From 2cf3c3905514583c09008bf1a5d751dec490af58 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Fri, 22 May 2009 17:38:46 +0000 Subject: [PATCH] - web: escape forum RSS entries instead of stripping tags (from Nicolas; fixes #899) svn path=/trunk/boinc/; revision=18190 --- checkin_notes | 8 +++++++- html/user/forum_rss.php | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/checkin_notes b/checkin_notes index 080f4c86bc..3c009d33bb 100644 --- a/checkin_notes +++ b/checkin_notes @@ -4706,4 +4706,10 @@ Rom 20 May 2009 / configure.ac version.h - \ No newline at end of file + +David 22 May 2009 + - web: escape forum RSS entries instead of stripping tags + (from Nicolas; fixes #899) + + html/user/ + forum_rss.php diff --git a/html/user/forum_rss.php b/html/user/forum_rss.php index fe4b57243a..3ead1dd064 100644 --- a/html/user/forum_rss.php +++ b/html/user/forum_rss.php @@ -122,7 +122,7 @@ foreach ($threads as $thread) { ".strip_tags($thread->title)." $unique_url $unique_url - ".substr(strip_tags($post->content),0,255)." . . . + ".htmlspecialchars(htmlspecialchars(substr($post->content,0,255)))." . . . $post_date ";