Commit 05eb195bd66b686bb371e1d48fd51490201cfe71
1 parent
1c79048c
KTS-3448
"RSS Feed contains invalid HTML entities" Fixed. Replaced htmlentities() with htmlspecialchars(). Committed by: Megan Watson Reviewed by: Conrad Vermeulen git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8686 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
18 additions
and
29 deletions
plugins/rssplugin/KTrss.inc.php
| @@ -6,31 +6,31 @@ | @@ -6,31 +6,31 @@ | ||
| 6 | * Document Management Made Simple | 6 | * Document Management Made Simple |
| 7 | * Copyright (C) 2008 KnowledgeTree Inc. | 7 | * Copyright (C) 2008 KnowledgeTree Inc. |
| 8 | * Portions copyright The Jam Warehouse Software (Pty) Limited | 8 | * Portions copyright The Jam Warehouse Software (Pty) Limited |
| 9 | - * | 9 | + * |
| 10 | * This program is free software; you can redistribute it and/or modify it under | 10 | * This program is free software; you can redistribute it and/or modify it under |
| 11 | * the terms of the GNU General Public License version 3 as published by the | 11 | * the terms of the GNU General Public License version 3 as published by the |
| 12 | * Free Software Foundation. | 12 | * Free Software Foundation. |
| 13 | - * | 13 | + * |
| 14 | * This program is distributed in the hope that it will be useful, but WITHOUT | 14 | * This program is distributed in the hope that it will be useful, but WITHOUT |
| 15 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS | 15 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
| 16 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more | 16 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
| 17 | * details. | 17 | * details. |
| 18 | - * | 18 | + * |
| 19 | * You should have received a copy of the GNU General Public License | 19 | * You should have received a copy of the GNU General Public License |
| 20 | * along with this program. If not, see <http://www.gnu.org/licenses/>. | 20 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 21 | - * | ||
| 22 | - * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco, | 21 | + * |
| 22 | + * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco, | ||
| 23 | * California 94120-7775, or email info@knowledgetree.com. | 23 | * California 94120-7775, or email info@knowledgetree.com. |
| 24 | - * | 24 | + * |
| 25 | * The interactive user interfaces in modified source and object code versions | 25 | * The interactive user interfaces in modified source and object code versions |
| 26 | * of this program must display Appropriate Legal Notices, as required under | 26 | * of this program must display Appropriate Legal Notices, as required under |
| 27 | * Section 5 of the GNU General Public License version 3. | 27 | * Section 5 of the GNU General Public License version 3. |
| 28 | - * | 28 | + * |
| 29 | * In accordance with Section 7(b) of the GNU General Public License version 3, | 29 | * In accordance with Section 7(b) of the GNU General Public License version 3, |
| 30 | * these Appropriate Legal Notices must retain the display of the "Powered by | 30 | * these Appropriate Legal Notices must retain the display of the "Powered by |
| 31 | - * KnowledgeTree" logo and retain the original copyright notice. If the display of the | 31 | + * KnowledgeTree" logo and retain the original copyright notice. If the display of the |
| 32 | * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices | 32 | * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices |
| 33 | - * must display the words "Powered by KnowledgeTree" and retain the original | 33 | + * must display the words "Powered by KnowledgeTree" and retain the original |
| 34 | * copyright notice. | 34 | * copyright notice. |
| 35 | * Contributor( s): ______________________________________ | 35 | * Contributor( s): ______________________________________ |
| 36 | * | 36 | * |
