From a494ed3306f1a5e6082a1ffb7e17925a524ea711 Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Wed, 10 Apr 2013 18:36:35 +0100
Subject: [PATCH] FS#2738, fix double encoding of html entities in RSS feeds
(updates feed.php for changes to Diff class introduced in PR#179)
---
feed.php | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/feed.php b/feed.php
index 7803982b8..73fa0e05f 100644
--- a/feed.php
+++ b/feed.php
@@ -322,14 +322,15 @@ function rss_buildItems(&$rss, &$data, $opt) {
$rev = $revs[0];
if($rev) {
- $df = new Diff(explode("\n", htmlspecialchars(rawWiki($id, $rev))),
- explode("\n", htmlspecialchars(rawWiki($id, ''))));
+ $df = new Diff(explode("\n", rawWiki($id, $rev)),
+ explode("\n", rawWiki($id, '')));
} else {
$df = new Diff(array(''),
- explode("\n", htmlspecialchars(rawWiki($id, ''))));
+ explode("\n", rawWiki($id, '')));
}
if($opt['item_content'] == 'htmldiff') {
+ // note: no need to escape diff output, TableDiffFormatter provides 'safe' html
$tdf = new TableDiffFormatter();
$content = '<table>';
$content .= '<tr><th colspan="2" width="50%">'.$rev.'</th>';
@@ -337,8 +338,9 @@ function rss_buildItems(&$rss, &$data, $opt) {
$content .= $tdf->format($df);
$content .= '</table>';
} else {
+ // note: diff output must be escaped, UnifiedDiffFormatter provides plain text
$udf = new UnifiedDiffFormatter();
- $content = "<pre>\n".$udf->format($df)."\n</pre>";
+ $content = "<pre>\n".hsc($udf->format($df))."\n</pre>";
}
}
break;
--
GitLab