|
@@ -13,20 +13,20 @@ class MrssFormat extends FormatAbstract{
|
|
|
$httpHost = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
|
|
|
$httpInfo = isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '';
|
|
|
|
|
|
- $serverRequestUri = htmlspecialchars($_SERVER['REQUEST_URI']);
|
|
|
+ $serverRequestUri = $this->xml_encode($_SERVER['REQUEST_URI']);
|
|
|
|
|
|
$extraInfos = $this->getExtraInfos();
|
|
|
- $title = htmlspecialchars($extraInfos['name']);
|
|
|
- $uri = !empty($extraInfos['uri']) ? $extraInfos['uri'] : 'https://github.com/sebsauvage/rss-bridge';
|
|
|
+ $title = $this->xml_encode($extraInfos['name']);
|
|
|
+ $uri = $this->xml_encode(!empty($extraInfos['uri']) ? $extraInfos['uri'] : 'https://github.com/sebsauvage/rss-bridge');
|
|
|
|
|
|
$items = '';
|
|
|
foreach($this->getDatas() as $data){
|
|
|
- $itemTitle = strip_tags(is_null($data->title) ? '' : $data->title);
|
|
|
- $itemUri = is_null($data->uri) ? '' : $data->uri;
|
|
|
- $itemAuthor = is_null($data->author) ? '' : $data->author;
|
|
|
- $itemTimestamp = is_null($data->timestamp) ? '' : date(DATE_RFC2822, $data->timestamp);
|
|
|
+ $itemTitle = strip_tags(is_null($data->title) ? '' : $this->xml_encode($data->title));
|
|
|
+ $itemUri = is_null($data->uri) ? '' : $this->xml_encode($data->uri);
|
|
|
+ $itemAuthor = is_null($data->author) ? $title : $this->xml_encode($data->author);
|
|
|
+ $itemTimestamp = is_null($data->timestamp) ? '' : $this->xml_encode(date(DATE_RFC2822, $data->timestamp));
|
|
|
// We prevent content from closing the CDATA too early.
|
|
|
- $itemContent = is_null($data->content) ? '' : htmlspecialchars($this->sanitizeHtml(str_replace(']]>','',$data->content)));
|
|
|
+ $itemContent = is_null($data->content) ? '' : $this->xml_encode($this->sanitizeHtml($data->content));
|
|
|
|
|
|
$items .= <<<EOD
|
|
|
|
|
@@ -82,4 +82,8 @@ EOD;
|
|
|
|
|
|
return parent::display();
|
|
|
}
|
|
|
+
|
|
|
+ private function xml_encode($text) {
|
|
|
+ return htmlspecialchars($text, ENT_XML1);
|
|
|
+ }
|
|
|
}
|