From 558f03f0f84a142438de9844b2047be2f050c385 Mon Sep 17 00:00:00 2001
From: cash <cash.costello@gmail.com>
Date: Sat, 5 Nov 2011 16:42:59 -0400
Subject: Fixes #4023 escaping alt and title attributes in icon views

---
 views/default/icon/default.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'views/default/icon/default.php')

diff --git a/views/default/icon/default.php b/views/default/icon/default.php
index 533b92c43..6aeef204b 100644
--- a/views/default/icon/default.php
+++ b/views/default/icon/default.php
@@ -5,9 +5,9 @@
  * @package Elgg
  * @subpackage Core
  *
- * @uses $vars['entity'] The entity the icon represents - uses getIconURL() method
- * @uses $vars['size']   topbar, tiny, small, medium (default), large, master
- * @uses $vars['href']   Optional override for link
+ * @uses $vars['entity']     The entity the icon represents - uses getIconURL() method
+ * @uses $vars['size']       topbar, tiny, small, medium (default), large, master
+ * @uses $vars['href']       Optional override for link
  * @uses $vars['img_class']  Optional CSS class added to img
  */
 
@@ -26,6 +26,7 @@ if (isset($entity->name)) {
 } else {
 	$title = $entity->title;
 }
+$title = htmlspecialchars($title, ENT_QUOTES, 'UTF-8', false);
 
 $url = $entity->getURL();
 if (isset($vars['href'])) {
-- 
cgit v1.2.3