From 0dfef88cacde19cf0afaefbd422a7f5230091064 Mon Sep 17 00:00:00 2001
From: Zach Copley <zach@status.net>
Date: Thu, 6 May 2010 00:55:17 -0700
Subject: HTML entity encode source link URLs in plain XML output and add
 rel="nofollow" to them

---
 actions/twitapisearchatom.php | 2 +-
 lib/apiaction.php             | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/actions/twitapisearchatom.php b/actions/twitapisearchatom.php
index 3eb54ccc3..6c740c490 100644
--- a/actions/twitapisearchatom.php
+++ b/actions/twitapisearchatom.php
@@ -349,7 +349,7 @@ class TwitapisearchatomAction extends ApiAction
         $ns = $notice->getSource();
         if ($ns) {
             if (!empty($ns->name) && !empty($ns->url)) {
-                $source = '<a href="' . $ns->url . '">' . $ns->name . '</a>';
+                $source = '<a href="' . $ns->url . '" rel="nofollow">' . $ns->name . '</a>';
             } else {
                 $source = $ns->code;
             }
diff --git a/lib/apiaction.php b/lib/apiaction.php
index 7a6a5549b..f3efff402 100644
--- a/lib/apiaction.php
+++ b/lib/apiaction.php
@@ -266,13 +266,13 @@ class ApiAction extends Action
         $ns = $notice->getSource();
         if ($ns) {
             if (!empty($ns->name) && !empty($ns->url)) {
-                $source = '<a href="' . $ns->url . '">' . $ns->name . '</a>';
+                $source = '<a href="' . $ns->url . '" rel="nofollow">' . $ns->name . '</a>';
             } else {
                 $source = $ns->code;
             }
         }
 
-        $twitter_status['source'] = $source;
+        $twitter_status['source'] = htmlentities($source);
         $twitter_status['id'] = intval($notice->id);
 
         $replier_profile = null;
-- 
cgit v1.2.3