summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFederico Marani <federico.marani@ymail.com>2009-03-07 13:47:46 +0000
committerFederico Marani <federico.marani@ymail.com>2009-03-07 13:47:46 +0000
commit80d0423026b0bc14c8da820fff7905ba9c0a5d0e (patch)
tree0cb1680674245a7a326a2c145649596c95b2a71a
parent2ac684f53df3f76aacb4d1be79d7db64567f1964 (diff)
html escape of atom attributes (ticket 1266)
-rw-r--r--lib/jabber.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/jabber.php b/lib/jabber.php
index f41d984d6..4a96fb54e 100644
--- a/lib/jabber.php
+++ b/lib/jabber.php
@@ -176,14 +176,14 @@ function jabber_format_entry($profile, $notice)
$entry .= "<source>\n";
$entry .= "<title>" . $profile->nickname . " - " . common_config('site', 'name') . "</title>\n";
$entry .= "<link href='" . htmlspecialchars($profile->profileurl) . "'/>\n";
- $entry .= "<link rel='self' type='application/rss+xml' href='" . $self_url . "'/>\n";
+ $entry .= "<link rel='self' type='application/rss+xml' href='" . htmlspecialchars($self_url) . "'/>\n";
$entry .= "<author><name>" . $profile->nickname . "</name></author>\n";
$entry .= "<icon>" . $profile->avatarUrl(AVATAR_PROFILE_SIZE) . "</icon>\n";
$entry .= "</source>\n";
$entry .= "<title>" . htmlspecialchars($msg) . "</title>\n";
$entry .= "<summary>" . htmlspecialchars($msg) . "</summary>\n";
- $entry .= "<link rel='alternate' href='" . $noticeurl . "' />\n";
- $entry .= "<id>". $notice->uri . "</id>\n";
+ $entry .= "<link rel='alternate' href='" . htmlspecialchars($noticeurl) . "' />\n";
+ $entry .= "<id>". htmlspecialchars($notice->uri) . "</id>\n";
$entry .= "<published>".common_date_w3dtf($notice->created)."</published>\n";
$entry .= "<updated>".common_date_w3dtf($notice->modified)."</updated>\n";
$entry .= "</entry>\n";