diff options
author | Bernhard Posselt <nukeawhale@gmail.com> | 2012-09-06 03:48:10 +0200 |
---|---|---|
committer | Bernhard Posselt <nukeawhale@gmail.com> | 2012-09-06 03:48:18 +0200 |
commit | f702e689c13f0d7b3d23b773ab95cea13e3f3c18 (patch) | |
tree | a2dc80eb16a22ed080612e15d77c36036b2620a2 /templates/part.listfeed.php | |
parent | 24d4d4b6bd3bb821b85bac3d74ea4d1deec59ad8 (diff) |
removed xss vulnerabilities in template code
Diffstat (limited to 'templates/part.listfeed.php')
-rw-r--r-- | templates/part.listfeed.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/templates/part.listfeed.php b/templates/part.listfeed.php index 04d67a881..cfa49b82d 100644 --- a/templates/part.listfeed.php +++ b/templates/part.listfeed.php @@ -9,7 +9,7 @@ if(isset($_['mock'])){ $favicon = OCP\Util::imagePath('core', 'actions/public.svg'); } else { $feed = isset($_['feed']) ? $_['feed'] : null; - $feedTitle = htmlspecialchars_decode($feed->getTitle()); + $feedTitle = $feed->getTitle(); $feedId = $feed->getId(); $unreadItemsCount = isset($_['unreadItemsCount']) ? $_['unreadItemsCount'] : null; $favicon = $feed->getFavicon(); @@ -19,7 +19,7 @@ if(isset($_['mock'])){ } echo '<li class="feed" data-id="' . $feedId . '">'; - echo '<a style="background-image: url(' . $favicon . ');" href="#" class="title">' . $feedTitle .'</a>'; + echo '<a style="background-image: url(' . $favicon . ');" href="#" class="title">' . htmlspecialchars($feedTitle, ENT_QUOTES, 'UTF-8') .'</a>'; echo '<span class="unread_items_counter">' . $unreadItemsCount . '</span>'; echo '<span class="buttons">'; echo '<button class="svg action feeds_delete" title="' . $l->t('Delete feed') . '"></button>'; |