From 06925d9e8502e544a98b7b2dacf618be9e34f25f Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.spb.ru>
Date: Fri, 18 Apr 2008 06:13:00 +0100
Subject: getArticleLink: add escaping; open_article_in_new_window: add error
 notifications (closes #202)

---
 modules/backend-rpc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php
index 5a8452ea4..d7ebb5940 100644
--- a/modules/backend-rpc.php
+++ b/modules/backend-rpc.php
@@ -279,7 +279,7 @@
 				WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'");
 
 			if (db_num_rows($result) == 1) {
-				$link = strip_tags(db_fetch_result($result, 0, "link"));
+				$link = htmlspecialchars(strip_tags(db_fetch_result($result, 0, "link")));
 				print "<rpc-reply><link>$link</link><id>$id</id></rpc-reply>";
 			} else {
 				print "<rpc-reply><error>Article not found</error></rpc-reply>";
-- 
cgit v1.2.3