Fix html escaping of external menu links

author Coleman Watts <coleman@civicrm.org>

Sat, 3 Oct 2015 02:03:19 +0000 (22:03 -0400)

committer Coleman Watts <coleman@civicrm.org>

Sat, 3 Oct 2015 02:03:19 +0000 (22:03 -0400)
author Coleman Watts <coleman@civicrm.org>
Sat, 3 Oct 2015 02:03:19 +0000 (22:03 -0400)
committer Coleman Watts <coleman@civicrm.org>
Sat, 3 Oct 2015 02:03:19 +0000 (22:03 -0400)
diff --git a/CRM/Core/BAO/Navigation.php b/CRM/Core/BAO/Navigation.php

index 1e89b0a2a8fa955572a92719c44e361eb66cc671..3250c9bb599dc1e5d4580b6aaa0bf8e3dcff87cd 100644 (file)
--- a/CRM/Core/BAO/Navigation.php
+++ b/CRM/Core/BAO/Navigation.php
@@ -516,6 +516,9 @@ ORDER BY parent_id, weight";
          }
          $url = CRM_Utils_System::url($urlParam[0], $urlParam[1], FALSE, NULL, TRUE);
        }
+      elseif (strpos($url, '&amp;') === FALSE) {
+        $url = htmlspecialchars($url);
+      }
        $makeLink = TRUE;
      }
author	Coleman Watts <coleman@civicrm.org>
	Sat, 3 Oct 2015 02:03:19 +0000 (22:03 -0400)
committer	Coleman Watts <coleman@civicrm.org>
	Sat, 3 Oct 2015 02:03:19 +0000 (22:03 -0400)