diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/Models/Feed.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/app/Models/Feed.php b/app/Models/Feed.php index 953ffc918..143da0139 100644 --- a/app/Models/Feed.php +++ b/app/Models/Feed.php @@ -886,11 +886,14 @@ class FreshRSS_Feed extends Minz_Model { if ($item['title'] != '' || $item['content'] != '' || $item['link'] != '') { // HTML-encoding/escaping of the relevant fields (all except 'content') - foreach (['author', 'guid', 'link', 'thumbnail', 'timestamp', 'tags', 'title'] as $key) { - if (!empty($item[$key]) && is_string($item[$key])) { - $item[$key] = Minz_Helper::htmlspecialchars_utf8($item[$key]); + foreach (['author', 'guid', 'link', 'thumbnail', 'timestamp', 'title'] as $key) { + if (isset($item[$key])) { + $item[$key] = htmlspecialchars($item[$key], ENT_COMPAT, 'UTF-8'); } } + if (isset($item['tags'])) { + $item['tags'] = Minz_Helper::htmlspecialchars_utf8($item['tags']); + } // CDATA protection $item['content'] = str_replace(']]>', ']]>', $item['content']); $view->entries[] = FreshRSS_Entry::fromArray($item); |