From f39c14c69d5e4b9094137b2dbb3af6d53ba3c8bf Mon Sep 17 00:00:00 2001
From: Coleman Watts <coleman@civicrm.org>
Date: Fri, 2 Oct 2015 22:03:19 -0400
Subject: [PATCH] Fix html escaping of external menu links

---
 CRM/Core/BAO/Navigation.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CRM/Core/BAO/Navigation.php b/CRM/Core/BAO/Navigation.php
index 1e89b0a2a8..3250c9bb59 100644
--- a/CRM/Core/BAO/Navigation.php
+++ b/CRM/Core/BAO/Navigation.php
@@ -516,6 +516,9 @@ ORDER BY parent_id, weight";
         }
         $url = CRM_Utils_System::url($urlParam[0], $urlParam[1], FALSE, NULL, TRUE);
       }
+      elseif (strpos($url, '&amp;') === FALSE) {
+        $url = htmlspecialchars($url);
+      }
       $makeLink = TRUE;
     }
 
-- 
2.25.1