Commit 7641bda7 authored by Nigel McNie's avatar Nigel McNie
Browse files

Escape ampersands in links in the wall

parent 78db3909
......@@ -5,16 +5,16 @@
{if $wallposts}
{foreach from=$wallposts item=wallpost}
<div class="wallpost{if $wallpost->private} private{/if}">
<div class="userinfo"><img src="{$WWWROOT}thumb.php?type=profileicon&maxwidth=25&maxheight=25&id={$wallpost->from}" alt="Profile Icon">
<div class="userinfo"><img src="{$WWWROOT}thumb.php?type=profileicon&amp;maxwidth=25&amp;maxheight=25&amp;id={$wallpost->from}" alt="Profile Icon">
<div class="userinforight"><strong><a href="{$WWWROOT}user/view.php?id={$wallpost->userid|escape}">{$wallpost->displayname|escape}</a></strong><span class="postedon"> - {$wallpost->postdate|format_date}</span></div>
</div>
<div class="text">{$wallpost->text|parse_bbcode}</div>
{*<div class="controls">
{if $ownwall}
[ <a href="{$WWWROOT}blocktype/wall/wall.php?instance={$instanceid}&replyto={$wallpost->id}">{str tag='reply' section='blocktype.wall'}</a> ]
[ <a href="{$WWWROOT}blocktype/wall/wall.php?instance={$instanceid}&amp;replyto={$wallpost->id}">{str tag='reply' section='blocktype.wall'}</a> ]
{/if}
{if $ownwall || $wallpost->from == $userid}
[ <a href="{$WWWROOT}blocktype/wall/deletepost.php?instance={$instanceid}&return={if $wholewall}wall{else}profile{/if}">
[ <a href="{$WWWROOT}blocktype/wall/deletepost.php?instance={$instanceid}&amp;return={if $wholewall}wall{else}profile{/if}">
{str tag='delete' section='blocktype.wall'}
</a> ]
{/if}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment