diff options
author | Andrew Dolgov <[email protected]> | 2012-10-22 01:19:06 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2012-10-22 01:19:11 +0400 |
commit | 5c5689734955ced9ca81690ad9c1b76b71a8712a (patch) | |
tree | cf5222c861ffa4906e96e99d8345eec081ee47c9 /include | |
parent | 008ebad92815685c7d43125941e16dba1f135946 (diff) |
properly escape article link/PTITLEs (refs #472)
Diffstat (limited to 'include')
-rw-r--r-- | include/functions.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/functions.php b/include/functions.php index a80d09cbf..f37578ba3 100644 --- a/include/functions.php +++ b/include/functions.php @@ -3372,7 +3372,7 @@ </head><body>"; } - $title_escaped = db_escape_string($line['title']); + $title_escaped = htmlspecialchars($line['title']); $rv['content'] .= "<div id=\"PTITLE-$id\" style=\"display : none\">" . truncate_string(strip_tags($line['title']), 15) . "</div>"; @@ -3400,7 +3400,7 @@ $rv['content'] .= "<div class='postTitle'><a target='_blank' title=\"".htmlspecialchars($line['title'])."\" href=\"" . - $line["link"] . "\">" . + htmlspecialchars($line["link"]) . "\">" . $line["title"] . "<span class='author'>$entry_author</span></a></div>"; } else { |