[MrssFormat] Use XML encoding on data
This commit is contained in:
parent
8b468e94a8
commit
0d94f1fe0e
1 changed files with 12 additions and 8 deletions
|
@ -13,20 +13,20 @@ class MrssFormat extends FormatAbstract{
|
||||||
$httpHost = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
|
$httpHost = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
|
||||||
$httpInfo = isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '';
|
$httpInfo = isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '';
|
||||||
|
|
||||||
$serverRequestUri = htmlspecialchars($_SERVER['REQUEST_URI']);
|
$serverRequestUri = $this->xml_encode($_SERVER['REQUEST_URI']);
|
||||||
|
|
||||||
$extraInfos = $this->getExtraInfos();
|
$extraInfos = $this->getExtraInfos();
|
||||||
$title = htmlspecialchars($extraInfos['name']);
|
$title = $this->xml_encode($extraInfos['name']);
|
||||||
$uri = !empty($extraInfos['uri']) ? $extraInfos['uri'] : 'https://github.com/sebsauvage/rss-bridge';
|
$uri = $this->xml_encode(!empty($extraInfos['uri']) ? $extraInfos['uri'] : 'https://github.com/sebsauvage/rss-bridge');
|
||||||
|
|
||||||
$items = '';
|
$items = '';
|
||||||
foreach($this->getDatas() as $data){
|
foreach($this->getDatas() as $data){
|
||||||
$itemTitle = strip_tags(is_null($data->title) ? '' : $data->title);
|
$itemTitle = strip_tags(is_null($data->title) ? '' : $this->xml_encode($data->title));
|
||||||
$itemUri = is_null($data->uri) ? '' : $data->uri;
|
$itemUri = is_null($data->uri) ? '' : $this->xml_encode($data->uri);
|
||||||
$itemAuthor = is_null($data->author) ? '' : $data->author;
|
$itemAuthor = is_null($data->author) ? $title : $this->xml_encode($data->author);
|
||||||
$itemTimestamp = is_null($data->timestamp) ? '' : date(DATE_RFC2822, $data->timestamp);
|
$itemTimestamp = is_null($data->timestamp) ? '' : $this->xml_encode(date(DATE_RFC2822, $data->timestamp));
|
||||||
// We prevent content from closing the CDATA too early.
|
// We prevent content from closing the CDATA too early.
|
||||||
$itemContent = is_null($data->content) ? '' : htmlspecialchars($this->sanitizeHtml(str_replace(']]>','',$data->content)));
|
$itemContent = is_null($data->content) ? '' : $this->xml_encode($this->sanitizeHtml($data->content));
|
||||||
|
|
||||||
$items .= <<<EOD
|
$items .= <<<EOD
|
||||||
|
|
||||||
|
@ -82,4 +82,8 @@ EOD;
|
||||||
|
|
||||||
return parent::display();
|
return parent::display();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function xml_encode($text) {
|
||||||
|
return htmlspecialchars($text, ENT_XML1);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue