From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 29 Oct 2012 06:13:14 +0000 (+0400)
Subject: update_rss_feed: fix broken title/content escaping
X-Git-Tag: 1.6.1~46
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=e1e3f972b6aa47a888e487c7f4ecc2a5533e4539;p=tt-rss.git

update_rss_feed: fix broken title/content escaping
---

diff --git a/include/rssfuncs.php b/include/rssfuncs.php
index af62a504..e413743b 100644
--- a/include/rssfuncs.php
+++ b/include/rssfuncs.php
@@ -770,8 +770,8 @@
 				}
 
 				# sanitize content
-				$entry_content = sanitize($link, $entry_content, $owner_uid, $site_url);
-				$entry_title = strip_tags($entry_title);
+				$entry_content = db_escape_string(sanitize($link, $entry_content, $owner_uid, $site_url));
+				$entry_title = db_escape_string(strip_tags($entry_title));
 
 				if ($debug_enabled) {
 					_debug("update_rss_feed: done collecting data [TITLE:$entry_title]");