add some protection against opener attacks if external site is opened via window...

[tt-rss.git] / include / functions2.php

diff --git a/include/functions2.php b/include/functions2.php
index 6017a78f84d66226face64666d02cb0875b6d7eb..6674c77346d9e1c0125a423104d921d3e0f48284 100644 (file)
--- a/include/functions2.php
+++ b/include/functions2.php
@@ -1957,7 +1957,7 @@
 #                              $entry .= " <a target=\"_blank\" href=\"" . htmlspecialchars($url) . "\">" .
 #                                      $filename . " (" . $ctype . ")" . "</a>";
 
-                               $entry = "<div onclick=\"window.open('".htmlspecialchars($url)."')\"
+                               $entry = "<div onclick=\"openUrlPopup('".htmlspecialchars($url)."')\"
                                        dojoType=\"dijit.MenuItem\">$filename ($ctype)</div>";
 
                                array_push($entries_html, $entry);
@@ -2038,7 +2038,7 @@
                                else
                                        $filename = "";
 
-                               $rv .= "<div onclick='window.open(\"".htmlspecialchars($entry["url"])."\")'
+                               $rv .= "<div onclick='openUrlPopup(\"".htmlspecialchars($entry["url"])."\")'
                                        dojoType=\"dijit.MenuItem\">".$filename . $title."</div>";
 
                        };