400
commitd5f0d44d4ddf33db2248ef0bdd44633d57c31683 (patch)
treef7e66db7616f844ea798bcd7357d633b691cbbec /views/default
parent996a185c557357ccd3f5c257d17699eb874e1898 (diff)
downloadelgg-d5f0d44d4ddf33db2248ef0bdd44633d57c31683.tar.gz
elgg-d5f0d44d4ddf33db2248ef0bdd44633d57c31683.tar.bz2
Fixes #3411 output/url now has a is_trusted parameter - defaults to false
Diffstat (limited to 'views/default')
-rw-r--r--views/default/admin/appearance/default_widgets.php1
-rw-r--r--views/default/admin/appearance/profile_fields/list.php3
-rw-r--r--views/default/admin/header.php2
-rw-r--r--views/default/icon/default.php1
-rw-r--r--views/default/icon/user/default.php1
-rw-r--r--views/default/navigation/breadcrumbs.php1
-rw-r--r--views/default/navigation/menu/user_hover.php1
-rw-r--r--views/default/navigation/pagination.php2
-rw-r--r--views/default/navigation/tabs.php6
-rw-r--r--views/default/object/admin_notice.php3
-rw-r--r--views/default/object/default.php1
-rw-r--r--views/default/object/elements/summary.php1
-rw-r--r--views/default/object/plugin/advanced.php33
-rw-r--r--views/default/object/plugin/simple.php3
-rw-r--r--views/default/object/widget/elements/controls.php1
-rw-r--r--views/default/output/tag.php6
-rw-r--r--views/default/output/url.php15
-rw-r--r--views/default/page/elements/footer.php1
-rw-r--r--views/default/page/elements/tagcloud_block.php1
-rw-r--r--views/default/page/layouts/widgets/add_button.php1
-rw-r--r--views/default/river/elements/body.php2
-rw-r--r--views/default/river/elements/responses.php1
-rw-r--r--views/default/river/elements/summary.php3
-rw-r--r--views/default/river/user/default/profileiconupdate.php1
-rw-r--r--views/default/river/user/default/profileupdate.php1
-rw-r--r--views/default/widgets/content_stats/content.php1
26 files changed, 72 insertions, 21 deletions
diff --git a/views/default/admin/appearance/default_widgets.php b/views/default/admin/appearance/default_widgets.php
index 4416dc8f6..1bf5791ac 100644
--- a/views/default/admin/appearance/default_widgets.php
+++ b/views/default/admin/appearance/default_widgets.php
@@ -17,6 +17,7 @@ if ($object) {
'text' => elgg_echo('upgrade'),
'href' => 'action/widgets/upgrade',
'is_action' => true,
+ 'is_trusted' => true,
'class' => 'elgg_button elgg-button-submit',
'title' => 'Upgrade your default widgets to work on Elgg 1.8',
));
diff --git a/views/default/admin/appearance/profile_fields/list.php b/views/default/admin/appearance/profile_fields/list.php
index 6e79838ea..f4ff1e986 100644
--- a/views/default/admin/appearance/profile_fields/list.php
+++ b/views/default/admin/appearance/profile_fields/list.php
@@ -39,8 +39,9 @@ foreach ($items as $item) {
//$even_odd = ( 'odd' != $even_odd ) ? 'odd' : 'even';
$url = elgg_view('output/url', array(
'href' => "action/profile/fields/delete?id={$item->shortname}",
- 'is_action' => TRUE,
'text' => elgg_view_icon('delete-alt'),
+ 'is_action' => true,
+ 'is_trusted' => true,
));
$type = elgg_echo($item->type);
echo <<<HTML
diff --git a/views/default/admin/header.php b/views/default/admin/header.php
index 3919c017e..331190a88 100644
--- a/views/default/admin/header.php
+++ b/views/default/admin/header.php
@@ -7,10 +7,12 @@ $admin_title = elgg_get_site_entity()->name . ' ' . elgg_echo('admin');
$view_site = elgg_view('output/url', array(
'href' => elgg_get_site_url(),
'text' => elgg_echo('admin:view_site'),
+ 'is_trusted' => true,
));
$logout = elgg_view('output/url', array(
'href' => 'action/logout',
'text' => elgg_echo('logout'),
+ 'is_trusted' => true,
));
?>
<h1 class="elgg-heading-site">
