From f702e689c13f0d7b3d23b773ab95cea13e3f3c18 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <nukeawhale@gmail.com>
Date: Thu, 6 Sep 2012 03:48:10 +0200
Subject: removed xss vulnerabilities in template code

---
 templates/part.listfeed.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'templates/part.listfeed.php')

diff --git a/templates/part.listfeed.php b/templates/part.listfeed.php
index 04d67a881..cfa49b82d 100644
--- a/templates/part.listfeed.php
+++ b/templates/part.listfeed.php
@@ -9,7 +9,7 @@ if(isset($_['mock'])){
     $favicon = OCP\Util::imagePath('core', 'actions/public.svg');
 } else {
     $feed = isset($_['feed']) ? $_['feed'] : null;
-    $feedTitle = htmlspecialchars_decode($feed->getTitle());
+    $feedTitle = $feed->getTitle();
     $feedId =  $feed->getId();
     $unreadItemsCount = isset($_['unreadItemsCount']) ? $_['unreadItemsCount'] : null;
     $favicon = $feed->getFavicon();
@@ -19,7 +19,7 @@ if(isset($_['mock'])){
 }
 
 echo '<li class="feed" data-id="' . $feedId . '">';
-    echo '<a style="background-image: url(' . $favicon . ');" href="#" class="title">' . $feedTitle .'</a>';
+    echo '<a style="background-image: url(' . $favicon . ');" href="#" class="title">' . htmlspecialchars($feedTitle, ENT_QUOTES, 'UTF-8') .'</a>';
 	echo '<span class="unread_items_counter">' . $unreadItemsCount . '</span>';
     echo '<span class="buttons">';
         echo '<button class="svg action feeds_delete" title="' . $l->t('Delete feed') . '"></button>';
-- 
cgit v1.2.3