]> git.wh0rd.org Git - tt-rss.git/commitdiff
getArticleLink: add escaping; open_article_in_new_window: add error notifications...
authorAndrew Dolgov <fox@madoka.spb.ru>
Fri, 18 Apr 2008 05:13:00 +0000 (06:13 +0100)
committerAndrew Dolgov <fox@madoka.spb.ru>
Fri, 18 Apr 2008 05:13:00 +0000 (06:13 +0100)
functions.js
modules/backend-rpc.php

index 9e38e45b0bf2e6296d482f2f12d6a95eb9ef3d7a..d30e6bee8ba4f50ad8992c337853d6c5e8c226bd 100644 (file)
@@ -68,10 +68,15 @@ function open_article_callback(transport) {
        try {
 
                if (transport.responseXML) {
+                       
                        var link = transport.responseXML.getElementsByTagName("link")[0];
                        var id = transport.responseXML.getElementsByTagName("id")[0];
 
+                       debug("open_article_callback, received link: " + link);
+
                        if (link) {
+                               debug("link url: " + link.firstChild.nodeValue);
+
                                window.open(link.firstChild.nodeValue, "_blank");
 
                                if (id) {
@@ -80,7 +85,11 @@ function open_article_callback(transport) {
                                                window.setTimeout("toggleUnread(" + id + ", 0)", 100);
                                        }
                                }
+                       } else {
+                               notify_error("Can't open article: received invalid article link");
                        }
+               } else {
+                       notify_error("Can't open article: received invalid XML");
                }
 
        } catch (e) {
index 5a8452ea4e88120fd2f4364042c758c5cbf8650c..d7ebb594033a261d889a2a7fe423aad060796b1a 100644 (file)
                                WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'");
 
                        if (db_num_rows($result) == 1) {
-                               $link = strip_tags(db_fetch_result($result, 0, "link"));
+                               $link = htmlspecialchars(strip_tags(db_fetch_result($result, 0, "link")));
                                print "<rpc-reply><link>$link</link><id>$id</id></rpc-reply>";
                        } else {
                                print "<rpc-reply><error>Article not found</error></rpc-reply>";