From bf5344ce04b8f37b658f481a09f1742f84c182a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20T=C3=A4nzer?= <neo@nhng.de>
Date: Wed, 14 Aug 2013 22:45:32 +0200
Subject: bug 1190: RSS may contain HTML markup => decode it and then encode it
 again
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michael Tänzer <neo@nhng.de>
---
 pages/index/0.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'pages')

diff --git a/pages/index/0.php b/pages/index/0.php
index a2c2e5a..db46673 100644
--- a/pages/index/0.php
+++ b/pages/index/0.php
@@ -53,7 +53,13 @@
 
 		$query = "./description";
 		$nodeList = $xpath->query($query, $item);
-		$description = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue);
+		$description = $nodeList->item(0)->nodeValue;
+		// The description may contain HTML entities => convert them
+		$description = html_entity_decode($description, ENT_COMPAT | ENT_HTML401, 'UTF-8');
+		// Description may contain HTML markup and unicode characters => encode them
+		// If we didn't decode and then encode again, (i.e. take the content
+		// as it is in the RSS feed) we might inject harmful markup
+		$description = recode_string("UTF8..html", $description);
 
 		printf("<h3> %s </h3>\n", $title);
 		printf("<p> %s </p>\n", $description);
-- 
cgit v1.2.1


From 1a1a0c72aa34679d6eac458b0be8fca084fec26c Mon Sep 17 00:00:00 2001
From: Benny Baumann <BenBE@geshi.org>
Date: Tue, 20 Aug 2013 21:41:55 +0200
Subject: bug-1190: improve links for mobile devices

---
 pages/index/0.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'pages')

diff --git a/pages/index/0.php b/pages/index/0.php
index db46673..c369635 100644
--- a/pages/index/0.php
+++ b/pages/index/0.php
@@ -61,9 +61,8 @@
 		// as it is in the RSS feed) we might inject harmful markup
 		$description = recode_string("UTF8..html", $description);
 
-		printf("<h3> %s </h3>\n", $title);
-		printf("<p> %s </p>\n", $description);
-		printf("<p>[<a href=\"%s\"> %s </a> ] </p>\n\n", $link,_("Full Story"));
+		printf("<h3><a href=\"%s\">%s</a></h3>\n", $link, $title);
+		printf("<p>%s</p>\n", $description);
 
 		$title = '';
 		$description = '';
-- 
cgit v1.2.1


From cb81c2340d8816344d315539707988fabfd7f4d9 Mon Sep 17 00:00:00 2001
From: Benny Baumann <BenBE@geshi.org>
Date: Tue, 20 Aug 2013 21:43:48 +0200
Subject: bug 1190: force linebreaks to be visible on the frontpage

---
 pages/index/0.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'pages')

diff --git a/pages/index/0.php b/pages/index/0.php
index c369635..b1359f6 100644
--- a/pages/index/0.php
+++ b/pages/index/0.php
@@ -62,7 +62,7 @@
 		$description = recode_string("UTF8..html", $description);
 
 		printf("<h3><a href=\"%s\">%s</a></h3>\n", $link, $title);
-		printf("<p>%s</p>\n", $description);
+		printf("<p>%s</p>\n", nl2br($description));
 
 		$title = '';
 		$description = '';
-- 
cgit v1.2.1