properly escape feed error message in headlines toolbar

author Andrew Dolgov <fox@madoka.volgo-balt.ru>

Sat, 13 Jul 2013 18:14:18 +0000 (22:14 +0400)

committer Andrew Dolgov <fox@madoka.volgo-balt.ru>

Sat, 13 Jul 2013 18:14:18 +0000 (22:14 +0400)
author Andrew Dolgov <fox@madoka.volgo-balt.ru>
Sat, 13 Jul 2013 18:14:18 +0000 (22:14 +0400)
committer Andrew Dolgov <fox@madoka.volgo-balt.ru>
Sat, 13 Jul 2013 18:14:18 +0000 (22:14 +0400)
diff --git a/classes/feeds.php b/classes/feeds.php

index 4cace8d5c9aac54840c0b22ba8db1679d9eea799..def24521a80cf7d2adbbe1aa0dd080503b0ca9b1 100644 (file)
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -63,7 +63,8 @@ class Feeds extends Handler_Protected {
                                 truncate_string($feed_title,30)."</a>";
  
                         if ($error) {
-                               $reply .= "&nbsp;<img title='$error' src='images/error.png' alt='error' class=\"noborder\" style=\"vertical-align : middle\">";
+                               $error = htmlspecialchars($error);
+                               $reply .= "&nbsp;<img title=\"$error\" src='images/error.png' alt='error' class=\"noborder\" style=\"vertical-align : middle\">";
                         }
  
                 } else {
author	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Sat, 13 Jul 2013 18:14:18 +0000 (22:14 +0400)
committer	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Sat, 13 Jul 2013 18:14:18 +0000 (22:14 +0400)