diff --git a/lib/functions/output/function.buildNavigation.php b/lib/functions/output/function.buildNavigation.php
index 9e9f251a..6326df47 100644
--- a/lib/functions/output/function.buildNavigation.php
+++ b/lib/functions/output/function.buildNavigation.php
@@ -71,10 +71,12 @@ function buildNavigation($navigation, $userinfo) {
} elseif (isset($_GET['page']) && substr_count($element['url'], "page=" . $_GET['page']) > 0 && substr_count($element['url'], basename($_SERVER["SCRIPT_FILENAME"])) > 0 && substr_count($element['url'], "action=") == 0 && !isset($_GET['action'])) {
$active = ' active';
}
-
- $completeLink = '';
+
+ $navurl = htmlspecialchars($element['url']);
+ $navlabel = $element['label'];
} else {
- $completeLink = $element['label'];
+ $navurl = htmlspecialchars($element['url']);
+ $navlabel = $element['label'];
}
eval("\$navigation_links .= \"" . getTemplate("navigation_link", 1) . "\";");
@@ -82,6 +84,7 @@ function buildNavigation($navigation, $userinfo) {
}
if ($navigation_links != '') {
+ $target = '';
if (isset($box['url']) && trim($box['url']) != '') {
// append sid only to local
@@ -95,14 +98,15 @@ function buildNavigation($navigation, $userinfo) {
}
}
- $target = '';
if (isset($box['new_window']) && $box['new_window'] == true) {
$target = ' target="_blank"';
}
-
- $completeLink = '';
+
+ $navurl = htmlspecialchars($box['url']);
+ $navlabel = $box['label'];
} else {
- $completeLink = $box['label'];
+ $navurl = "#";
+ $navlabel = $box['label'];
}
eval("\$returnvalue .= \"" . getTemplate("navigation_element", 1) . "\";");
diff --git a/templates/Sparkle/navigation_element.tpl b/templates/Sparkle/navigation_element.tpl
index ddfb00af..37e41eea 100644
--- a/templates/Sparkle/navigation_element.tpl
+++ b/templates/Sparkle/navigation_element.tpl
@@ -1,5 +1,11 @@