diff options
| author | Alexandre Alapetite <alexandre@alapetite.fr> | 2025-02-20 22:12:10 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-20 22:12:10 +0100 |
| commit | a518ecb39e87c9c69d659894d34c653aa6c4534e (patch) | |
| tree | 74e8267e327d3f7b965b9e5c346203c78de76f1c /app | |
| parent | 6c6695b835dbabed0836c652839566e728b7cf98 (diff) | |
| download | freshrss-a518ecb39e87c9c69d659894d34c653aa6c4534e.tar.gz freshrss-a518ecb39e87c9c69d659894d34c653aa6c4534e.zip | |
Fix regression XPath XML encoding (#7345)
* Fix regression XPath XML encoding
fix https://github.com/FreshRSS/FreshRSS/discussions/7325
The categories (tags) were not correctly XML-escaped due to being an array
https://github.com/FreshRSS/FreshRSS/pull/5305/files#r1964316119
* Improve typing
Diffstat (limited to 'app')
| -rw-r--r-- | app/Models/Feed.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/app/Models/Feed.php b/app/Models/Feed.php index 953ffc918..143da0139 100644 --- a/app/Models/Feed.php +++ b/app/Models/Feed.php @@ -886,11 +886,14 @@ class FreshRSS_Feed extends Minz_Model { if ($item['title'] != '' || $item['content'] != '' || $item['link'] != '') { // HTML-encoding/escaping of the relevant fields (all except 'content') - foreach (['author', 'guid', 'link', 'thumbnail', 'timestamp', 'tags', 'title'] as $key) { - if (!empty($item[$key]) && is_string($item[$key])) { - $item[$key] = Minz_Helper::htmlspecialchars_utf8($item[$key]); + foreach (['author', 'guid', 'link', 'thumbnail', 'timestamp', 'title'] as $key) { + if (isset($item[$key])) { + $item[$key] = htmlspecialchars($item[$key], ENT_COMPAT, 'UTF-8'); } } + if (isset($item['tags'])) { + $item['tags'] = Minz_Helper::htmlspecialchars_utf8($item['tags']); + } // CDATA protection $item['content'] = str_replace(']]>', ']]>', $item['content']); $view->entries[] = FreshRSS_Entry::fromArray($item); |