From bf5344ce04b8f37b658f481a09f1742f84c182a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20T=C3=A4nzer?= Date: Wed, 14 Aug 2013 22:45:32 +0200 Subject: bug 1190: RSS may contain HTML markup => decode it and then encode it again MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michael Tänzer --- pages/index/0.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'pages') diff --git a/pages/index/0.php b/pages/index/0.php index a2c2e5a..db46673 100644 --- a/pages/index/0.php +++ b/pages/index/0.php @@ -53,7 +53,13 @@ $query = "./description"; $nodeList = $xpath->query($query, $item); - $description = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue); + $description = $nodeList->item(0)->nodeValue; + // The description may contain HTML entities => convert them + $description = html_entity_decode($description, ENT_COMPAT | ENT_HTML401, 'UTF-8'); + // Description may contain HTML markup and unicode characters => encode them + // If we didn't decode and then encode again, (i.e. take the content + // as it is in the RSS feed) we might inject harmful markup + $description = recode_string("UTF8..html", $description); printf("

%s

\n", $title); printf("

%s

\n", $description); -- cgit v1.2.1 From 1a1a0c72aa34679d6eac458b0be8fca084fec26c Mon Sep 17 00:00:00 2001 From: Benny Baumann Date: Tue, 20 Aug 2013 21:41:55 +0200 Subject: bug-1190: improve links for mobile devices --- pages/index/0.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'pages') diff --git a/pages/index/0.php b/pages/index/0.php index db46673..c369635 100644 --- a/pages/index/0.php +++ b/pages/index/0.php @@ -61,9 +61,8 @@ // as it is in the RSS feed) we might inject harmful markup $description = recode_string("UTF8..html", $description); - printf("

%s

\n", $title); - printf("

%s

\n", $description); - printf("

[ %s ]

\n\n", $link,_("Full Story")); + printf("

%s

\n", $link, $title); + printf("

%s

\n", $description); $title = ''; $description = ''; -- cgit v1.2.1 From cb81c2340d8816344d315539707988fabfd7f4d9 Mon Sep 17 00:00:00 2001 From: Benny Baumann Date: Tue, 20 Aug 2013 21:43:48 +0200 Subject: bug 1190: force linebreaks to be visible on the frontpage --- pages/index/0.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pages') diff --git a/pages/index/0.php b/pages/index/0.php index c369635..b1359f6 100644 --- a/pages/index/0.php +++ b/pages/index/0.php @@ -62,7 +62,7 @@ $description = recode_string("UTF8..html", $description); printf("

%s

\n", $link, $title); - printf("

%s

\n", $description); + printf("

%s

\n", nl2br($description)); $title = ''; $description = ''; -- cgit v1.2.1