From edf0fb5f393581fdb3e77e4c8ed70119f2ee8744 Mon Sep 17 00:00:00 2001
From: rboren <rboren@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sun, 4 Apr 2004 23:25:55 +0000
Subject: [PATCH] Pass link name and description through htmlspecialchars().

git-svn-id: http://svn.automattic.com/wordpress/trunk@1053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/links.php | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/wp-includes/links.php b/wp-includes/links.php
index 4f9604414..f6ce5170b 100644
--- a/wp-includes/links.php
+++ b/wp-includes/links.php
@@ -180,36 +180,41 @@ function get_links($category = -1, $before = '', $after = '<br />',
             $rel = " rel='$rel'";
         }
         $desc = htmlspecialchars(stripslashes($row->link_description), ENT_QUOTES);
+        $name = htmlspecialchars(stripslashes($row->link_name), ENT_QUOTES);
+
+        $title = $desc;
+
         if ($show_updated) {
            if (substr($row->link_updated_f,0,2) != '00') {
-                $desc .= ' (Last updated ' . date(get_settings('links_updated_date_format'), $row->link_updated_f + (get_settings('time_difference') * 3600)) .')';
+                $title .= ' (Last updated ' . date(get_settings('links_updated_date_format'), $row->link_updated_f + (get_settings('time_difference') * 3600)) .')';
             }
         }
-        if ('' != $desc) {
-            $desc = " title='$desc'";
+
+        if ('' != $title) {
+            $title = " title='$title'";
         }
 
+        $alt = " alt='$name'";
+            
         $target = $row->link_target;
         if ('' != $target) {
             $target = " target='$target'";
         }
         echo("<a href='$the_link'");
-        echo($rel . $desc . $target);
+        echo($rel . $title . $target);
         echo('>');
         if (($row->link_image != null) && $show_images) {
-            echo("<img src=\"$row->link_image\" border=\"0\" alt=\"" .
-                 stripslashes($row->link_name) . "\" title=\"" .
-                 stripslashes($row->link_description) . "\" />");
+            echo("<img src=\"$row->link_image\" border=\"0\"" . $alt . $title . "/>");
         } else {
-            echo(stripslashes($row->link_name));
+            echo($name);
         }
         echo('</a>');
         if ($show_updated && $row->recently_updated) {
             echo get_settings('links_recently_updated_append');
         }
 
-        if ($show_description && ($row->link_description != '')) {
-            echo($between.stripslashes($row->link_description));
+        if ($show_description && ($desc != '')) {
+            echo($between.$desc);
         }
 
         // now do the rating