From 44f4b916f8221359ccdbe3c89ec98c0f111427b3 Mon Sep 17 00:00:00 2001
From: rboren <rboren@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 28 Jul 2004 23:09:33 +0000
Subject: [PATCH] Run htmlspecialchars on title attribute text in
 get_archives_link().  Bug 0000162.

git-svn-id: http://svn.automattic.com/wordpress/trunk@1497 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/template-functions-general.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/wp-includes/template-functions-general.php b/wp-includes/template-functions-general.php
index 3b4394a403..06394165b7 100644
--- a/wp-includes/template-functions-general.php
+++ b/wp-includes/template-functions-general.php
@@ -194,14 +194,16 @@ function single_month_title($prefix = '', $display = true ) {
 /* link navigation hack by Orien http://icecode.com/ */
 function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
 	$text = wptexturize($text);
+    $title_text = htmlspecialchars($text);
+
 	if ('link' == $format) {
-		return "\t<link rel='archives' title='$text' href='$url' />\n";
+		return "\t<link rel='archives' title='$title_text' href='$url' />\n";
 	} elseif ('option' == $format) {
 		return "\t<option value='$url'>$text</option>\n";
 	} elseif ('html' == $format) {
-		return "\t<li>$before<a href='$url' title='$text'>$text</a>$after</li>\n";
+		return "\t<li>$before<a href='$url' title='$title_text'>$text</a>$after</li>\n";
 	} else { // custom
-		return "\t$before<a href='$url' title='$text'>$text</a>$after\n";
+		return "\t$before<a href='$url' title='$title_text'>$text</a>$after\n";
 	}
 }