From 163c2842d17452fffabffccaba3e18b7fbd5fc0b Mon Sep 17 00:00:00 2001
From: Phy <git@phy25.com>
Date: Mon, 21 Aug 2017 01:30:39 +0800
Subject: [PATCH] Fix RSS syntax XSS bug (#2081)

---
 inc/parser/xhtml.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/parser/xhtml.php b/inc/parser/xhtml.php
index 1a7a5a7d0..99929d375 100644
--- a/inc/parser/xhtml.php
+++ b/inc/parser/xhtml.php
@@ -1287,7 +1287,7 @@ class Doku_Renderer_xhtml extends Doku_Renderer {
                     if($author) {
                         $name = $author->get_name();
                         if(!$name) $name = $author->get_email();
-                        if($name) $this->doc .= ' '.$lang['by'].' '.$name;
+                        if($name) $this->doc .= ' '.$lang['by'].' '.hsc($name);
                     }
                 }
                 if($params['date']) {
-- 
GitLab