From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sat, 13 Jul 2013 18:14:18 +0000 (+0400)
Subject: properly escape feed error message in headlines toolbar
X-Git-Tag: 1.9~28
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=12d17734f62ff83a5fd2d82c69c617c3f0d9008d;p=tt-rss.git

properly escape feed error message in headlines toolbar
---

diff --git a/classes/feeds.php b/classes/feeds.php
index 4cace8d5..def24521 100644
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -63,7 +63,8 @@ class Feeds extends Handler_Protected {
 				truncate_string($feed_title,30)."</a>";
 
 			if ($error) {
-				$reply .= "&nbsp;<img title='$error' src='images/error.png' alt='error' class=\"noborder\" style=\"vertical-align : middle\">";
+				$error = htmlspecialchars($error);
+				$reply .= "&nbsp;<img title=\"$error\" src='images/error.png' alt='error' class=\"noborder\" style=\"vertical-align : middle\">";
 			}
 
 		} else {