summaryrefslogtreecommitdiff
path: root/pages/index/0.php
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-01-15 00:48:07 +0100
committerMichael Tänzer <neo@nhng.de>2014-01-15 00:48:07 +0100
commit2c4c29221f7efcaa98ff3150e8563b2616d143da (patch)
treeadc5f3491472a47c5d8ed2b6decf7de4a39b6035 /pages/index/0.php
parentb9e886be937d8b8cd4625739968186633d87c36f (diff)
parentf0f37eabcb2554f78900396248a05cdee1626975 (diff)
downloadcacert-devel-bug-1195.tar.gz
cacert-devel-bug-1195.tar.xz
cacert-devel-bug-1195.zip
Merge branch 'release' into bug-1195bug-1195
Conflicts: includes/account.php pages/account/6.php Signed-off-by: Michael Tänzer <neo@nhng.de>
Diffstat (limited to 'pages/index/0.php')
-rw-r--r--pages/index/0.php15
1 files changed, 10 insertions, 5 deletions
diff --git a/pages/index/0.php b/pages/index/0.php
index a2c2e5a..b1359f6 100644
--- a/pages/index/0.php
+++ b/pages/index/0.php
@@ -53,11 +53,16 @@
$query = "./description";
$nodeList = $xpath->query($query, $item);
- $description = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue);
-
- printf("<h3> %s </h3>\n", $title);
- printf("<p> %s </p>\n", $description);
- printf("<p>[<a href=\"%s\"> %s </a> ] </p>\n\n", $link,_("Full Story"));
+ $description = $nodeList->item(0)->nodeValue;
+ // The description may contain HTML entities => convert them
+ $description = html_entity_decode($description, ENT_COMPAT | ENT_HTML401, 'UTF-8');
+ // Description may contain HTML markup and unicode characters => encode them
+ // If we didn't decode and then encode again, (i.e. take the content
+ // as it is in the RSS feed) we might inject harmful markup
+ $description = recode_string("UTF8..html", $description);
+
+ printf("<h3><a href=\"%s\">%s</a></h3>\n", $link, $title);
+ printf("<p>%s</p>\n", nl2br($description));
$title = '';
$description = '';