diff --git a/views/default/icon/default.php b/views/default/icon/default.php
index 3abd96b96..533b92c43 100644
--- a/views/default/icon/default.php
+++ b/views/default/icon/default.php
@@ -39,6 +39,7 @@ if ($url) {
echo elgg_view('output/url', array(
'href' => $url,
'text' => $img,
+ 'is_trusted' => true,
));
} else {
echo $img;
diff --git a/views/default/icon/user/default.php b/views/default/icon/user/default.php
index aca03521f..0eb3691bd 100644
--- a/views/default/icon/user/default.php
+++ b/views/default/icon/user/default.php
@@ -66,6 +66,7 @@ if ($show_menu) {
echo elgg_view('output/url', array(
'href' => $user->getURL(),
'text' => $icon,
+ 'is_trusted' => true,
));
?>
</div>
diff --git a/views/default/navigation/breadcrumbs.php b/views/default/navigation/breadcrumbs.php
index bad73c4b3..88577a8ff 100644
--- a/views/default/navigation/breadcrumbs.php
+++ b/views/default/navigation/breadcrumbs.php
@@ -30,6 +30,7 @@ if (is_array($breadcrumbs) && count($breadcrumbs) > 0) {
$crumb = elgg_view('output/url', array(
'href' => $breadcrumb['link'],
'text' => $breadcrumb['title'],
+ 'is_trusted' => true,
));
} else {
$crumb = $breadcrumb['title'];
diff --git a/views/default/navigation/menu/user_hover.php b/views/default/navigation/menu/user_hover.php
index e32e5ab57..5c89e585c 100644
--- a/views/default/navigation/menu/user_hover.php
+++ b/views/default/navigation/menu/user_hover.php
@@ -19,6 +19,7 @@ echo '<ul class="elgg-menu elgg-menu-hover">';
$name_link = elgg_view('output/url', array(
'href' => $user->getURL(),
'text' => "<span class=\"elgg-heading-basic\">$user->name</span>&#64;$user->username",
+ 'is_trusted' => true,
));
echo "<li>$name_link</li>";
diff --git a/views/default/navigation/pagination.php b/views/default/navigation/pagination.php
index c0cb801dd..4df5cf575 100644
--- a/views/default/navigation/pagination.php
+++ b/views/default/navigation/pagination.php
@@ -42,10 +42,12 @@ $pages = new stdClass();
$pages->prev = array(
'text' => '&laquo; ' . elgg_echo('previous'),
'href' => '',
+ 'is_trusted' => true,
);
$pages->next = array(
'text' => elgg_echo('next') . ' &raquo;',
'href' => '',
+ 'is_trusted' => true,
);
$pages->items = array();
diff --git a/views/default/navigation/tabs.php b/views/default/navigation/tabs.php
index 0108126ad..e8fde3579 100644
--- a/views/default/navigation/tabs.php
+++ b/views/default/navigation/tabs.php
@@ -47,7 +47,7 @@ if (isset($vars['tabs']) && is_array($vars['tabs']) && !empty($vars['tabs'])) {
$options = array(
'href' => $url,
'title' => $title,
- 'text' => $title
+ 'text' => $title,
);
if (isset($info['url_class'])) {
@@ -58,6 +58,10 @@ if (isset($vars['tabs']) && is_array($vars['tabs']) && !empty($vars['tabs'])) {
$options['id'] = $info['url_id'];
}
+ if (!isset($info['rel']) && !isset($info['is_trusted'])) {
+ $options['is_trusted'] = true;
+ }
+
$link = elgg_view('output/url', $options);
echo "<li $class_str $js>$link</li>";
diff --git a/views/default/object/admin_notice.php b/views/default/object/admin_notice.php
index 086eddb1f..11524567e 100644
--- a/views/default/object/admin_notice.php
+++ b/views/default/object/admin_notice.php
@@ -11,7 +11,8 @@ if (isset($vars['entity']) && elgg_instanceof($vars['entity'], 'object', 'admin_
'href' => "action/admin/delete_admin_notice?guid=$notice->guid",
'text' => '<span class="elgg-icon elgg-icon-delete"></span>',
'is_action' => true,
- 'class' => 'elgg-admin-notice'
+ 'class' => 'elgg-admin-notice',
+ 'is_trusted' => true,
));
echo "<p>$delete$message</p>";
diff --git a/views/default/object/default.php b/views/default/object/default.php
