forward(REFERER);
}
+// don't allow malicious code.
+// put this in a context of a link so HTMLawed knows how to filter correctly.
+$xss_test = "<a href=\"$address\"></a>";
+if ($xss_test != filter_tags($xss_test)) {
+ register_error(elgg_echo('bookmarks:save:failed'));
+ forward(REFERER);
+}
+
//create a new bookmark object
$entity = new ElggObject;
$entity->subtype = "bookmarks";
$title = elgg_echo('bookmarks:no_title');
}
+$a_tag_visit = filter_tags("<a href=\"{$address}\">" . elgg_echo('bookmarks:visit') . "</a>");
+$a_tag_title = filter_tags("<a href=\"{$address}\">$title</a>");
+
+
$parsed_url = parse_url($address);
$faviconurl = $parsed_url['scheme'] . "://" . $parsed_url['host'] . "/favicon.ico";
$info .= "</div>";
-$info .= "<p class='entity_title'><a href=\"{$address}\" target=\"_blank\">{$title}</a></p>";
+$info .= "<p class='entity_title'>$a_tag_title</p>";
$info .= "<p class='entity_subtext'>Bookmarked by <a href=\"".elgg_get_site_url()."pg/bookmarks/{$owner->username}\">{$owner->name}</a> {$friendlytime} {$view_notes}</p>";
$tags = elgg_view('output/tags', array('tags' => $vars['entity']->tags));
}
//display
-echo elgg_view_listing($icon, $info);
\ No newline at end of file
+echo elgg_view_listing($icon, $info);
projects / lorea / elgg.git / commitdiff