diff options
| author | Andrew Dolgov <[email protected]> | 2012-10-29 10:13:14 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2012-10-29 10:13:14 +0400 |
| commit | e1e3f972b6aa47a888e487c7f4ecc2a5533e4539 (patch) | |
| tree | 785e7d539d671103e984dc8f41cb56edb5496663 /include | |
| parent | 8b299a163ec042d4d82cbf627675941bf330c889 (diff) | |
update_rss_feed: fix broken title/content escaping
Diffstat (limited to 'include')
| -rw-r--r-- | include/rssfuncs.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/rssfuncs.php b/include/rssfuncs.php index af62a5041..e413743b6 100644 --- a/include/rssfuncs.php +++ b/include/rssfuncs.php @@ -770,8 +770,8 @@ } # sanitize content - $entry_content = sanitize($link, $entry_content, $owner_uid, $site_url); - $entry_title = strip_tags($entry_title); + $entry_content = db_escape_string(sanitize($link, $entry_content, $owner_uid, $site_url)); + $entry_title = db_escape_string(strip_tags($entry_title)); if ($debug_enabled) { _debug("update_rss_feed: done collecting data [TITLE:$entry_title]"); |