diff options
author | Federico Marani <federico.marani@ymail.com> | 2009-03-07 13:47:46 +0000 |
---|---|---|
committer | Federico Marani <federico.marani@ymail.com> | 2009-03-07 13:47:46 +0000 |
commit | 80d0423026b0bc14c8da820fff7905ba9c0a5d0e (patch) | |
tree | 0cb1680674245a7a326a2c145649596c95b2a71a | |
parent | 2ac684f53df3f76aacb4d1be79d7db64567f1964 (diff) |
html escape of atom attributes (ticket 1266)
-rw-r--r-- | lib/jabber.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/jabber.php b/lib/jabber.php index f41d984d6..4a96fb54e 100644 --- a/lib/jabber.php +++ b/lib/jabber.php @@ -176,14 +176,14 @@ function jabber_format_entry($profile, $notice) $entry .= "<source>\n"; $entry .= "<title>" . $profile->nickname . " - " . common_config('site', 'name') . "</title>\n"; $entry .= "<link href='" . htmlspecialchars($profile->profileurl) . "'/>\n"; - $entry .= "<link rel='self' type='application/rss+xml' href='" . $self_url . "'/>\n"; + $entry .= "<link rel='self' type='application/rss+xml' href='" . htmlspecialchars($self_url) . "'/>\n"; $entry .= "<author><name>" . $profile->nickname . "</name></author>\n"; $entry .= "<icon>" . $profile->avatarUrl(AVATAR_PROFILE_SIZE) . "</icon>\n"; $entry .= "</source>\n"; $entry .= "<title>" . htmlspecialchars($msg) . "</title>\n"; $entry .= "<summary>" . htmlspecialchars($msg) . "</summary>\n"; - $entry .= "<link rel='alternate' href='" . $noticeurl . "' />\n"; - $entry .= "<id>". $notice->uri . "</id>\n"; + $entry .= "<link rel='alternate' href='" . htmlspecialchars($noticeurl) . "' />\n"; + $entry .= "<id>". htmlspecialchars($notice->uri) . "</id>\n"; $entry .= "<published>".common_date_w3dtf($notice->created)."</published>\n"; $entry .= "<updated>".common_date_w3dtf($notice->modified)."</updated>\n"; $entry .= "</entry>\n"; |