index a50f19387..a9c3e15ca 100644
--- a/views/default/object/default.php
+++ b/views/default/object/default.php
@@ -28,6 +28,7 @@ if ($owner) {
$owner_link = elgg_view('output/url', array(
'href' => $owner->getURL(),
'text' => $owner->name,
+ 'is_trusted' => true,
));
}
diff --git a/views/default/object/elements/summary.php b/views/default/object/elements/summary.php
index 10cf0b148..3ca4de2be 100644
--- a/views/default/object/elements/summary.php
+++ b/views/default/object/elements/summary.php
@@ -29,6 +29,7 @@ if ($title_link === '') {
$params = array(
'text' => $text,
'href' => $entity->getURL(),
+ 'is_trusted' => true,
);
$title_link = elgg_view('output/url', $params);
}
diff --git a/views/default/object/plugin/advanced.php b/views/default/object/plugin/advanced.php
index 1fabaff04..db4e4dbcc 100644
--- a/views/default/object/plugin/advanced.php
+++ b/views/default/object/plugin/advanced.php
@@ -40,9 +40,10 @@ if ($reordering) {
));
$links .= "<li>" . elgg_view('output/url', array(
- 'href' => $top_url,
- 'text' => elgg_echo('top'),
- 'is_action' => true
+ 'href' => $top_url,
+ 'text' => elgg_echo('top'),
+ 'is_action' => true,
+ 'is_trusted' => true,
)) . "</li>";
$up_url = elgg_http_add_url_query_elements($actions_base . 'set_priority', array(
@@ -52,9 +53,10 @@ if ($reordering) {
));
$links .= "<li>" . elgg_view('output/url', array(
- 'href' => $up_url,
- 'text' => elgg_echo('up'),
- 'is_action' => true
+ 'href' => $up_url,
+ 'text' => elgg_echo('up'),
+ 'is_action' => true,
+ 'is_trusted' => true,
)) . "</li>";
}
@@ -67,9 +69,10 @@ if ($reordering) {
));
$links .= "<li>" . elgg_view('output/url', array(
- 'href' => $down_url,
- 'text' => elgg_echo('down'),
- 'is_action' => true
+ 'href' => $down_url,
+ 'text' => elgg_echo('down'),
+ 'is_action' => true,
+ 'is_trusted' => true,
)) . "</li>";
$bottom_url = elgg_http_add_url_query_elements($actions_base . 'set_priority', array(
@@ -81,7 +84,8 @@ if ($reordering) {
$links .= "<li>" . elgg_view('output/url', array(
'href' => $bottom_url,
'text' => elgg_echo('bottom'),
- 'is_action' => true
+ 'is_action' => true,
+ 'is_trusted' => true,
)) . "</li>";
}
} else {
@@ -93,7 +97,8 @@ if ($reordering) {
// always let them deactivate
$options = array(
- 'is_action' => true
+ 'is_action' => true,
+ 'is_trusted' => true,
);
if ($active) {
$active_class = 'elgg-state-active';
@@ -163,7 +168,8 @@ $author = '<span>' . elgg_echo('admin:plugins:label:author') . '</span>: '
$version = htmlspecialchars($plugin->getManifest()->getVersion());
$website = elgg_view('output/url', array(
'href' => $plugin->getManifest()->getWebsite(),
- 'text' => $plugin->getManifest()->getWebsite()
+ 'text' => $plugin->getManifest()->getWebsite(),
+ 'is_trusted' => true,
));
$copyright = elgg_view('output/text', array('value' => $plugin->getManifest()->getCopyright()));
@@ -179,7 +185,8 @@ if ($files) {
$url = 'admin_plugin_text_file/' . $plugin->getID() . "/$file";
$link = elgg_view('output/url', array(
'text' => $file,
- 'href' => $url
+ 'href' => $url,
+ 'is_trusted' => true,
));
$docs .= "<li>$link</li>";
diff --git a/views/default/object/plugin/simple.php b/views/default/object/plugin/simple.php
index f4cc944f4..4d392e71a 100644
--- a/views/default/object/plugin/simple.php
+++ b/views/default/object/plugin/simple.php
@@ -49,7 +49,8 @@ foreach ($files as $file => $path) {
$url = 'admin_plugin_text_file/' . $plugin->getID() . "/$file";
$link = elgg_view('output/url', array(
'text' => $file,
- 'href' => $url
+ 'href' => $url,
+ 'is_trusted' => true,
