Merge remote-tracking branch 'origin/master' into loggedin-class

author: Anika Henke <anika@selfthinker.org> 2013-06-02 23:14:12 +0100
committer: Anika Henke <anika@selfthinker.org> 2013-06-02 23:14:12 +0100
commit: 20beef63b4694afdc3d6c434c3d27c982b6a986b (patch)
tree: 9800833361010fe16a2f25a2b2e75a1b569f39f8 /feed.php
parent: bc1e9ee1b1fffcb554afced8504270032c97341f (diff)
parent: 21c9604e66bcb42ab5267e9873738a6e22250103 (diff)
download: rpg-20beef63b4694afdc3d6c434c3d27c982b6a986b.tar.gz
rpg-20beef63b4694afdc3d6c434c3d27c982b6a986b.tar.bz2
1 files changed, 7 insertions, 5 deletions
diff --git a/feed.php b/feed.php
index 7803982b8..8d1dcea6a 100644
--- a/feed.php
+++ b/feed.php
@@ -242,7 +242,7 @@ function rss_buildItems(&$rss, &$data, $opt) {
                             ), '&', true
                         );
                     } else {
-                        $item->link = wl($id, 'rev='.$date, true, '&', true);
+                        $item->link = wl($id, 'rev='.$date, true, '&');
                     }
                     break;
                 case 'rev':
@@ -322,14 +322,15 @@ function rss_buildItems(&$rss, &$data, $opt) {
                         $rev  = $revs[0];
 
                         if($rev) {
-                            $df = new Diff(explode("\n", htmlspecialchars(rawWiki($id, $rev))),
-                                           explode("\n", htmlspecialchars(rawWiki($id, ''))));
+                            $df = new Diff(explode("\n", rawWiki($id, $rev)),
+                                           explode("\n", rawWiki($id, '')));
                         } else {
                             $df = new Diff(array(''),
-                                           explode("\n", htmlspecialchars(rawWiki($id, ''))));
+                                           explode("\n", rawWiki($id, '')));
                         }
 
                         if($opt['item_content'] == 'htmldiff') {
+                            // note: no need to escape diff output, TableDiffFormatter provides 'safe' html
                             $tdf     = new TableDiffFormatter();
                             $content = '<table>';
                             $content .= '<tr><th colspan="2" width="50%">'.$rev.'</th>';
@@ -337,8 +338,9 @@ function rss_buildItems(&$rss, &$data, $opt) {
                             $content .= $tdf->format($df);
                             $content .= '</table>';
                         } else {
+                            // note: diff output must be escaped, UnifiedDiffFormatter provides plain text
                             $udf     = new UnifiedDiffFormatter();
-                            $content = "<pre>\n".$udf->format($df)."\n</pre>";
+                            $content = "<pre>\n".hsc($udf->format($df))."\n</pre>";
                         }
                     }
                     break;
author	Anika Henke <anika@selfthinker.org>	2013-06-02 23:14:12 +0100
committer	Anika Henke <anika@selfthinker.org>	2013-06-02 23:14:12 +0100
commit	20beef63b4694afdc3d6c434c3d27c982b6a986b (patch)
tree	9800833361010fe16a2f25a2b2e75a1b569f39f8 /feed.php
parent	bc1e9ee1b1fffcb554afced8504270032c97341f (diff)
parent	21c9604e66bcb42ab5267e9873738a6e22250103 (diff)
download	rpg-20beef63b4694afdc3d6c434c3d27c982b6a986b.tar.gz rpg-20beef63b4694afdc3d6c434c3d27c982b6a986b.tar.bz2