#482162 by agentrickard: link path needed further sanitization to properly encode...

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 7c0c000..2156af3 100644 (file)
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -16,6 +16,7 @@ CHANGELOG for Views 2 for Drupal 6
     o #506098: Table sorting with no default was overriding sorts even tho it was not supposed to.
        o #407538: Ensure views_break_phrase() will stop providing warnings on empty strings.
        o #420850 by dereine: Commas should not be used to separate items in a profile list field.
+       o #482162 by agentrickard: link path needed further sanitization to properly encode special characters.
 
   Other changes:
     o Implement a post_render hook (for themes too) and cache method.

diff --git a/handlers/views_handler_field.inc b/handlers/views_handler_field.inc
index cf02fd9..f724a58 100644 (file)
--- a/handlers/views_handler_field.inc
+++ b/handlers/views_handler_field.inc
@@ -513,7 +513,9 @@ class views_handler_field extends views_handler {
     $path = $this->options['alter']['path'];
 
     // Use strip tags as there should never be HTML in the path.
-    $path = strip_tags(strtr($path, $tokens));
+    // However, we need to preserve special characters like " that
+    // were removed by check_plain().
+    $path = strip_tags(html_entity_decode(strtr($path, $tokens)));
 
     // Parse the URL and move any query and fragment parameters out of the path.
     $url = parse_url($path);