From 9369ccab7fb3413d63e218cec81b4cf43442fd98 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sun, 31 May 2009 01:02:51 -0700
Subject: Run all variables that come from user-entered data through p::clean()

---
 modules/rss/views/comment.mrss.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'modules/rss/views/comment.mrss.php')

diff --git a/modules/rss/views/comment.mrss.php b/modules/rss/views/comment.mrss.php
index 8b7e4f70..d2177026 100644
--- a/modules/rss/views/comment.mrss.php
+++ b/modules/rss/views/comment.mrss.php
@@ -6,9 +6,9 @@
    xmlns:fh="http://purl.org/syndication/history/1.0">
   <channel>
     <generator>gallery3</generator>
-    <title><?= $title ?></title>
+    <title><?= p::clean($title) ?></title>
     <link><?= $link ?></link>
-    <description><?= htmlspecialchars($description) ?></description>
+    <description><?= p::clean($description) ?></description>
     <language>en-us</language>
     <atom:link rel="self" href="<?= $feed_link ?>" type="application/rss+xml" />
     <fh:complete/>
@@ -22,17 +22,17 @@
     <lastBuildDate><?= $pub_date ?></lastBuildDate>
     <? foreach ($children as $child): ?>
     <item>
-      <title><?= $child["title"]?></title>
-      <link><?= $child["item_link"] ?></link>
-      <author><?= $child["author"] ?></author>
+      <title><?= p::clean($child["title"]) ?></title>
+      <link><?= p::clean($child["item_link"]) ?></link>
+      <author><?= p::clean($child["author"]) ?></author>
       <guid isPermaLink="true"><?= $child["item_link"] ?></guid>
       <pubDate><?= $child["pub_date"] ?></pubDate>
       <content:encoded>
         <![CDATA[
-          <p><?= $child["text"] ?></p>
+          <p><?= p::clean($child["text"]) ?></p>
           <p>
             <img alt="" src="<?= $child["thumb_url"] ?>"
-                        height="<?= $child["thumb_height"] ?>" width="<?= $child["thumb_width"] ?>" />
+                 height="<?= $child["thumb_height"] ?>" width="<?= $child["thumb_width"] ?>" />
             <br />
           </p>
         ]]>
-- 
cgit v1.2.3