getArticleLink: add escaping; open_article_in_new_window: add error notifications (closes #202)

2 files changed, 10 insertions, 1 deletions

diff --git a/functions.js b/functions.js
index 9e38e45b0..d30e6bee8 100644
--- a/functions.js
+++ b/functions.js
@@ -68,10 +68,15 @@ function open_article_callback(transport) {
 	try {
 
 		if (transport.responseXML) {
+			
 			var link = transport.responseXML.getElementsByTagName("link")[0];
 			var id = transport.responseXML.getElementsByTagName("id")[0];
 
+			debug("open_article_callback, received link: " + link);
+
 			if (link) {
+				debug("link url: " + link.firstChild.nodeValue);
+
 				window.open(link.firstChild.nodeValue, "_blank");
 
 				if (id) {
@@ -80,7 +85,11 @@ function open_article_callback(transport) {
 						window.setTimeout("toggleUnread(" + id + ", 0)", 100);
 					}
 				}
+			} else {
+				notify_error("Can't open article: received invalid article link");
 			}
+		} else {
+			notify_error("Can't open article: received invalid XML");
 		}
 
 	} catch (e) {
diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php
index 5a8452ea4..d7ebb5940 100644
--- a/modules/backend-rpc.php
+++ b/modules/backend-rpc.php
@@ -279,7 +279,7 @@
 				WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'");
 
 			if (db_num_rows($result) == 1) {
-				$link = strip_tags(db_fetch_result($result, 0, "link"));
+				$link = htmlspecialchars(strip_tags(db_fetch_result($result, 0, "link")));
 				print "<rpc-reply><link>$link</link><id>$id</id></rpc-reply>";
 			} else {
 				print "<rpc-reply><error>Article not found</error></rpc-reply>";