From aa2a3c0f10fc141fa842ee329abae28bed4f025e Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Wed, 9 Nov 2016 18:06:39 +0100
Subject: [PATCH] Proper fix for gravatar URL '&' encoding

This partially reverts the change introduced in issue #21804 (see commit
fa2e7171e5e5b85465e449b67e5ced6672b9f3f9), letting the caller escape the
URL as needed.

Fixes #21844
---
 core/classes/TimelineEvent.class.php | 6 +++---
 plugins/Gravatar/Gravatar.php        | 3 +--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/core/classes/TimelineEvent.class.php b/core/classes/TimelineEvent.class.php
index 0db5577b72..92fe9abe8f 100644
--- a/core/classes/TimelineEvent.class.php
+++ b/core/classes/TimelineEvent.class.php
@@ -80,9 +80,9 @@ public function html_start() {
 
 		return sprintf(
 			'<div class="entry"><div class="avatar"><a href="%s"><img class="avatar" src="%s" alt="%s" width="32" height="32" /></a></div><div class="timestamp">%s</div>',
-			$t_avatar->link,
-			$t_avatar->image,
-			$t_avatar->text,
+			htmlspecialchars( $t_avatar->link ),
+			htmlspecialchars( $t_avatar->image ),
+			htmlspecialchars( $t_avatar->text ),
 			$this->format_timestamp( $this->timestamp )
 		);
 	}
diff --git a/plugins/Gravatar/Gravatar.php b/plugins/Gravatar/Gravatar.php
index e49d9595aa..8cbf005ed9 100644
--- a/plugins/Gravatar/Gravatar.php
+++ b/plugins/Gravatar/Gravatar.php
@@ -153,8 +153,7 @@ function user_get_avatar( $p_event, $p_user_id, $p_size = 80 ) {
 					'd' => $t_default_avatar,
 					'r' => $t_rating,
 					's' => $p_size,
-				),
-				'', '&amp;'
+				)
 			);
 
 		$t_avatar = new Avatar();