diff options
| author | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2010-01-19 20:32:10 +0000 |
|---|---|---|
| committer | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2010-01-19 20:32:10 +0000 |
| commit | 777f7f072c92bb2db3db393a7607fb68b5e5b56a (patch) | |
| tree | b1875f24200dda62538f6ba69f532bf0b3f2e430 | |
| parent | 5fd780c8a92a52f6a7b567b8dbfd6c50e828a401 (diff) | |
| download | semanticscuttle-777f7f072c92bb2db3db393a7607fb68b5e5b56a.tar.gz semanticscuttle-777f7f072c92bb2db3db393a7607fb68b5e5b56a.tar.bz2 | |
Fix bug #2934891: RSS XML was sometimes invalid because
special characters did not get escaped.
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@617 b3834d28-1941-0410-a4f8-b48e95affb8f
| -rw-r--r-- | data/templates/rss.tpl.php | 16 | ||||
| -rw-r--r-- | doc/ChangeLog | 2 |
2 files changed, 10 insertions, 8 deletions
diff --git a/data/templates/rss.tpl.php b/data/templates/rss.tpl.php index 21bdeab..e6e66f7 100644 --- a/data/templates/rss.tpl.php +++ b/data/templates/rss.tpl.php @@ -3,22 +3,22 @@ echo '<' . '?xml version="1.0" encoding="utf-8" ?' . ">\n"; ?> <rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/"> <channel> - <title><?php echo $feedtitle; ?></title> - <link><?php echo $feedlink; ?></link> - <description><?php echo $feeddescription; ?></description> + <title><?php echo htmlspecialchars($feedtitle); ?></title> + <link><?php echo htmlspecialchars($feedlink); ?></link> + <description><?php echo htmlspecialchars($feeddescription); ?></description> <pubDate><?php echo date('r'); ?></pubDate> <lastBuildDate><?php echo $feedlastupdate ?></lastBuildDate> <ttl>60</ttl> <?php foreach($bookmarks as $bookmark): ?> <item> - <title><?php echo $bookmark['title']; ?></title> - <link><?php echo $bookmark['link']; ?></link> - <description><?php echo $bookmark['description']; ?></description> - <dc:creator><?php echo $bookmark['creator']; ?></dc:creator> + <title><?php echo htmlspecialchars($bookmark['title']); ?></title> + <link><?php echo htmlspecialchars($bookmark['link']); ?></link> + <description><?php echo htmlspecialchars($bookmark['description']); ?></description> + <dc:creator><?php echo htmlspecialchars($bookmark['creator']); ?></dc:creator> <pubDate><?php echo $bookmark['pubdate']; ?></pubDate> <?php foreach($bookmark['tags'] as $tag): ?> - <category><?php echo $tag; ?></category> + <category><?php echo htmlspecialchars($tag); ?></category> <?php endforeach; ?> </item> <?php endforeach; ?> diff --git a/doc/ChangeLog b/doc/ChangeLog index 1f44ed9..9c7fa0e 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -15,6 +15,8 @@ ChangeLog for SemantiScuttle Patch by fnorder@users.sourceforge.net - Implement request #2934872: Option to set the "no description" description. Patch by fnorder@users.sourceforge.net +- Fix bug #2934891: RSS XML was sometimes invalid because + special characters did not get escaped. 0.95.2 - 2010-01-16 |