diff options
author | Christopher Smith <chris@jalakai.co.uk> | 2013-04-10 18:36:35 +0100 |
---|---|---|
committer | Christopher Smith <chris@jalakai.co.uk> | 2013-04-10 18:36:35 +0100 |
commit | a494ed3306f1a5e6082a1ffb7e17925a524ea711 (patch) | |
tree | daeb54b71e8c71085f862da75d4870e9df1176c9 | |
parent | df9752e9c1bfd3eaff132b15817baa1c6e989506 (diff) | |
download | rpg-a494ed3306f1a5e6082a1ffb7e17925a524ea711.tar.gz rpg-a494ed3306f1a5e6082a1ffb7e17925a524ea711.tar.bz2 |
FS#2738, fix double encoding of html entities in RSS feeds (updates feed.php for changes to Diff class introduced in PR#179)
-rw-r--r-- | feed.php | 10 |
1 files changed, 6 insertions, 4 deletions
@@ -322,14 +322,15 @@ function rss_buildItems(&$rss, &$data, $opt) { $rev = $revs[0]; if($rev) { - $df = new Diff(explode("\n", htmlspecialchars(rawWiki($id, $rev))), - explode("\n", htmlspecialchars(rawWiki($id, '')))); + $df = new Diff(explode("\n", rawWiki($id, $rev)), + explode("\n", rawWiki($id, ''))); } else { $df = new Diff(array(''), - explode("\n", htmlspecialchars(rawWiki($id, '')))); + explode("\n", rawWiki($id, ''))); } if($opt['item_content'] == 'htmldiff') { + // note: no need to escape diff output, TableDiffFormatter provides 'safe' html $tdf = new TableDiffFormatter(); $content = '<table>'; $content .= '<tr><th colspan="2" width="50%">'.$rev.'</th>'; @@ -337,8 +338,9 @@ function rss_buildItems(&$rss, &$data, $opt) { $content .= $tdf->format($df); $content .= '</table>'; } else { + // note: diff output must be escaped, UnifiedDiffFormatter provides plain text $udf = new UnifiedDiffFormatter(); - $content = "<pre>\n".$udf->format($df)."\n</pre>"; + $content = "<pre>\n".hsc($udf->format($df))."\n</pre>"; } } break; |