update_rss_feed: fix broken title/content escaping

author Andrew Dolgov <fox@madoka.volgo-balt.ru>

Mon, 29 Oct 2012 06:13:14 +0000 (10:13 +0400)

committer Andrew Dolgov <fox@madoka.volgo-balt.ru>

Mon, 29 Oct 2012 06:13:14 +0000 (10:13 +0400)
author Andrew Dolgov <fox@madoka.volgo-balt.ru>
Mon, 29 Oct 2012 06:13:14 +0000 (10:13 +0400)
committer Andrew Dolgov <fox@madoka.volgo-balt.ru>
Mon, 29 Oct 2012 06:13:14 +0000 (10:13 +0400)
diff --git a/include/rssfuncs.php b/include/rssfuncs.php

index af62a5041cdb247525ad652765e71ec01f564aa8..e413743b6013d28128be6474b6673835bb6e4eb0 100644 (file)
--- a/include/rssfuncs.php
+++ b/include/rssfuncs.php
@@ -770,8 +770,8 @@
                                 }
  
                                 # sanitize content
-                               $entry_content = sanitize($link, $entry_content, $owner_uid, $site_url);
-                               $entry_title = strip_tags($entry_title);
+                               $entry_content = db_escape_string(sanitize($link, $entry_content, $owner_uid, $site_url));
+                               $entry_title = db_escape_string(strip_tags($entry_title));
  
                                 if ($debug_enabled) {
                                         _debug("update_rss_feed: done collecting data [TITLE:$entry_title]");
author	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Mon, 29 Oct 2012 06:13:14 +0000 (10:13 +0400)
committer	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Mon, 29 Oct 2012 06:13:14 +0000 (10:13 +0400)