generate_syndicated_feed: sanitize content excerpt

diff --git a/classes/handler/public.php b/classes/handler/public.php
index d166e315e99a874cde2eb9a404c273fe0e9d17e5..a516b6c5ca2116aa14048fa07a9e161d91319daa 100644 (file)
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -128,7 +128,7 @@ class Handler_Public extends Handler {
                        $tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true);
                        while ($line = $this->dbh->fetch_assoc($result)) {
 
-                               $line["content_preview"] = truncate_string(strip_tags($line["content"]), 100, '...');
+                               $line["content_preview"] = sanitize(truncate_string(strip_tags($line["content"]), 100, '...'));
 
                                foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
                                        $line = $p->hook_query_headlines($line);
@@ -220,7 +220,7 @@ class Handler_Public extends Handler {
 
                        while ($line = $this->dbh->fetch_assoc($result)) {
 
-                               $line["content_preview"] = truncate_string(strip_tags($line["content_preview"]), 100, '...');
+                               $line["content_preview"] = sanitize(truncate_string(strip_tags($line["content_preview"]), 100, '...'));
 
                                foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
                                        $line = $p->hook_query_headlines($line, 100);