diff options
| -rw-r--r-- | data/templates/rss.tpl.php | 16 | ||||
| -rw-r--r-- | doc/ChangeLog | 2 |
2 files changed, 10 insertions, 8 deletions
diff --git a/data/templates/rss.tpl.php b/data/templates/rss.tpl.php index 21bdeab..e6e66f7 100644 --- a/data/templates/rss.tpl.php +++ b/data/templates/rss.tpl.php @@ -3,22 +3,22 @@ echo '<' . '?xml version="1.0" encoding="utf-8" ?' . ">\n"; ?> <rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/"> <channel> - <title><?php echo $feedtitle; ?></title> - <link><?php echo $feedlink; ?></link> - <description><?php echo $feeddescription; ?></description> + <title><?php echo htmlspecialchars($feedtitle); ?></title> + <link><?php echo htmlspecialchars($feedlink); ?></link> + <description><?php echo htmlspecialchars($feeddescription); ?></description> <pubDate><?php echo date('r'); ?></pubDate> <lastBuildDate><?php echo $feedlastupdate ?></lastBuildDate> <ttl>60</ttl> <?php foreach($bookmarks as $bookmark): ?> <item> - <title><?php echo $bookmark['title']; ?></title> - <link><?php echo $bookmark['link']; ?></link> - <description><?php echo $bookmark['description']; ?></description> - <dc:creator><?php echo $bookmark['creator']; ?></dc:creator> + <title><?php echo htmlspecialchars($bookmark['title']); ?></title> + <link><?php echo htmlspecialchars($bookmark['link']); ?></link> + <description><?php echo htmlspecialchars($bookmark['description']); ?></description> + <dc:creator><?php echo htmlspecialchars($bookmark['creator']); ?></dc:creator> <pubDate><?php echo $bookmark['pubdate']; ?></pubDate> <?php foreach($bookmark['tags'] as $tag): ?> - <category><?php echo $tag; ?></category> + <category><?php echo htmlspecialchars($tag); ?></category> <?php endforeach; ?> </item> <?php endforeach; ?> diff --git a/doc/ChangeLog b/doc/ChangeLog index 1f44ed9..9c7fa0e 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -15,6 +15,8 @@ ChangeLog for SemantiScuttle Patch by fnorder@users.sourceforge.net - Implement request #2934872: Option to set the "no description" description. Patch by fnorder@users.sourceforge.net +- Fix bug #2934891: RSS XML was sometimes invalid because + special characters did not get escaped. 0.95.2 - 2010-01-16 |