));
$plugin_footer .= "<li>$link</li>";
diff --git a/views/default/object/widget/elements/controls.php b/views/default/object/widget/elements/controls.php
index abf2154fc..6d06d28bc 100644
--- a/views/default/object/widget/elements/controls.php
+++ b/views/default/object/widget/elements/controls.php
@@ -24,6 +24,7 @@ if ($widget->canEdit()) {
'title' => elgg_echo('widget:delete', array($widget->getTitle())),
'href' => "action/widgets/delete?guid=$widget->guid",
'is_action' => true,
+ 'is_trusted' => true,
'class' => 'elgg-widget-delete-button',
'id' => "elgg-widget-delete-button-$widget->guid"
);
diff --git a/views/default/output/tag.php b/views/default/output/tag.php
index abae9c4b2..3c002a31b 100644
--- a/views/default/output/tag.php
+++ b/views/default/output/tag.php
@@ -26,5 +26,9 @@ if (isset($vars['value'])) {
$type = "";
}
$url = elgg_get_site_url() . 'search?q=' . urlencode($vars['value']) . "&search_type=tags{$type}{$subtype}{$object}";
- echo elgg_view('output/url', array('href' => $url, 'text' => $vars['value'], 'rel' => 'tag'));
+ echo elgg_view('output/url', array(
+ 'href' => $url,
+ 'text' => $vars['value'],
+ 'rel' => 'tag',
+ ));
}
diff --git a/views/default/output/url.php b/views/default/output/url.php
index 79ab52377..81b02087d 100644
--- a/views/default/output/url.php
+++ b/views/default/output/url.php
@@ -10,7 +10,7 @@
* @uses string $vars['href'] The unencoded url string
* @uses bool $vars['encode_text'] Run $vars['text'] through htmlspecialchars() (false)
* @uses bool $vars['is_action'] Is this a link to an action (false)
- *
+ * @uses bool $vars['is_trusted'] Is this link trusted (false)
*/
$url = elgg_extract('href', $vars, null);
@@ -37,11 +37,20 @@ if ($url) {
if (elgg_extract('is_action', $vars, false)) {
$url = elgg_add_action_tokens_to_url($url, false);
- unset($vars['is_action']);
+ }
+
+ if (!elgg_extract('is_trusted', $vars, false)) {
+ if (!isset($vars['rel'])) {
+ $vars['rel'] = 'nofollow';
+ $url = strip_tags($url);
+ }
}
$vars['href'] = $url;
}
+unset($vars['is_action']);
+unset($vars['is_trusted']);
+
$attributes = elgg_format_attributes($vars);
-echo "<a $attributes>$text</a>"; \ No newline at end of file
+echo "<a $attributes>$text</a>";
diff --git a/views/default/page/elements/footer.php b/views/default/page/elements/footer.php
index 06fdb84a5..596d17bd3 100644
--- a/views/default/page/elements/footer.php
+++ b/views/default/page/elements/footer.php
@@ -17,5 +17,6 @@ echo elgg_view('output/url', array(
'href' => 'http://elgg.org',
'text' => "<img src=\"$powered_url\" alt=\"Powered by Elgg\" width=\"106\" height=\"15\" />",
'class' => '',
+ 'is_trusted' => true,
));
echo '</div>';
diff --git a/views/default/page/elements/tagcloud_block.php b/views/default/page/elements/tagcloud_block.php
index 8b67c9e37..258951c41 100644
--- a/views/default/page/elements/tagcloud_block.php
+++ b/views/default/page/elements/tagcloud_block.php
@@ -50,6 +50,7 @@ $cloud .= elgg_view_icon('tag');
$cloud .= elgg_view('output/url', array(
'href' => 'tags',
'text' => elgg_echo('tagcloud:allsitetags'),
+ 'is_trusted' => true,
));
$cloud .= '</p>';
diff --git a/views/default/page/layouts/widgets/add_button.php b/views/default/page/layouts/widgets/add_button.php
index 89e83b096..c33a45f99 100644
--- a/views/default/page/layouts/widgets/add_button.php
+++ b/views/default/page/layouts/widgets/add_button.php
@@ -10,6 +10,7 @@
'text' => elgg_echo('widgets:add'),
'class' => 'elgg-button elgg-button-action',
'rel' => 'toggle',
+ 'is_trusted' => true,
));
?>
</div>
