diff --git a/plugins/rssplugin/KTrss.inc.php b/plugins/rssplugin/KTrss.inc.php index 1cfb75f..91a352f 100644 --- a/plugins/rssplugin/KTrss.inc.php +++ b/plugins/rssplugin/KTrss.inc.php @@ -186,7 +186,7 @@ class KTrss{ if ($aDocumentList) { foreach($aDocumentList as $documentElement){ $document_id = $documentElement['id']; - $aDocumentTransactions = array_merge($aDocumentTransactions, KTrss::getDocumentTransactions($document_id)); + $aDocumentTransactions = kt_array_merge($aDocumentTransactions, KTrss::getDocumentTransactions($document_id)); } } if ($aDocumentTransactions){ @@ -220,8 +220,8 @@ class KTrss{ // get information for folder function getOneFolder($iFolderId){ $aFData = KTrss::getFolderData($iFolderId); - $aFTransactions = array_merge(KTrss::getChildrenFolderTransactions($iFolderId), KTrss::getFolderTransactions($iFolderId)); - $aFTransactions = array_merge($aFTransactions, KTrss::getChildrenDocumentTransactions($iFolderId)); + $aFTransactions = kt_array_merge(KTrss::getChildrenFolderTransactions($iFolderId), KTrss::getFolderTransactions($iFolderId)); + $aFTransactions = kt_array_merge($aFTransactions, KTrss::getChildrenDocumentTransactions($iFolderId)); $code = 'if (strtotime($a[datetime]) == strtotime($b[datetime])){ return 0; @@ -255,6 +255,17 @@ class KTrss{ } } + function rss_sanitize($str, $do_amp=true) + { + + $result = str_replace("\\\"","\"",str_replace('\\\'','\'',htmlentities($str,ENT_NOQUOTES, 'UTF-8'))); + if ($do_amp) + { + $result = str_replace('&','&',$result); + } + return $result; + } + // Takes in an array as a parameter and returns rss2.0 compatible xml function arrayToXML($aItems){ // Build path to host @@ -282,7 +293,7 @@ class KTrss{ $sTypeSelect = 'document.transactionhistory&fDocumentId'; } $feed .= "\n" . - "".htmlentities($aItems[0][0][name],ENT_QUOTES, 'UTF-8')."\n" . + "".KTrss::rss_sanitize($aItems[0][0][name],false)."\n" . "".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0]['id']."\n" . "\n" . "<table border='0' width='90%'>\n". @@ -298,7 +309,7 @@ class KTrss{ "<hr>\n". "<table width='95%'>\n". "<tr>\n". - "<td>Filename: ".str_replace('&','&',htmlentities($aItems[0][0][filename],ENT_QUOTES, 'UTF-8'))."</td>\n". + "<td>Filename: ".KTrss::rss_sanitize($aItems[0][0][filename] )."</td>\n". "<td>\n". "</tr>\n". "<tr>\n". @@ -326,11 +337,11 @@ class KTrss{ foreach($aItems[1] as $item){ $feed .= "<tr>\n". "<td>".$item[type]." name:</td>\n". - "<td>".str_replace('&','&',htmlentities($item[name],ENT_QUOTES, 'UTF-8'))."</td>\n". + "<td>".KTrss::rss_sanitize($item[name] )."</td>\n". "</tr>\n". "<tr>\n". "<td>Path:</td>\n". - "<td>".str_replace('&','&',htmlentities($item[fullpath],ENT_QUOTES, 'UTF-8'))."</td>\n". + "<td>".KTrss::rss_sanitize($item[fullpath] )."</td>\n". "</tr>\n". "<tr>\n". "<td>Transaction:</td>\n". @@ -338,7 +349,7 @@ class KTrss{ "</tr>\n". "<tr>\n". "<td>Comment:</td>\n". - "<td>".str_replace('&','&',htmlentities($item[comment],ENT_QUOTES, 'UTF-8'))."</td>\n". + "<td>".KTrss::rss_sanitize($item[comment] )."</td>\n". "</tr>\n". "<tr>\n";if($item[version]){ $feed .= "<td>Version:</td>\n".