From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 29 Apr 2016 19:00:02 +0000 (+0300)
Subject: generate_syndicated_feed: sanitize content excerpt
X-Git-Tag: 16.8~30
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=2f1a29d9c8e142711a308452eb700c1c14b01195;p=tt-rss.git

generate_syndicated_feed: sanitize content excerpt
---

diff --git a/classes/handler/public.php b/classes/handler/public.php
index d166e315..a516b6c5 100644
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -128,7 +128,7 @@ class Handler_Public extends Handler {
 			$tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true);
 			while ($line = $this->dbh->fetch_assoc($result)) {
 
-				$line["content_preview"] = truncate_string(strip_tags($line["content"]), 100, '...');
+				$line["content_preview"] = sanitize(truncate_string(strip_tags($line["content"]), 100, '...'));
 
 				foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
 					$line = $p->hook_query_headlines($line);
@@ -220,7 +220,7 @@ class Handler_Public extends Handler {
 
 			while ($line = $this->dbh->fetch_assoc($result)) {
 
-				$line["content_preview"] = truncate_string(strip_tags($line["content_preview"]), 100, '...');
+				$line["content_preview"] = sanitize(truncate_string(strip_tags($line["content_preview"]), 100, '...'));
 
 				foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
 					$line = $p->hook_query_headlines($line, 100);