Make WordPress Core

Changeset 1053


Ignore:
Timestamp:
04/04/2004 11:25:55 PM (21 years ago)
Author:
rboren
Message:

Pass link name and description through htmlspecialchars().

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/links.php

    r960 r1053  
    181181        }
    182182        $desc = htmlspecialchars(stripslashes($row->link_description), ENT_QUOTES);
     183        $name = htmlspecialchars(stripslashes($row->link_name), ENT_QUOTES);
     184
     185        $title = $desc;
     186
    183187        if ($show_updated) {
    184188           if (substr($row->link_updated_f,0,2) != '00') {
    185                 $desc .= ' (Last updated ' . date(get_settings('links_updated_date_format'), $row->link_updated_f + (get_settings('time_difference') * 3600)) .')';
     189                $title .= ' (Last updated ' . date(get_settings('links_updated_date_format'), $row->link_updated_f + (get_settings('time_difference') * 3600)) .')';
    186190            }
    187191        }
    188         if ('' != $desc) {
    189             $desc = " title='$desc'";
    190         }
    191 
     192
     193        if ('' != $title) {
     194            $title = " title='$title'";
     195        }
     196
     197        $alt = " alt='$name'";
     198           
    192199        $target = $row->link_target;
    193200        if ('' != $target) {
     
    195202        }
    196203        echo("<a href='$the_link'");
    197         echo($rel . $desc . $target);
     204        echo($rel . $title . $target);
    198205        echo('>');
    199206        if (($row->link_image != null) && $show_images) {
    200             echo("<img src=\"$row->link_image\" border=\"0\" alt=\"" .
    201                  stripslashes($row->link_name) . "\" title=\"" .
    202                  stripslashes($row->link_description) . "\" />");
     207            echo("<img src=\"$row->link_image\" border=\"0\"" . $alt . $title . "/>");
    203208        } else {
    204             echo(stripslashes($row->link_name));
     209            echo($name);
    205210        }
    206211        echo('</a>');
     
    209214        }
    210215
    211         if ($show_description && ($row->link_description != '')) {
    212             echo($between.stripslashes($row->link_description));
     216        if ($show_description && ($desc != '')) {
     217            echo($between.$desc);
    213218        }
    214219
Note: See TracChangeset for help on using the changeset viewer.