| @@ -315,7 +315,7 @@ class KTrss{ | @@ -315,7 +315,7 @@ class KTrss{ | ||
| 315 | function rss_sanitize($str, $do_amp=true) | 315 | function rss_sanitize($str, $do_amp=true) |
| 316 | { | 316 | { |
| 317 | 317 | ||
| 318 | - $result = str_replace("\\\"","\"",str_replace('\\\'','\'',htmlentities($str,ENT_NOQUOTES, 'UTF-8'))); | 318 | + $result = str_replace("\\\"","\"",str_replace('\\\'','\'',htmlspecialchars($str,ENT_NOQUOTES, 'UTF-8'))); |
| 319 | if ($do_amp) | 319 | if ($do_amp) |
| 320 | { | 320 | { |
| 321 | $result = str_replace('&','&',$result); | 321 | $result = str_replace('&','&',$result); |
| @@ -325,20 +325,9 @@ class KTrss{ | @@ -325,20 +325,9 @@ class KTrss{ | ||
| 325 | 325 | ||
| 326 | // Takes in an array as a parameter and returns rss2.0 compatible xml | 326 | // Takes in an array as a parameter and returns rss2.0 compatible xml |
| 327 | function arrayToXML($aItems){ | 327 | function arrayToXML($aItems){ |
| 328 | - // Build path to host | ||
| 329 | - $aPath = explode('/', trim($_SERVER['PHP_SELF'])); | ||
| 330 | - global $default; | ||
| 331 | - if(count($aPath) > 2){ | ||
| 332 | - for($i = 0; $i < count($aPath)-1; $i++){ | ||
| 333 | - $sSuffix .= $aPath[$i]; | ||
| 334 | - } | ||
| 335 | - $sSuffix = $aPath[1]."/"; | ||
| 336 | - }else{ | ||
| 337 | - $sSuffix = ''; | ||
| 338 | - } | ||
| 339 | - $hostPath = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$sSuffix; | ||
| 340 | - | ||
| 341 | - $head = "<?xml version=\"1.0\"?>\n | 328 | + $hostPath = KTUtil::kt_url() . DIRECTORY_SEPARATOR; |
| 329 | + | ||
| 330 | + $head = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n | ||
| 342 | <rss version=\"2.0\">\n | 331 | <rss version=\"2.0\">\n |
| 343 | <channel>\n | 332 | <channel>\n |
| 344 | <title>".APP_NAME." RSS</title>\n | 333 | <title>".APP_NAME." RSS</title>\n |
| @@ -349,7 +338,7 @@ class KTrss{ | @@ -349,7 +338,7 @@ class KTrss{ | ||
| 349 | <title>".APP_NAME." RSS</title>\n | 338 | <title>".APP_NAME." RSS</title>\n |
| 350 | <width>140</width>\n | 339 | <width>140</width>\n |
| 351 | <height>28</height> | 340 | <height>28</height> |
| 352 | - <link>".$hostPath."knowledgeTree/</link>\n | 341 | + <link>".$hostPath."</link>\n |
| 353 | <url>".$hostPath."resources/graphics/ktlogo_rss.png</url>\n | 342 | <url>".$hostPath."resources/graphics/ktlogo_rss.png</url>\n |
| 354 | </image>\n"; | 343 | </image>\n"; |
| 355 | 344 | ||
| @@ -385,8 +374,8 @@ class KTrss{ | @@ -385,8 +374,8 @@ class KTrss{ | ||
| 385 | } | 374 | } |
| 386 | 375 | ||
| 387 | $xmlItemHead = "<item>\n | 376 | $xmlItemHead = "<item>\n |
| 388 | - <title>".htmlentities($aItem[0][0][name], ENT_QUOTES, 'UTF-8')."</title>\n | ||
| 389 | - <link>".$hostPath."action.php?kt_path_info=ktcore.actions.".htmlentities($sTypeSelect, ENT_QUOTES, 'UTF-8')."=".$aItem[0][0]['id']."</link>\n | 377 | + <title>".htmlspecialchars($aItem[0][0][name], ENT_QUOTES, 'UTF-8')."</title>\n |
| 378 | + <link>".$hostPath."action.php?kt_path_info=ktcore.actions.".htmlspecialchars($sTypeSelect, ENT_QUOTES, 'UTF-8')."=".$aItem[0][0]['id']."</link>\n | ||
| 390 | <description>\n"; | 379 | <description>\n"; |
| 391 | 380 | ||
| 392 | $htmlItem = "<table border='0' width='90%'>\n | 381 | $htmlItem = "<table border='0' width='90%'>\n |
| @@ -468,8 +457,8 @@ class KTrss{ | @@ -468,8 +457,8 @@ class KTrss{ | ||
| 468 | 457 | ||
| 469 | $xmlItemFooter = "</description>\n</item>\n"; | 458 | $xmlItemFooter = "</description>\n</item>\n"; |
| 470 | 459 | ||
| 471 | - // Use htmlentities to allow html tags in the xml. | ||
| 472 | - $htmlItem = htmlentities($htmlItem, ENT_QUOTES, 'UTF-8'); | 460 | + // Use htmlspecialchars to allow html tags in the xml. |
| 461 | + $htmlItem = htmlspecialchars($htmlItem, ENT_QUOTES, 'UTF-8'); | ||
| 473 | 462 | ||
| 474 | $feed .= $xmlItemHead.$htmlItem.$xmlItemFooter; | 463 | $feed .= $xmlItemHead.$htmlItem.$xmlItemFooter; |
| 475 | } | 464 | } |