diff --git a/views/default/river/elements/body.php b/views/default/river/elements/body.php
index c5a525733..6894b81e2 100644
--- a/views/default/river/elements/body.php
+++ b/views/default/river/elements/body.php
@@ -27,6 +27,7 @@ if ($summary === false) {
'href' => $subject->getURL(),
'text' => $subject->name,
'class' => 'elgg-river-subject',
+ 'is_trusted' => true,
));
}
@@ -52,6 +53,7 @@ if ($container instanceof ElggGroup && $container->guid != elgg_get_page_owner_g
$group_link = elgg_view('output/url', array(
'href' => $container->getURL(),
'text' => $container->name,
+ 'is_trusted' => true,
));
$group_string = elgg_echo('river:ingroup', array($group_link));
}
diff --git a/views/default/river/elements/responses.php b/views/default/river/elements/responses.php
index 8c5be6316..f6c32e142 100644
--- a/views/default/river/elements/responses.php
+++ b/views/default/river/elements/responses.php
@@ -50,6 +50,7 @@ if ($comments) {
$params = array(
'href' => $url,
'text' => elgg_echo('river:comments:more', array($num_more_comments)),
+ 'is_trusted' => true,
);
$link = elgg_view('output/url', $params);
echo "<div class=\"elgg-river-more\">$link</div>";
diff --git a/views/default/river/elements/summary.php b/views/default/river/elements/summary.php
index 4d80c29a6..84941131f 100644
--- a/views/default/river/elements/summary.php
+++ b/views/default/river/elements/summary.php
@@ -15,12 +15,14 @@ $subject_link = elgg_view('output/url', array(
'href' => $subject->getURL(),
'text' => $subject->name,
'class' => 'elgg-river-subject',
+ 'is_trusted' => true,
));
$object_link = elgg_view('output/url', array(
'href' => $object->getURL(),
'text' => $object->title ? $object->title : $object->name,
'class' => 'elgg-river-object',
+ 'is_trusted' => true,
));
$action = $item->action_type;
@@ -32,6 +34,7 @@ if ($container instanceof ElggGroup) {
$params = array(
'href' => $container->getURL(),
'text' => $container->name,
+ 'is_trusted' => true,
);
$group_link = elgg_view('output/url', $params);
$group_string = elgg_echo('river:ingroup', array($group_link));
diff --git a/views/default/river/user/default/profileiconupdate.php b/views/default/river/user/default/profileiconupdate.php
index c7f691533..5c96747bd 100644
--- a/views/default/river/user/default/profileiconupdate.php
+++ b/views/default/river/user/default/profileiconupdate.php
@@ -10,6 +10,7 @@ $subject_link = elgg_view('output/url', array(
'href' => $subject->getURL(),
'text' => $subject->name,
'class' => 'elgg-river-subject',
+ 'is_trusted' => true,
));
$string = elgg_echo('river:update:user:avatar', array($subject_link));
diff --git a/views/default/river/user/default/profileupdate.php b/views/default/river/user/default/profileupdate.php
index a344131d6..69b69b106 100644
--- a/views/default/river/user/default/profileupdate.php
+++ b/views/default/river/user/default/profileupdate.php
@@ -9,6 +9,7 @@ $subject_link = elgg_view('output/url', array(
'href' => $subject->getURL(),
'text' => $subject->name,
'class' => 'elgg-river-subject',
+ 'is_trusted' => true,
));
$string = elgg_echo('river:update:user:profile', array($subject_link));
diff --git a/views/default/widgets/content_stats/content.php b/views/default/widgets/content_stats/content.php
index 6a652166c..56772047d 100644
--- a/views/default/widgets/content_stats/content.php
+++ b/views/default/widgets/content_stats/content.php
@@ -23,5 +23,6 @@ echo '<div class="mtm">';
echo elgg_view('output/url', array(
'href' => 'admin/statistics/overview',
'text' => elgg_echo('more'),
+ 'is_trusted' => true,
));
echo '</div>';