removed xss vulnerabilities in template code

author: Bernhard Posselt <nukeawhale@gmail.com> 2012-09-06 03:48:10 +0200
committer: Bernhard Posselt <nukeawhale@gmail.com> 2012-09-06 03:48:18 +0200
commit: f702e689c13f0d7b3d23b773ab95cea13e3f3c18 (patch)
tree: a2dc80eb16a22ed080612e15d77c36036b2620a2 /templates/part.listfeed.php
parent: 24d4d4b6bd3bb821b85bac3d74ea4d1deec59ad8 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/templates/part.listfeed.php b/templates/part.listfeed.php
index 04d67a881..cfa49b82d 100644
--- a/templates/part.listfeed.php
+++ b/templates/part.listfeed.php
@@ -9,7 +9,7 @@ if(isset($_['mock'])){
     $favicon = OCP\Util::imagePath('core', 'actions/public.svg');
 } else {
     $feed = isset($_['feed']) ? $_['feed'] : null;
-    $feedTitle = htmlspecialchars_decode($feed->getTitle());
+    $feedTitle = $feed->getTitle();
     $feedId =  $feed->getId();
     $unreadItemsCount = isset($_['unreadItemsCount']) ? $_['unreadItemsCount'] : null;
     $favicon = $feed->getFavicon();
@@ -19,7 +19,7 @@ if(isset($_['mock'])){
 }
 
 echo '<li class="feed" data-id="' . $feedId . '">';
-    echo '<a style="background-image: url(' . $favicon . ');" href="#" class="title">' . $feedTitle .'</a>';
+    echo '<a style="background-image: url(' . $favicon . ');" href="#" class="title">' . htmlspecialchars($feedTitle, ENT_QUOTES, 'UTF-8') .'</a>';
 	echo '<span class="unread_items_counter">' . $unreadItemsCount . '</span>';
     echo '<span class="buttons">';
         echo '<button class="svg action feeds_delete" title="' . $l->t('Delete feed') . '"></button>';
author	Bernhard Posselt <nukeawhale@gmail.com>	2012-09-06 03:48:10 +0200
committer	Bernhard Posselt <nukeawhale@gmail.com>	2012-09-06 03:48:18 +0200
commit	f702e689c13f0d7b3d23b773ab95cea13e3f3c18 (patch)
tree	a2dc80eb16a22ed080612e15d77c36036b2620a2 /templates/part.listfeed.php
parent	24d4d4b6bd3bb821b85bac3d74ea4d1deec59ad8 (diff)