From f702e689c13f0d7b3d23b773ab95cea13e3f3c18 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <nukeawhale@gmail.com>
Date: Thu, 6 Sep 2012 03:48:10 +0200
Subject: removed xss vulnerabilities in template code

---
 templates/part.items.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'templates/part.items.php')

diff --git a/templates/part.items.php b/templates/part.items.php
index 185fc099b..6d6369ab7 100644
--- a/templates/part.items.php
+++ b/templates/part.items.php
@@ -49,10 +49,10 @@ foreach($items as $item) {
 			echo '</ul>';
 		echo '</div>';
 
-		echo '<h1 class="item_title"><a target="_blank" href="' . $item->getUrl() . '">' . $item->getTitle() . '</a></h1>';	
+		echo '<h1 class="item_title"><a target="_blank" href="' . $item->getUrl() . '">' . htmlspecialchars($item->getTitle(), ENT_QUOTES, 'UTF-8') . '</a></h1>';	
 		
 		if(($item->getAuthor() !== null) && (trim($item->getAuthor()) != '')){
-			echo '<h2 class="item_author">'. $l->t('by') . ' ' . $item->getAuthor() . '</h2>';
+			echo '<h2 class="item_author">'. $l->t('by') . ' ' . htmlspecialchars($item->getAuthor(), ENT_QUOTES, 'UTF-8') . '</h2>';
 		}
 		
 		echo '<div class="body">' . $item->getBody() . '</div>';
-- 
cgit v1.2.3