Commit 03a9ed70 by Qiang Xue

Fixes #6557: Link URLs generated by `yii\widgets\Menu` are not encoded

parent 2e664764
...@@ -6,6 +6,7 @@ Yii Framework 2 Change Log ...@@ -6,6 +6,7 @@ Yii Framework 2 Change Log
- Bug #6080: Oracle DB schema did not load column types correctly (wenbin1989) - Bug #6080: Oracle DB schema did not load column types correctly (wenbin1989)
- Bug #6404: advanced application template `Alert` widget was generating duplicate IDs in case of multiple flashes (SDKiller) - Bug #6404: advanced application template `Alert` widget was generating duplicate IDs in case of multiple flashes (SDKiller)
- Bug #6557: Link URLs generated by `yii\widgets\Menu` are not encoded (qiangxue)
- Enh #6247: Logger and error handler are now using slightly less memory (stepanselyuk, samdark) - Enh #6247: Logger and error handler are now using slightly less memory (stepanselyuk, samdark)
- Enh #6434: Added `yii\behaviors\SluggableBehavior::immutable` to support keeping the generated slug unchanged (trntv) - Enh #6434: Added `yii\behaviors\SluggableBehavior::immutable` to support keeping the generated slug unchanged (trntv)
- Enh #6467: `ActiveForm` will scroll to the nearest visible element when the first error input is hidden (newartix) - Enh #6467: `ActiveForm` will scroll to the nearest visible element when the first error input is hidden (newartix)
......
...@@ -230,7 +230,7 @@ class Menu extends Widget ...@@ -230,7 +230,7 @@ class Menu extends Widget
$template = ArrayHelper::getValue($item, 'template', $this->linkTemplate); $template = ArrayHelper::getValue($item, 'template', $this->linkTemplate);
return strtr($template, [ return strtr($template, [
'{url}' => Url::to($item['url']), '{url}' => Html::encode(Url::to($item['url'])),
'{label}' => $item['label'], '{label}' => $item['label'],
]); ]);
} else { } else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment