diff options
author | Andrew Dolgov <[email protected]> | 2008-04-18 06:13:00 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2008-04-18 06:13:00 +0100 |
commit | 06925d9e8502e544a98b7b2dacf618be9e34f25f (patch) | |
tree | 08fb7deaec41b3adb0b60f9186d691be7792e248 /modules/backend-rpc.php | |
parent | ae56f762746c1854acd326802cea7cc5f36244e7 (diff) |
getArticleLink: add escaping; open_article_in_new_window: add error notifications (closes #202)
Diffstat (limited to 'modules/backend-rpc.php')
-rw-r--r-- | modules/backend-rpc.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php index 5a8452ea4..d7ebb5940 100644 --- a/modules/backend-rpc.php +++ b/modules/backend-rpc.php @@ -279,7 +279,7 @@ WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'"); if (db_num_rows($result) == 1) { - $link = strip_tags(db_fetch_result($result, 0, "link")); + $link = htmlspecialchars(strip_tags(db_fetch_result($result, 0, "link"))); print "<rpc-reply><link>$link</link><id>$id</id></rpc-reply>"; } else { print "<rpc-reply><error>Article not found</error></rpc-reply>"; |