From df9752e9c1bfd3eaff132b15817baa1c6e989506 Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Wed, 10 Apr 2013 18:01:04 +0100
Subject: add comment to Unified Diff Formatter making it clear the output is
 unsafe for use in HTML as is

---
 inc/DifferenceEngine.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'inc')

diff --git a/inc/DifferenceEngine.php b/inc/DifferenceEngine.php
index e0fbf8e03..783d6bea5 100644
--- a/inc/DifferenceEngine.php
+++ b/inc/DifferenceEngine.php
@@ -1004,6 +1004,8 @@ class InlineWordLevelDiff extends MappedDiff {
  * "Unified" diff formatter.
  *
  * This class formats the diff in classic "unified diff" format.
+ *
+ * NOTE: output is plain text and unsafe for use in HTML without escaping.
  */
 class UnifiedDiffFormatter extends DiffFormatter {
 
-- 
cgit v1.2.3


From f755f63a3beef948a8d179c0e0860041f4f86db5 Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Wed, 10 Apr 2013 18:42:20 +0100
Subject: FS#2748, fix double encoding of html entities in subscription email
 diffs (updates subscription.php for changes to Diff class introduced in
 PR#179)

---
 inc/subscription.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'inc')

diff --git a/inc/subscription.php b/inc/subscription.php
index 2989de032..4248e4b11 100644
--- a/inc/subscription.php
+++ b/inc/subscription.php
@@ -408,8 +408,8 @@ class Subscription {
             $tdiff = $dformat->format($df);
 
             $DIFF_INLINESTYLES = true;
-            $df = new Diff(explode("\n", hsc($old_content)),
-                           explode("\n", hsc($new_content)));
+            $df = new Diff(explode("\n", $old_content),
+                           explode("\n", $new_content));
             $dformat = new InlineDiffFormatter();
             $hdiff = $dformat->format($df);
             $hdiff = '<table>'.$hdiff.'</table>';
-- 
cgit v1.2.3