From 5c5689734955ced9ca81690ad9c1b76b71a8712a Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 22 Oct 2012 01:19:06 +0400
Subject: properly escape article link/PTITLEs (refs #472)

---
 classes/feeds.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'classes/feeds.php')

diff --git a/classes/feeds.php b/classes/feeds.php
index 31224d1db..5280502c4 100644
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -503,7 +503,7 @@ class Feeds extends Handler_Protected {
 					$reply['content'] .= "</div>";
 
 					$reply['content'] .= "<div id=\"PTITLE-FULL-$id\" style=\"display : none\">" .
-						strip_tags($line['title']) . "</div>";
+						htmlspecialchars(strip_tags($line['title'])) . "</div>";
 
 					$reply['content'] .= "<span id=\"RTITLE-$id\"
 						onclick=\"return cdmClicked(event, $id);\"
-- 
cgit v1.2.3