properly escape feed error message in headlines toolbar

This commit is contained in:
Andrew Dolgov 2013-07-13 22:14:18 +04:00
parent 7a7a0dc2dd
commit 12d17734f6

View file

@ -63,7 +63,8 @@ class Feeds extends Handler_Protected {
truncate_string($feed_title,30)."</a>";
if ($error) {
$reply .= "&nbsp;<img title='$error' src='images/error.png' alt='error' class=\"noborder\" style=\"vertical-align : middle\">";
$error = htmlspecialchars($error);
$reply .= "&nbsp;<img title=\"$error\" src='images/error.png' alt='error' class=\"noborder\" style=\"vertical-align : middle\">";
}
} else {