Peter M. Groen / knowledgetree

Commit a988f3a1e21332f170a7c8717e6a37826a5e7663

Authored by kevin_fourie
1 parent e0dcac7b

Merged in from DEV trunk... 

KTS-3448
"RSS Feed contains invalid HTML entities"
Fixed. Replaced htmlentities() with htmlspecialchars().

Committed by: Megan Watson
Reviewed by: Conrad Vermeulen


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/branches/3.5.3-Branch@8687 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 18 additions and 29 deletions
plugins/rssplugin/KTrss.inc.php
  View file @a988f3a
... ... @@ -6,31 +6,31 @@
6 6 * Document Management Made Simple
7 7 * Copyright (C) 2008 KnowledgeTree Inc.
8 8 * Portions copyright The Jam Warehouse Software (Pty) Limited
9   - *
  9 + *
10 10 * This program is free software; you can redistribute it and/or modify it under
11 11 * the terms of the GNU General Public License version 3 as published by the
12 12 * Free Software Foundation.
13   - *
  13 + *
14 14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 16 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
17 17 * details.
18   - *
  18 + *
19 19 * You should have received a copy of the GNU General Public License
20 20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21   - *
22   - * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
  21 + *
  22 + * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
23 23 * California 94120-7775, or email info@knowledgetree.com.
24   - *
  24 + *
25 25 * The interactive user interfaces in modified source and object code versions
26 26 * of this program must display Appropriate Legal Notices, as required under
27 27 * Section 5 of the GNU General Public License version 3.
28   - *
  28 + *
29 29 * In accordance with Section 7(b) of the GNU General Public License version 3,
30 30 * these Appropriate Legal Notices must retain the display of the "Powered by
31   - * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  31 + * KnowledgeTree" logo and retain the original copyright notice. If the display of the
32 32 * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
33   - * must display the words "Powered by KnowledgeTree" and retain the original
  33 + * must display the words "Powered by KnowledgeTree" and retain the original
34 34 * copyright notice.
35 35 * Contributor( s): ______________________________________
36 36 *
... ... @@ -315,7 +315,7 @@ class KTrss{
315 315 function rss_sanitize($str, $do_amp=true)
316 316 {
317 317  
318   - $result = str_replace("\\\"","\"",str_replace('\\\'','\'',htmlentities($str,ENT_NOQUOTES, 'UTF-8')));
  318 + $result = str_replace("\\\"","\"",str_replace('\\\'','\'',htmlspecialchars($str,ENT_NOQUOTES, 'UTF-8')));
319 319 if ($do_amp)
320 320 {
321 321 $result = str_replace('&','&amp;',$result);
... ... @@ -325,20 +325,9 @@ class KTrss{
325 325  
326 326 // Takes in an array as a parameter and returns rss2.0 compatible xml
327 327 function arrayToXML($aItems){
328   - // Build path to host
329   - $aPath = explode('/', trim($_SERVER['PHP_SELF']));
330   - global $default;
331   - if(count($aPath) > 2){
332   - for($i = 0; $i < count($aPath)-1; $i++){
333   - $sSuffix .= $aPath[$i];
334   - }
335   - $sSuffix = $aPath[1]."/";
336   - }else{
337   - $sSuffix = '';
338   - }
339   - $hostPath = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$sSuffix;
340   -
341   - $head = "<?xml version=\"1.0\"?>\n
  328 + $hostPath = KTUtil::kt_url() . DIRECTORY_SEPARATOR;
  329 +
  330 + $head = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n
342 331 <rss version=\"2.0\">\n
343 332 <channel>\n
344 333 <title>".APP_NAME." RSS</title>\n
... ... @@ -349,7 +338,7 @@ class KTrss{
349 338 <title>".APP_NAME." RSS</title>\n
350 339 <width>140</width>\n
351 340 <height>28</height>
352   - <link>".$hostPath."knowledgeTree/</link>\n
  341 + <link>".$hostPath."</link>\n
353 342 <url>".$hostPath."resources/graphics/ktlogo_rss.png</url>\n
354 343 </image>\n";
355 344  
... ... @@ -385,8 +374,8 @@ class KTrss{
385 374 }
386 375  
387 376 $xmlItemHead = "<item>\n
388   - <title>".htmlentities($aItem[0][0][name], ENT_QUOTES, 'UTF-8')."</title>\n
389   - <link>".$hostPath."action.php?kt_path_info=ktcore.actions.".htmlentities($sTypeSelect, ENT_QUOTES, 'UTF-8')."=".$aItem[0][0]['id']."</link>\n
  377 + <title>".htmlspecialchars($aItem[0][0][name], ENT_QUOTES, 'UTF-8')."</title>\n
  378 + <link>".$hostPath."action.php?kt_path_info=ktcore.actions.".htmlspecialchars($sTypeSelect, ENT_QUOTES, 'UTF-8')."=".$aItem[0][0]['id']."</link>\n
390 379 <description>\n";
391 380  
392 381 $htmlItem = "<table border='0' width='90%'>\n
... ... @@ -468,8 +457,8 @@ class KTrss{
468 457  
469 458 $xmlItemFooter = "</description>\n</item>\n";
470 459  
471   - // Use htmlentities to allow html tags in the xml.
472   - $htmlItem = htmlentities($htmlItem, ENT_QUOTES, 'UTF-8');
  460 + // Use htmlspecialchars to allow html tags in the xml.
  461 + $htmlItem = htmlspecialchars($htmlItem, ENT_QUOTES, 'UTF-8');
473 462  
474 463 $feed .= $xmlItemHead.$htmlItem.$xmlItemFooter;
475 464 }
... ...