diff options
Diffstat (limited to 'views/default/output/url.php')
| -rw-r--r-- | views/default/output/url.php | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/views/default/output/url.php b/views/default/output/url.php index fdeb94ac3..81b02087d 100644 --- a/views/default/output/url.php +++ b/views/default/output/url.php @@ -8,9 +8,9 @@ * * @uses string $vars['text'] The string between the <a></a> tags. * @uses string $vars['href'] The unencoded url string - * @uses bool $vars['encode_text'] Run $vars['text'] through htmlspecialchars()? - * @uses bool $vars['is_action'] Is this a link to an action? - * + * @uses bool $vars['encode_text'] Run $vars['text'] through htmlspecialchars() (false) + * @uses bool $vars['is_action'] Is this a link to an action (false) + * @uses bool $vars['is_trusted'] Is this link trusted (false) */ $url = elgg_extract('href', $vars, null); @@ -20,7 +20,7 @@ if (!$url and isset($vars['value'])) { } if (isset($vars['text'])) { - if (isset($vars['encode_text']) && $vars['encode_text']) { + if (elgg_extract('encode_text', $vars, false)) { $text = htmlspecialchars($vars['text'], ENT_QUOTES, 'UTF-8', false); } else { $text = $vars['text']; @@ -35,13 +35,22 @@ unset($vars['encode_text']); if ($url) { $url = elgg_normalize_url($url); - if (isset($vars['is_action'])) { + if (elgg_extract('is_action', $vars, false)) { $url = elgg_add_action_tokens_to_url($url, false); - unset($vars['is_action']); + } + + if (!elgg_extract('is_trusted', $vars, false)) { + if (!isset($vars['rel'])) { + $vars['rel'] = 'nofollow'; + $url = strip_tags($url); + } } $vars['href'] = $url; } +unset($vars['is_action']); +unset($vars['is_trusted']); + $attributes = elgg_format_attributes($vars); -echo "<a $attributes>$text</a>";
\ No newline at end of file +echo "<a $attributes>$text</a>"; |