apply htmlspecialchars() to $href and $text, apply urlencode() to $page

git-svn-id: https://svn.php.net/repository/pear/packages/Text_Wiki/trunk@161296 c90b9560-bf6c-de11-be94-00142212c4b1
horde · Jun 14, 2004 · 102c728 · 102c728
1 parent 4776595
commit 102c728
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/Text/Wiki/Render/Xhtml/Freelink.php b/Text/Wiki/Render/Xhtml/Freelink.php
@@ -34,11 +34,13 @@ function token($options)
             $href = $this->getConf('view_url');
             if (strpos($href, '%s') === false) {
             	// use the old form
-	            $href = $href . $page . '#' . $anchor;
+	            $href = $href . urlencode($page) . '#' . $anchor;
 	        } else {
 	        	// use the new form
-	        	$href = sprintf($href, $page . '#' . $anchor);
+	        	$href = sprintf($href, urlencode($page) . '#' . $anchor);
 	        }
+
+	        $text = htmlspecialchars($text);
             return "<a href=\"$href\">$text</a>";
 
         } else {
@@ -48,11 +50,12 @@ function token($options)
             $href = $this->getConf('new_url');
             if (strpos($href, '%s') === false) {
             	// use the old form
-	            $href = $href . $page;
+	            $href = $href . urlencode($page);
 	        } else {
 	        	// use the new form
-	        	$href = sprintf($href, $page);
+	        	$href = sprintf($href, urlencode($page));
 	        }
+
             return $text . "<a href=\"$href\">" . $this->getConf('new_text') . "</a>";
 
         }