Commit 05eb195bd66b686bb371e1d48fd51490201cfe71
1 parent
1c79048c
KTS-3448
"RSS Feed contains invalid HTML entities" Fixed. Replaced htmlentities() with htmlspecialchars(). Committed by: Megan Watson Reviewed by: Conrad Vermeulen git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8686 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
18 additions
and
29 deletions
plugins/rssplugin/KTrss.inc.php
| ... | ... | @@ -6,31 +6,31 @@ |
| 6 | 6 | * Document Management Made Simple |
| 7 | 7 | * Copyright (C) 2008 KnowledgeTree Inc. |
| 8 | 8 | * Portions copyright The Jam Warehouse Software (Pty) Limited |
| 9 | - * | |
| 9 | + * | |
| 10 | 10 | * This program is free software; you can redistribute it and/or modify it under |
| 11 | 11 | * the terms of the GNU General Public License version 3 as published by the |
| 12 | 12 | * Free Software Foundation. |
| 13 | - * | |
| 13 | + * | |
| 14 | 14 | * This program is distributed in the hope that it will be useful, but WITHOUT |
| 15 | 15 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
| 16 | 16 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
| 17 | 17 | * details. |
| 18 | - * | |
| 18 | + * | |
| 19 | 19 | * You should have received a copy of the GNU General Public License |
| 20 | 20 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 21 | - * | |
| 22 | - * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco, | |
| 21 | + * | |
| 22 | + * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco, | |
| 23 | 23 | * California 94120-7775, or email info@knowledgetree.com. |
| 24 | - * | |
| 24 | + * | |
| 25 | 25 | * The interactive user interfaces in modified source and object code versions |
| 26 | 26 | * of this program must display Appropriate Legal Notices, as required under |
| 27 | 27 | * Section 5 of the GNU General Public License version 3. |
| 28 | - * | |
| 28 | + * | |
| 29 | 29 | * In accordance with Section 7(b) of the GNU General Public License version 3, |
| 30 | 30 | * these Appropriate Legal Notices must retain the display of the "Powered by |
| 31 | - * KnowledgeTree" logo and retain the original copyright notice. If the display of the | |
| 31 | + * KnowledgeTree" logo and retain the original copyright notice. If the display of the | |
| 32 | 32 | * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices |
| 33 | - * must display the words "Powered by KnowledgeTree" and retain the original | |
| 33 | + * must display the words "Powered by KnowledgeTree" and retain the original | |
| 34 | 34 | * copyright notice. |
| 35 | 35 | * Contributor( s): ______________________________________ |
| 36 | 36 | * |
| ... | ... | @@ -315,7 +315,7 @@ class KTrss{ |
| 315 | 315 | function rss_sanitize($str, $do_amp=true) |
| 316 | 316 | { |
| 317 | 317 | |
| 318 | - $result = str_replace("\\\"","\"",str_replace('\\\'','\'',htmlentities($str,ENT_NOQUOTES, 'UTF-8'))); | |
| 318 | + $result = str_replace("\\\"","\"",str_replace('\\\'','\'',htmlspecialchars($str,ENT_NOQUOTES, 'UTF-8'))); | |
| 319 | 319 | if ($do_amp) |
| 320 | 320 | { |
| 321 | 321 | $result = str_replace('&','&',$result); |
| ... | ... | @@ -325,20 +325,9 @@ class KTrss{ |
| 325 | 325 | |
| 326 | 326 | // Takes in an array as a parameter and returns rss2.0 compatible xml |
| 327 | 327 | function arrayToXML($aItems){ |
| 328 | - // Build path to host | |
| 329 | - $aPath = explode('/', trim($_SERVER['PHP_SELF'])); | |
| 330 | - global $default; | |
| 331 | - if(count($aPath) > 2){ | |
| 332 | - for($i = 0; $i < count($aPath)-1; $i++){ | |
| 333 | - $sSuffix .= $aPath[$i]; | |
| 334 | - } | |
| 335 | - $sSuffix = $aPath[1]."/"; | |
| 336 | - }else{ | |
| 337 | - $sSuffix = ''; | |
| 338 | - } | |
| 339 | - $hostPath = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$sSuffix; | |
| 340 | - | |
| 341 | - $head = "<?xml version=\"1.0\"?>\n | |
| 328 | + $hostPath = KTUtil::kt_url() . DIRECTORY_SEPARATOR; | |
| 329 | + | |
| 330 | + $head = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n | |
| 342 | 331 | <rss version=\"2.0\">\n |
| 343 | 332 | <channel>\n |
| 344 | 333 | <title>".APP_NAME." RSS</title>\n |
| ... | ... | @@ -349,7 +338,7 @@ class KTrss{ |
| 349 | 338 | <title>".APP_NAME." RSS</title>\n |
| 350 | 339 | <width>140</width>\n |
| 351 | 340 | <height>28</height> |
| 352 | - <link>".$hostPath."knowledgeTree/</link>\n | |
| 341 | + <link>".$hostPath."</link>\n | |
| 353 | 342 | <url>".$hostPath."resources/graphics/ktlogo_rss.png</url>\n |
| 354 | 343 | </image>\n"; |
| 355 | 344 | |
| ... | ... | @@ -385,8 +374,8 @@ class KTrss{ |
| 385 | 374 | } |
| 386 | 375 | |
| 387 | 376 | $xmlItemHead = "<item>\n |
| 388 | - <title>".htmlentities($aItem[0][0][name], ENT_QUOTES, 'UTF-8')."</title>\n | |
| 389 | - <link>".$hostPath."action.php?kt_path_info=ktcore.actions.".htmlentities($sTypeSelect, ENT_QUOTES, 'UTF-8')."=".$aItem[0][0]['id']."</link>\n | |
| 377 | + <title>".htmlspecialchars($aItem[0][0][name], ENT_QUOTES, 'UTF-8')."</title>\n | |
| 378 | + <link>".$hostPath."action.php?kt_path_info=ktcore.actions.".htmlspecialchars($sTypeSelect, ENT_QUOTES, 'UTF-8')."=".$aItem[0][0]['id']."</link>\n | |
| 390 | 379 | <description>\n"; |
| 391 | 380 | |
| 392 | 381 | $htmlItem = "<table border='0' width='90%'>\n |
| ... | ... | @@ -468,8 +457,8 @@ class KTrss{ |
| 468 | 457 | |
| 469 | 458 | $xmlItemFooter = "</description>\n</item>\n"; |
| 470 | 459 | |
| 471 | - // Use htmlentities to allow html tags in the xml. | |
| 472 | - $htmlItem = htmlentities($htmlItem, ENT_QUOTES, 'UTF-8'); | |
| 460 | + // Use htmlspecialchars to allow html tags in the xml. | |
| 461 | + $htmlItem = htmlspecialchars($htmlItem, ENT_QUOTES, 'UTF-8'); | |
| 473 | 462 | |
| 474 | 463 | $feed .= $xmlItemHead.$htmlItem.$xmlItemFooter; |
| 475 | 464 | } | ... | ... |