From a518ecb39e87c9c69d659894d34c653aa6c4534e Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Thu, 20 Feb 2025 22:12:10 +0100
Subject: Fix regression XPath XML encoding (#7345)

* Fix regression XPath XML encoding
fix https://github.com/FreshRSS/FreshRSS/discussions/7325
The categories (tags) were not correctly XML-escaped due to being an array
https://github.com/FreshRSS/FreshRSS/pull/5305/files#r1964316119

* Improve typing
---
 app/Models/Feed.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/Models/Feed.php b/app/Models/Feed.php
index 953ffc918..143da0139 100644
--- a/app/Models/Feed.php
+++ b/app/Models/Feed.php
@@ -886,11 +886,14 @@ class FreshRSS_Feed extends Minz_Model {
 
 				if ($item['title'] != '' || $item['content'] != '' || $item['link'] != '') {
 					// HTML-encoding/escaping of the relevant fields (all except 'content')
-					foreach (['author', 'guid', 'link', 'thumbnail', 'timestamp', 'tags', 'title'] as $key) {
-						if (!empty($item[$key]) && is_string($item[$key])) {
-							$item[$key] = Minz_Helper::htmlspecialchars_utf8($item[$key]);
+					foreach (['author', 'guid', 'link', 'thumbnail', 'timestamp', 'title'] as $key) {
+						if (isset($item[$key])) {
+							$item[$key] = htmlspecialchars($item[$key], ENT_COMPAT, 'UTF-8');
 						}
 					}
+					if (isset($item['tags'])) {
+						$item['tags'] = Minz_Helper::htmlspecialchars_utf8($item['tags']);
+					}
 					// CDATA protection
 					$item['content'] = str_replace(']]>', ']]&gt;', $item['content']);
 					$view->entries[] = FreshRSS_Entry::fromArray($item);
-- 
cgit v1.2.3