title escaping: do not double-encode entities

This commit is contained in:
Andrew Dolgov 2013-03-23 09:44:52 +04:00
parent 01dffac771
commit d6ce708930
2 changed files with 4 additions and 2 deletions

View File

@ -432,7 +432,8 @@ class Feeds extends Handler_Protected {
$reply['content'] .= "<div onclick='return hlClicked(event, $id)' $reply['content'] .= "<div onclick='return hlClicked(event, $id)'
class=\"hlTitle\"><span class='hlContent$hlc_suffix'>"; class=\"hlTitle\"><span class='hlContent$hlc_suffix'>";
$reply['content'] .= "<a id=\"RTITLE-$id\" $reply['content'] .= "<a id=\"RTITLE-$id\"
href=\"" . htmlspecialchars($line["link"]) . "\" href=\"" . htmlspecialchars($line["link"], ENT_COMPAT | ENT_HTML401,
'utf-8', false) . "\"
onclick=\"\">" . onclick=\"\">" .
truncate_string($line["title"], 200); truncate_string($line["title"], 200);

View File

@ -3022,7 +3022,8 @@
if ($line["link"]) { if ($line["link"]) {
$rv['content'] .= "<div class='postTitle'><a target='_blank' $rv['content'] .= "<div class='postTitle'><a target='_blank'
title=\"".htmlspecialchars($line['title'])."\" title=\"".htmlspecialchars($line["link"], ENT_COMPAT | ENT_HTML401,
'utf-8', false)."\"
href=\"" . href=\"" .
htmlspecialchars($line["link"]) . "\">" . htmlspecialchars($line["link"]) . "\">" .
$line["title"] . "</a>" . $line["title"] . "</a>" .