Révision 0939d55c
Ajouté par Assos Assos il y a environ 7 ans
drupal7/sites/all/themes/bootstrap/templates/menu/menu-link.func.php | ||
---|---|---|
24 | 24 |
|
25 | 25 |
$options = !empty($element['#localized_options']) ? $element['#localized_options'] : array(); |
26 | 26 |
|
27 |
// Filter the title if the "html" is not set, otherwise l() will automatically |
|
28 |
// sanitize using check_plain(), so no need to call that here. |
|
29 |
$title = empty($options['html']) ? filter_xss_admin($element['#title']) : $element['#title']; |
|
27 |
// Check plain title if "html" is not set, otherwise, filter for XSS attacks. |
|
28 |
$title = empty($options['html']) ? check_plain($element['#title']) : filter_xss_admin($element['#title']); |
|
29 |
|
|
30 |
// Ensure "html" is now enabled so l() doesn't double encode. This is now |
|
31 |
// safe to do since both check_plain() and filter_xss_admin() encode HTML |
|
32 |
// entities. See: https://www.drupal.org/node/2854978 |
|
33 |
$options['html'] = TRUE; |
|
30 | 34 |
|
31 | 35 |
$href = $element['#href']; |
32 | 36 |
$attributes = !empty($element['#attributes']) ? $element['#attributes'] : array(); |
... | ... | |
46 | 50 |
$title .= ' <span class="caret"></span>'; |
47 | 51 |
$attributes['class'][] = 'dropdown'; |
48 | 52 |
|
49 |
$options['html'] = TRUE; |
|
50 |
|
|
51 | 53 |
// Set dropdown trigger element to # to prevent inadvertant page loading |
52 | 54 |
// when a submenu link is clicked. |
53 | 55 |
$options['attributes']['data-target'] = '#'; |
Formats disponibles : Unified diff
Weekly update of contrib modules