properly escape article link/PTITLEs (refs #472)

2012-10-22 01:19:06 +04:00
parent 008ebad928
commit 5c56897349
2 changed files with 3 additions and 3 deletions
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -503,7 +503,7 @@ class Feeds extends Handler_Protected {
 					$reply['content'] .= "</div>";

 					$reply['content'] .= "<div id=\"PTITLE-FULL-$id\" style=\"display : none\">" .
-						strip_tags($line['title']) . "</div>";
+						htmlspecialchars(strip_tags($line['title'])) . "</div>";

 					$reply['content'] .= "<span id=\"RTITLE-$id\"
 						onclick=\"return cdmClicked(event, $id);\"