]> git.wh0rd.org - tt-rss.git/commitdiff
git.wh0rd.org / tt-rss.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 01dffac)
title escaping: do not double-encode entities
authorAndrew Dolgov <fox@madoka.volgo-balt.ru>
Sat, 23 Mar 2013 05:44:52 +0000 (09:44 +0400)
committerAndrew Dolgov <fox@madoka.volgo-balt.ru>
Sat, 23 Mar 2013 05:44:52 +0000 (09:44 +0400)
classes/feeds.php patch | blob | blame | history
include/functions.php patch | blob | blame | history

diff --git a/classes/feeds.php b/classes/feeds.php
index 3657a0564caa247cc91e9d0c0fb186c44506b45e..f673211774b25a41e28ae1d0e43383341491fc1f 100644 (file)
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -432,7 +432,8 @@ class Feeds extends Handler_Protected {
                                        $reply['content'] .= "<div onclick='return hlClicked(event, $id)'
                                                class=\"hlTitle\"><span class='hlContent$hlc_suffix'>";
                                        $reply['content'] .= "<a id=\"RTITLE-$id\"
-                                               href=\"" . htmlspecialchars($line["link"]) . "\"
+                                               href=\"" . htmlspecialchars($line["link"], ENT_COMPAT | ENT_HTML401,
+                                                       'utf-8', false) . "\"
                                                onclick=\"\">" .
                                                truncate_string($line["title"], 200);
 
diff --git a/include/functions.php b/include/functions.php
index e57ee6953a2eb85fd3af4e65ddabc41d3ff7ecf3..994b4c1794150797fadc8e694557cb4540c48d87 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -3022,7 +3022,8 @@
 
                        if ($line["link"]) {
                                $rv['content'] .= "<div class='postTitle'><a target='_blank'
-                                       title=\"".htmlspecialchars($line['title'])."\"
+                                       title=\"".htmlspecialchars($line["link"], ENT_COMPAT | ENT_HTML401,
+               'utf-8', false)."\"
                                        href=\"" .
                                        htmlspecialchars($line["link"]) . "\">" .
                                        $line["title"] . "</a>" .
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/