From a494ed3306f1a5e6082a1ffb7e17925a524ea711 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 10 Apr 2013 18:36:35 +0100 Subject: FS#2738, fix double encoding of html entities in RSS feeds (updates feed.php for changes to Diff class introduced in PR#179) --- feed.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'feed.php') diff --git a/feed.php b/feed.php index 7803982b8..73fa0e05f 100644 --- a/feed.php +++ b/feed.php @@ -322,14 +322,15 @@ function rss_buildItems(&$rss, &$data, $opt) { $rev = $revs[0]; if($rev) { - $df = new Diff(explode("\n", htmlspecialchars(rawWiki($id, $rev))), - explode("\n", htmlspecialchars(rawWiki($id, '')))); + $df = new Diff(explode("\n", rawWiki($id, $rev)), + explode("\n", rawWiki($id, ''))); } else { $df = new Diff(array(''), - explode("\n", htmlspecialchars(rawWiki($id, '')))); + explode("\n", rawWiki($id, ''))); } if($opt['item_content'] == 'htmldiff') { + // note: no need to escape diff output, TableDiffFormatter provides 'safe' html $tdf = new TableDiffFormatter(); $content = ''; $content .= ''; @@ -337,8 +338,9 @@ function rss_buildItems(&$rss, &$data, $opt) { $content .= $tdf->format($df); $content .= '
'.$rev.'
'; } else { + // note: diff output must be escaped, UnifiedDiffFormatter provides plain text $udf = new UnifiedDiffFormatter(); - $content = "
\n".$udf->format($df)."\n
"; + $content = "
\n".hsc($udf->format($df))."\n
"; } } break; -- cgit v1.2.3