From 6bd1f0516481d7795b8551f4b60714fcd200be8d Mon Sep 17 00:00:00 2001
From: ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Wed, 4 Mar 2009 11:41:10 +0000
Subject: URL sanitation for RSS feeds

git-svn-id: https://code.elgg.org/elgg/trunk@3066 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 views/rss/group/default.php   | 4 ++--
 views/rss/object/default.php  | 4 ++--
 views/rss/river/item/list.php | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'views')

diff --git a/views/rss/group/default.php b/views/rss/group/default.php
index 72d0dbd9a..281dc93cc 100644
--- a/views/rss/group/default.php
+++ b/views/rss/group/default.php
@@ -14,9 +14,9 @@
 ?>
 
 	<item>
-	  <guid isPermaLink='true'><?php echo $vars['entity']->getURL(); ?></guid>
+	  <guid isPermaLink='true'><?php echo htmlspecialchars($vars['entity']->getURL()); ?></guid>
 	  <pubDate><?php echo date("r",$vars['entity']->time_created) ?></pubDate>
-	  <link><?php echo $vars['entity']->getURL(); ?></link>
+	  <link><?php echo htmlspecialchars($vars['entity']->getURL()); ?></link>
 	  <title><![CDATA[<?php echo (($vars['entity']->name)); ?>]]></title>
 	  <description><![CDATA[<?php echo (autop($vars['entity']->description)); ?>]]></description>
 	</item>
diff --git a/views/rss/object/default.php b/views/rss/object/default.php
index 5e50971c9..7b55c5846 100644
--- a/views/rss/object/default.php
+++ b/views/rss/object/default.php
@@ -22,9 +22,9 @@
 ?>
 
 	<item>
-	  <guid isPermaLink='true'><?php echo $vars['entity']->getURL(); ?></guid>
+	  <guid isPermaLink='true'><?php echo htmlspecialchars($vars['entity']->getURL()); ?></guid>
 	  <pubDate><?php echo date("r",$vars['entity']->time_created) ?></pubDate>
-	  <link><?php echo $vars['entity']->getURL(); ?></link>
+	  <link><?php echo htmlspecialchars($vars['entity']->getURL()); ?></link>
 	  <title><![CDATA[<?php echo $title; ?>]]></title>
 	  <description><![CDATA[<?php echo (autop($vars['entity']->description)); ?>]]></description>
 	</item>
diff --git a/views/rss/river/item/list.php b/views/rss/river/item/list.php
index 6e2a33278..214f8c800 100644
--- a/views/rss/river/item/list.php
+++ b/views/rss/river/item/list.php
@@ -13,7 +13,7 @@
 								 ),false,false,'default');
 				$time = date("r",$item->posted);
 				if ($entity = get_entity($item->object_guid)) {
-					$url = str_replace('&','&amp;',$entity->getURL());
+					$url = htmlspecialchars($entity->getURL());
 				} else {
 					$url = $vars['url'];
 				}
-- 
cgit v1.2.3