diff options
author | Andrew Dolgov <[email protected]> | 2013-03-23 09:44:52 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2013-03-23 09:44:52 +0400 |
commit | d6ce708930cb838af3ed1cf585d3ca62b7036d9b (patch) | |
tree | 0a7fd2b21081a4b7561106cac7771d073994f2ea | |
parent | 01dffac771a64b2e8b87d0c3d76c09ccc51f125f (diff) |
title escaping: do not double-encode entities
-rw-r--r-- | classes/feeds.php | 3 | ||||
-rw-r--r-- | include/functions.php | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/classes/feeds.php b/classes/feeds.php index 3657a0564..f67321177 100644 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -432,7 +432,8 @@ class Feeds extends Handler_Protected { $reply['content'] .= "<div onclick='return hlClicked(event, $id)' class=\"hlTitle\"><span class='hlContent$hlc_suffix'>"; $reply['content'] .= "<a id=\"RTITLE-$id\" - href=\"" . htmlspecialchars($line["link"]) . "\" + href=\"" . htmlspecialchars($line["link"], ENT_COMPAT | ENT_HTML401, + 'utf-8', false) . "\" onclick=\"\">" . truncate_string($line["title"], 200); diff --git a/include/functions.php b/include/functions.php index e57ee6953..994b4c179 100644 --- a/include/functions.php +++ b/include/functions.php @@ -3022,7 +3022,8 @@ if ($line["link"]) { $rv['content'] .= "<div class='postTitle'><a target='_blank' - title=\"".htmlspecialchars($line['title'])."\" + title=\"".htmlspecialchars($line["link"], ENT_COMPAT | ENT_HTML401, + 'utf-8', false)."\" href=\"" . htmlspecialchars($line["link"]) . "\">" . $line["title"] . "</a>" . |