title escaping: do not double-encode entities

author: Andrew Dolgov <[email protected]> 2013-03-23 09:44:52 +0400
committer: Andrew Dolgov <[email protected]> 2013-03-23 09:44:52 +0400
commit: d6ce708930cb838af3ed1cf585d3ca62b7036d9b (patch)
tree: 0a7fd2b21081a4b7561106cac7771d073994f2ea /classes
parent: 01dffac771a64b2e8b87d0c3d76c09ccc51f125f (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/classes/feeds.php b/classes/feeds.php
index 3657a0564..f67321177 100644
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -432,7 +432,8 @@ class Feeds extends Handler_Protected {
 					$reply['content'] .= "<div onclick='return hlClicked(event, $id)'
 						class=\"hlTitle\"><span class='hlContent$hlc_suffix'>";
 					$reply['content'] .= "<a id=\"RTITLE-$id\"
-						href=\"" . htmlspecialchars($line["link"]) . "\"
+						href=\"" . htmlspecialchars($line["link"], ENT_COMPAT | ENT_HTML401,
+							'utf-8', false) . "\"
 						onclick=\"\">" .
 						truncate_string($line["title"], 200);
author	Andrew Dolgov <[email protected]>	2013-03-23 09:44:52 +0400
committer	Andrew Dolgov <[email protected]>	2013-03-23 09:44:52 +0400
commit	d6ce708930cb838af3ed1cf585d3ca62b7036d9b (patch)
tree	0a7fd2b21081a4b7561106cac7771d073994f2ea /classes
parent	01dffac771a64b2e8b87d0c3d76c09ccc51f125f (diff)