properly escape article link/PTITLEs (refs #472)

This commit is contained in:
Andrew Dolgov 2012-10-22 01:19:06 +04:00
parent 008ebad928
commit 5c56897349
2 changed files with 3 additions and 3 deletions

View file

@ -503,7 +503,7 @@ class Feeds extends Handler_Protected {
$reply['content'] .= "</div>";
$reply['content'] .= "<div id=\"PTITLE-FULL-$id\" style=\"display : none\">" .
strip_tags($line['title']) . "</div>";
htmlspecialchars(strip_tags($line['title'])) . "</div>";
$reply['content'] .= "<span id=\"RTITLE-$id\"
onclick=\"return cdmClicked(event, $id);\"

View file

@ -3372,7 +3372,7 @@
</head><body>";
}
$title_escaped = db_escape_string($line['title']);
$title_escaped = htmlspecialchars($line['title']);
$rv['content'] .= "<div id=\"PTITLE-$id\" style=\"display : none\">" .
truncate_string(strip_tags($line['title']), 15) . "</div>";
@ -3400,7 +3400,7 @@
$rv['content'] .= "<div class='postTitle'><a target='_blank'
title=\"".htmlspecialchars($line['title'])."\"
href=\"" .
$line["link"] . "\">" .
htmlspecialchars($line["link"]) . "\">" .
$line["title"] .
"<span class='author'>$entry_author</span></a></div>";
} else {