Merge branch 'master' into configmgr_improvements

Conflicts: inc/auth.php inc/template.php lib/plugins/authad/lang/zh/settings.php lib/plugins/authldap/lang/en/settings.php lib/plugins/authldap/lang/zh/settings.php lib/plugins/authmysql/lang/zh/settings.php lib/plugins/config/settings/config.class.php lib/plugins/usermanager/admin.php
author: Christopher Smith <chris@jalakai.co.uk> 2013-07-30 10:50:52 +0200
committer: Christopher Smith <chris@jalakai.co.uk> 2013-07-30 10:50:52 +0200
commit: af07997c5ff7cc096965159d90158e3710d2d019 (patch)
tree: defaf770e77a679436eb56291185905b547640d0 /feed.php
parent: bdac741579f8c6f00248d5d3ec635d4c2e08fb1e (diff)
parent: 7d8a6abbb21979fd77dca10275ebb8e01a04b6e4 (diff)
download: rpg-af07997c5ff7cc096965159d90158e3710d2d019.tar.gz
rpg-af07997c5ff7cc096965159d90158e3710d2d019.tar.bz2
1 files changed, 7 insertions, 5 deletions
diff --git a/feed.php b/feed.php
index 7803982b8..8d1dcea6a 100644
--- a/feed.php
+++ b/feed.php
@@ -242,7 +242,7 @@ function rss_buildItems(&$rss, &$data, $opt) {
                             ), '&', true
                         );
                     } else {
-                        $item->link = wl($id, 'rev='.$date, true, '&', true);
+                        $item->link = wl($id, 'rev='.$date, true, '&');
                     }
                     break;
                 case 'rev':
@@ -322,14 +322,15 @@ function rss_buildItems(&$rss, &$data, $opt) {
                         $rev  = $revs[0];
 
                         if($rev) {
-                            $df = new Diff(explode("\n", htmlspecialchars(rawWiki($id, $rev))),
-                                           explode("\n", htmlspecialchars(rawWiki($id, ''))));
+                            $df = new Diff(explode("\n", rawWiki($id, $rev)),
+                                           explode("\n", rawWiki($id, '')));
                         } else {
                             $df = new Diff(array(''),
-                                           explode("\n", htmlspecialchars(rawWiki($id, ''))));
+                                           explode("\n", rawWiki($id, '')));
                         }
 
                         if($opt['item_content'] == 'htmldiff') {
+                            // note: no need to escape diff output, TableDiffFormatter provides 'safe' html
                             $tdf     = new TableDiffFormatter();
                             $content = '<table>';
                             $content .= '<tr><th colspan="2" width="50%">'.$rev.'</th>';
@@ -337,8 +338,9 @@ function rss_buildItems(&$rss, &$data, $opt) {
                             $content .= $tdf->format($df);
                             $content .= '</table>';
                         } else {
+                            // note: diff output must be escaped, UnifiedDiffFormatter provides plain text
                             $udf     = new UnifiedDiffFormatter();
-                            $content = "<pre>\n".$udf->format($df)."\n</pre>";
+                            $content = "<pre>\n".hsc($udf->format($df))."\n</pre>";
                         }
                     }
                     break;
author	Christopher Smith <chris@jalakai.co.uk>	2013-07-30 10:50:52 +0200
committer	Christopher Smith <chris@jalakai.co.uk>	2013-07-30 10:50:52 +0200
commit	af07997c5ff7cc096965159d90158e3710d2d019 (patch)
tree	defaf770e77a679436eb56291185905b547640d0 /feed.php
parent	bdac741579f8c6f00248d5d3ec635d4c2e08fb1e (diff)
parent	7d8a6abbb21979fd77dca10275ebb8e01a04b6e4 (diff)
download	rpg-af07997c5ff7cc096965159d90158e3710d2d019.tar.gz rpg-af07997c5ff7cc096965159d90158e3710d2d019.tar.bz2