diff options
| -rw-r--r-- | pages/index/0.php | 15 | ||||
| -rw-r--r-- | www/gpg.php | 3 |
2 files changed, 10 insertions, 8 deletions
diff --git a/pages/index/0.php b/pages/index/0.php index a2c2e5a..b1359f6 100644 --- a/pages/index/0.php +++ b/pages/index/0.php @@ -53,11 +53,16 @@ $query = "./description"; $nodeList = $xpath->query($query, $item); - $description = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue); - - printf("<h3> %s </h3>\n", $title); - printf("<p> %s </p>\n", $description); - printf("<p>[<a href=\"%s\"> %s </a> ] </p>\n\n", $link,_("Full Story")); + $description = $nodeList->item(0)->nodeValue; + // The description may contain HTML entities => convert them + $description = html_entity_decode($description, ENT_COMPAT | ENT_HTML401, 'UTF-8'); + // Description may contain HTML markup and unicode characters => encode them + // If we didn't decode and then encode again, (i.e. take the content + // as it is in the RSS feed) we might inject harmful markup + $description = recode_string("UTF8..html", $description); + + printf("<h3><a href=\"%s\">%s</a></h3>\n", $link, $title); + printf("<p>%s</p>\n", nl2br($description)); $title = ''; $description = ''; diff --git a/www/gpg.php b/www/gpg.php index 2fdc518..f24d84c 100644 --- a/www/gpg.php +++ b/www/gpg.php @@ -17,11 +17,8 @@ */ ?> <? require_once("../includes/loggedin.php"); -<<<<<<< HEAD require_once("../includes/lib/general.php"); -======= require_once('../includes/notary.inc.php'); ->>>>>>> merge-bug-1177-893-1136-1123-1137 $id = 0; if(array_key_exists('id',$_REQUEST)) $id=intval($_REQUEST['id']); $oldid = $_REQUEST['oldid'] = array_key_exists('oldid',$_REQUEST) ? intval($_REQUEST['oldid']) : 0; |