From 5c5689734955ced9ca81690ad9c1b76b71a8712a Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 22 Oct 2012 01:19:06 +0400
Subject: properly escape article link/PTITLEs (refs #472)

---
 include/functions.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include/functions.php')

diff --git a/include/functions.php b/include/functions.php
index a80d09cbf..f37578ba3 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -3372,7 +3372,7 @@
 					</head><body>";
 			}
 
-			$title_escaped = db_escape_string($line['title']);
+			$title_escaped = htmlspecialchars($line['title']);
 
 			$rv['content'] .= "<div id=\"PTITLE-$id\" style=\"display : none\">" .
 				truncate_string(strip_tags($line['title']), 15) . "</div>";
@@ -3400,7 +3400,7 @@
 				$rv['content'] .= "<div class='postTitle'><a target='_blank'
 					title=\"".htmlspecialchars($line['title'])."\"
 					href=\"" .
-					$line["link"] . "\">" .
+					htmlspecialchars($line["link"]) . "\">" .
 					$line["title"] .
 					"<span class='author'>$entry_author</span></a></div>";
 			} else {
-- 
cgit v1.2.3