diff options
Diffstat (limited to 'views/default/output/url.php')
| -rw-r--r-- | views/default/output/url.php | 70 |
1 files changed, 37 insertions, 33 deletions
diff --git a/views/default/output/url.php b/views/default/output/url.php index 734df2c19..81b02087d 100644 --- a/views/default/output/url.php +++ b/views/default/output/url.php @@ -5,48 +5,52 @@ * * @package Elgg * @subpackage Core - * @author Curverider Ltd - * @link http://elgg.org/ - * - * @uses string $vars['href'] The string to display in the <a></a> tags - * @uses string $vars['text'] The string between the <a></a> tags. - * @uses bool $vars['target'] Set the target="" attribute. - * @uses string $vars['class'] what to add in class="" - * @uses string $vars['js'] Javascript to insert in <a> tag - * @uses bool $vars['is_action'] Is this a link to an action? * + * @uses string $vars['text'] The string between the <a></a> tags. + * @uses string $vars['href'] The unencoded url string + * @uses bool $vars['encode_text'] Run $vars['text'] through htmlspecialchars() (false) + * @uses bool $vars['is_action'] Is this a link to an action (false) + * @uses bool $vars['is_trusted'] Is this link trusted (false) */ -$url = trim($vars['href']); - -if (!empty($url)) { - if (array_key_exists('is_action', $vars) && $vars['is_action']) { - $url = elgg_add_action_tokens_to_url($url); - } +$url = elgg_extract('href', $vars, null); +if (!$url and isset($vars['value'])) { + $url = trim($vars['value']); + unset($vars['value']); +} - if (array_key_exists('target', $vars) && $vars['target']) { - $target = "target = \"{$vars['target']}\""; +if (isset($vars['text'])) { + if (elgg_extract('encode_text', $vars, false)) { + $text = htmlspecialchars($vars['text'], ENT_QUOTES, 'UTF-8', false); } else { - $target = ''; + $text = $vars['text']; } + unset($vars['text']); +} else { + $text = htmlspecialchars($url, ENT_QUOTES, 'UTF-8', false); +} - if (array_key_exists('class', $vars) && $vars['class']) { - $class = "class = \"{$vars['class']}\""; - } else { - $class = ''; - } +unset($vars['encode_text']); - if (array_key_exists('js', $vars) && $vars['js']) { - $js = "{$vars['target']}"; - } else { - $js = ''; +if ($url) { + $url = elgg_normalize_url($url); + + if (elgg_extract('is_action', $vars, false)) { + $url = elgg_add_action_tokens_to_url($url, false); } - if (array_key_exists('text', $vars) && $vars['text']) { - $text = htmlentities($vars['text'], ENT_QUOTES, 'UTF-8'); - } else { - $text = htmlentities($url, ENT_QUOTES, 'UTF-8'); + if (!elgg_extract('is_trusted', $vars, false)) { + if (!isset($vars['rel'])) { + $vars['rel'] = 'nofollow'; + $url = strip_tags($url); + } } - echo "<a href=\"{$url}\" $target $class $js>$text</a>"; -}
\ No newline at end of file + $vars['href'] = $url; +} + +unset($vars['is_action']); +unset($vars['is_trusted']); + +$attributes = elgg_format_attributes($vars); +echo "<a $attributes>$text</a>"; |