diff options
author | Andrew Dolgov <[email protected]> | 2013-07-13 22:14:18 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2013-07-13 22:14:18 +0400 |
commit | 12d17734f62ff83a5fd2d82c69c617c3f0d9008d (patch) | |
tree | 03ef6ece65f145f380bdb0df29895963a9aca5f2 /classes/feeds.php | |
parent | 7a7a0dc2dd02c7064ce367004bd476345464d8cd (diff) |
properly escape feed error message in headlines toolbar
Diffstat (limited to 'classes/feeds.php')
-rw-r--r-- | classes/feeds.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/classes/feeds.php b/classes/feeds.php index 4cace8d5c..def24521a 100644 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -63,7 +63,8 @@ class Feeds extends Handler_Protected { truncate_string($feed_title,30)."</a>"; if ($error) { - $reply .= " <img title='$error' src='images/error.png' alt='error' class=\"noborder\" style=\"vertical-align : middle\">"; + $error = htmlspecialchars($error); + $reply .= " <img title=\"$error\" src='images/error.png' alt='error' class=\"noborder\" style=\"vertical-align : middle\">"; } } else { |