public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-20 03:11:29 +00:00
Code Issues Releases Wiki Activity

properly escape article link/PTITLEs (refs #472)

Browse Source
This commit is contained in:
Andrew Dolgov
2012-10-22 01:19:06 +04:00
parent 008ebad928
commit 5c56897349
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
classes/feeds.php
View File

@@ -503,7 +503,7 @@ class Feeds extends Handler_Protected {
$reply['content'] .= "</div>"; $reply['content'] .= "</div>";
$reply['content'] .= "<div id=\"PTITLE-FULL-$id\" style=\"display : none\">" . $reply['content'] .= "<div id=\"PTITLE-FULL-$id\" style=\"display : none\">" .
strip_tags($line['title']) . "</div>"; htmlspecialchars(strip_tags($line['title'])) . "</div>";
$reply['content'] .= "<span id=\"RTITLE-$id\" $reply['content'] .= "<span id=\"RTITLE-$id\"
onclick=\"return cdmClicked(event, $id);\" onclick=\"return cdmClicked(event, $id);\"

4
include/functions.php
View File

@@ -3372,7 +3372,7 @@
</head><body>"; </head><body>";
} }
$title_escaped = db_escape_string($line['title']); $title_escaped = htmlspecialchars($line['title']);
$rv['content'] .= "<div id=\"PTITLE-$id\" style=\"display : none\">" . $rv['content'] .= "<div id=\"PTITLE-$id\" style=\"display : none\">" .
truncate_string(strip_tags($line['title']), 15) . "</div>"; truncate_string(strip_tags($line['title']), 15) . "</div>";
@@ -3400,7 +3400,7 @@
$rv['content'] .= "<div class='postTitle'><a target='_blank' $rv['content'] .= "<div class='postTitle'><a target='_blank'
title=\"".htmlspecialchars($line['title'])."\" title=\"".htmlspecialchars($line['title'])."\"
href=\"" . href=\"" .
$line["link"] . "\">" . htmlspecialchars($line["link"]) . "\">" .
$line["title"] . $line["title"] .
"<span class='author'>$entry_author</span></a></div>"; "<span class='author'>$entry_author</span></a></div>";
} else { } else {