diff options
| author | nashe <thomas@chauchefoin.fr> | 2017-05-30 00:14:31 +0200 |
|---|---|---|
| committer | nashe <thomas@chauchefoin.fr> | 2017-05-30 00:14:31 +0200 |
| commit | f5b102d873aa85a14aad037d6a8e2911ddda35ea (patch) | |
| tree | fedb56915e8189010edc0a1c4566d43df37b3f67 /app | |
| parent | 9022bab97250c7b6ad3a658197494c4ce5126da7 (diff) | |
| download | planet-f5b102d873aa85a14aad037d6a8e2911ddda35ea.tar planet-f5b102d873aa85a14aad037d6a8e2911ddda35ea.tar.gz planet-f5b102d873aa85a14aad037d6a8e2911ddda35ea.tar.bz2 planet-f5b102d873aa85a14aad037d6a8e2911ddda35ea.tar.xz planet-f5b102d873aa85a14aad037d6a8e2911ddda35ea.zip | |
Correctly escape attributes of OPML's entries
This should prevent any case of corruption of the XML document.
Diffstat (limited to 'app')
| -rw-r--r-- | app/lib/lib.opml.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/lib/lib.opml.php b/app/lib/lib.opml.php index 8676807..ecb71a8 100644 --- a/app/lib/lib.opml.php +++ b/app/lib/lib.opml.php @@ -95,8 +95,8 @@ class OpmlManager $out.= '<dateModified>'.date('c').'</dateModified>'."\n"; $out.= '</head>'."\n"; $out.= '<body>'."\n"; - foreach ($opml->entries as $person){ - $out.= '<outline text="' . htmlspecialchars($person['name']) . '" htmlUrl="' . htmlspecialchars($person['website']) . '" xmlUrl="' . htmlspecialchars($person['feed']) . '" isDown="' . htmlspecialchars($person['isDown']) . '"/>'."\n"; + foreach ($opml->entries as $person) { + $out.= '<outline text="' . htmlspecialchars($person['name'], ENT_QUOTES) . '" htmlUrl="' . htmlspecialchars($person['website'], ENT_QUOTES) . '" xmlUrl="' . htmlspecialchars($person['feed'], ENT_QUOTES) . '" isDown="' . htmlspecialchars($person['isDown'], ENT_QUOTES) . '"/>'."\n"; } $out.= '</body>'."\n"; $out.= '</opml>'; |