From 9369ccab7fb3413d63e218cec81b4cf43442fd98 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sun, 31 May 2009 01:02:51 -0700
Subject: Run all variables that come from user-entered data through p::clean()

---
 modules/rss/views/comment.mrss.php | 14 +++++++-------
 modules/rss/views/feed.mrss.php    | 14 +++++++-------
 2 files changed, 14 insertions(+), 14 deletions(-)

(limited to 'modules/rss')

diff --git a/modules/rss/views/comment.mrss.php b/modules/rss/views/comment.mrss.php
index 8b7e4f70..d2177026 100644
--- a/modules/rss/views/comment.mrss.php
+++ b/modules/rss/views/comment.mrss.php
@@ -6,9 +6,9 @@
    xmlns:fh="http://purl.org/syndication/history/1.0">
   <channel>
     <generator>gallery3</generator>
-    <title><?= $title ?></title>
+    <title><?= p::clean($title) ?></title>
     <link><?= $link ?></link>
-    <description><?= htmlspecialchars($description) ?></description>
+    <description><?= p::clean($description) ?></description>
     <language>en-us</language>
     <atom:link rel="self" href="<?= $feed_link ?>" type="application/rss+xml" />
     <fh:complete/>
@@ -22,17 +22,17 @@
     <lastBuildDate><?= $pub_date ?></lastBuildDate>
     <? foreach ($children as $child): ?>
     <item>
-      <title><?= $child["title"]?></title>
-      <link><?= $child["item_link"] ?></link>
-      <author><?= $child["author"] ?></author>
+      <title><?= p::clean($child["title"]) ?></title>
+      <link><?= p::clean($child["item_link"]) ?></link>
+      <author><?= p::clean($child["author"]) ?></author>
       <guid isPermaLink="true"><?= $child["item_link"] ?></guid>
       <pubDate><?= $child["pub_date"] ?></pubDate>
       <content:encoded>
         <![CDATA[
-          <p><?= $child["text"] ?></p>
+          <p><?= p::clean($child["text"]) ?></p>
           <p>
             <img alt="" src="<?= $child["thumb_url"] ?>"
-                        height="<?= $child["thumb_height"] ?>" width="<?= $child["thumb_width"] ?>" />
+                 height="<?= $child["thumb_height"] ?>" width="<?= $child["thumb_width"] ?>" />
             <br />
           </p>
         ]]>
diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php
index c581e5e0..0beebbcf 100644
--- a/modules/rss/views/feed.mrss.php
+++ b/modules/rss/views/feed.mrss.php
@@ -6,9 +6,9 @@
    xmlns:fh="http://purl.org/syndication/history/1.0">
   <channel>
     <generator>gallery3</generator>
-    <title><?= htmlspecialchars($title) ?></title>
+    <title><?= p::clean($title) ?></title>
     <link><?= $link ?></link>
-    <description><?= htmlspecialchars($description) ?></description>
+    <description><?= p::clean($description) ?></description>
     <language>en-us</language>
     <atom:link rel="self" href="<?= $feed_link ?>" type="application/rss+xml" />
     <fh:complete/>
@@ -22,25 +22,25 @@
     <lastBuildDate><?= $pub_date ?></lastBuildDate>
     <? foreach ($children as $child): ?>
     <item>
-      <title><?= htmlspecialchars($child->title) ?></title>
+      <title><?= p::clean($child->title) ?></title>
       <link><?= url::abs_site("{$child->type}s/{$child->id}") ?></link>
       <guid isPermaLink="true"><?= url::abs_site("{$child->type}s/{$child->id}") ?></guid>
       <pubDate><?= date("D, d M Y H:i:s T", $child->created); ?></pubDate>
       <content:encoded>
         <![CDATA[
-          <span><?= $child->description ?></span>
+          <span><?= p::clean($child->description) ?></span>
           <p>
           <? if ($child->type == "photo" || $child->type == "album"): ?>
             <img alt="" src="<?= $child->resize_url(true) ?>"
-                 title="<?= htmlspecialchars($child->title) ?>"
+                 title="<?= p::clean($child->title) ?>"
                  height="<?= $child->resize_height ?>" width="<?= $child->resize_width ?>" /><br />
           <? else: ?>
             <a href="<?= url::abs_site("{$child->type}s/{$child->id}") ?>">
             <img alt="" src="<?= $child->thumb_url(true) ?>"
-                 title="<?= htmlspecialchars($child->title) ?>"
+                 title="<?= p::clean($child->title) ?>"
                  height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" /></a><br />
           <? endif ?>
-            <?= $child->description ?>
+            <?= p::clean($child->description) ?>
           </p>
         ]]>
       </content:encoded>
-- 
cgit v1.2.3