summaryrefslogtreecommitdiff
path: root/pages/index
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2013-09-09 21:02:59 +0200
committerBenny Baumann <BenBE@geshi.org>2013-09-09 21:02:59 +0200
commit55d2a7b1fdd6aba528adf5afaec880ebf067edcf (patch)
tree4e95362ca4cc4ef6551fa0e572479427649e3792 /pages/index
parented332a25dedba4b372d45e4bc4d5276d96d6ae38 (diff)
parentcb81c2340d8816344d315539707988fabfd7f4d9 (diff)
downloadcacert-devel-55d2a7b1fdd6aba528adf5afaec880ebf067edcf.tar.gz
cacert-devel-55d2a7b1fdd6aba528adf5afaec880ebf067edcf.tar.xz
cacert-devel-55d2a7b1fdd6aba528adf5afaec880ebf067edcf.zip
Merge branch 'bug-1190' into release
Diffstat (limited to 'pages/index')
-rw-r--r--pages/index/0.php15
1 files changed, 10 insertions, 5 deletions
diff --git a/pages/index/0.php b/pages/index/0.php
index a2c2e5a..b1359f6 100644
--- a/pages/index/0.php
+++ b/pages/index/0.php
@@ -53,11 +53,16 @@
$query = "./description";
$nodeList = $xpath->query($query, $item);
- $description = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue);
-
- printf("<h3> %s </h3>\n", $title);
- printf("<p> %s </p>\n", $description);
- printf("<p>[<a href=\"%s\"> %s </a> ] </p>\n\n", $link,_("Full Story"));
+ $description = $nodeList->item(0)->nodeValue;
+ // The description may contain HTML entities => convert them
+ $description = html_entity_decode($description, ENT_COMPAT | ENT_HTML401, 'UTF-8');
+ // Description may contain HTML markup and unicode characters => encode them
+ // If we didn't decode and then encode again, (i.e. take the content
+ // as it is in the RSS feed) we might inject harmful markup
+ $description = recode_string("UTF8..html", $description);
+
+ printf("<h3><a href=\"%s\">%s</a></h3>\n", $link, $title);
+ printf("<p>%s</p>\n", nl2br($description));
$title = '';
$description = '';