From 84b4ac38935ef184996a8768a9bbc451e3261ddd Mon Sep 17 00:00:00 2001
From: im-mi <im.mi.mail.mi@gmail.com>
Date: Mon, 29 Aug 2016 01:07:44 -0400
Subject: [PATCH] html_escape tag info link

---
 ext/tag_list/theme.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/tag_list/theme.php b/ext/tag_list/theme.php
index db9bf4af..0e97abb5 100644
--- a/ext/tag_list/theme.php
+++ b/ext/tag_list/theme.php
@@ -216,7 +216,7 @@ class TagListTheme extends Themelet {
 		$count = $row['calc_count'];
 		// if($n++) $display_html .= "\n<br/>";
 		if(!is_null($config->get_string('info_link'))) {
-			$link = str_replace('$tag', $tag, $config->get_string('info_link'));
+			$link = html_escape(str_replace('$tag', $tag, $config->get_string('info_link')));
 			$display_html .= ' <a class="tag_info_link'.$tag_category_css.'" '.$tag_category_style.'href="'.$link.'">?</a>';
 		}
 		$link = $this->tag_link($row['tag']);