diff options
-rw-r--r-- | classes/feeds.php | 6 | ||||
-rw-r--r-- | include/functions.php | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/classes/feeds.php b/classes/feeds.php index 5280502c4..836bbb060 100644 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -633,14 +633,14 @@ class Feeds extends Handler_Protected { if ($num_comments > 0) {
if ($line["comments"]) {
- $comments_url = $line["comments"];
+ $comments_url = htmlspecialchars($line["comments"]);
} else {
- $comments_url = $line["link"];
+ $comments_url = htmlspecialchars($line["link"]);
}
$entry_comments = "<a target='_blank' href=\"$comments_url\">$num_comments comments</a>";
} else {
if ($line["comments"] && $line["link"] != $line["comments"]) {
- $entry_comments = "<a target='_blank' href=\"".$line["comments"]."\">comments</a>";
+ $entry_comments = "<a target='_blank' href=\"".htmlspecialchars($line["comments"])."\">comments</a>";
}
}
diff --git a/include/functions.php b/include/functions.php index f37578ba3..2fb14097f 100644 --- a/include/functions.php +++ b/include/functions.php @@ -3352,14 +3352,14 @@ if ($num_comments > 0) { if ($line["comments"]) { - $comments_url = $line["comments"]; + $comments_url = htmlspecialchars($line["comments"]); } else { - $comments_url = $line["link"]; + $comments_url = htmlspecialchars($line["link"]); } $entry_comments = "<a target='_blank' href=\"$comments_url\">$num_comments comments</a>"; } else { if ($line["comments"] && $line["link"] != $line["comments"]) { - $entry_comments = "<a target='_blank' href=\"".$line["comments"]."\">comments</a>"; + $entry_comments = "<a target='_blank' href=\"".htmlspecialchars($line["comments"])."\">comments</a>"; } } |