diff --git a/lib/storage/ondiskhashedstoragemanager.inc.php b/lib/storage/ondiskhashedstoragemanager.inc.php index 8bde241..7bc6798 100644 --- a/lib/storage/ondiskhashedstoragemanager.inc.php +++ b/lib/storage/ondiskhashedstoragemanager.inc.php @@ -148,7 +148,7 @@ class KTOnDiskHashedStorageManager extends KTStorageManager { $oUrlEncodedFileName = $oDocument->getFileName( ); $browser = $_SERVER['HTTP_USER_AGENT']; if ( strpos( strtoupper( $browser), 'MSIE') !== false) { - $oUrlEncodedFileName = rawurlencode( $oUrlEncodedFileName); + $oUrlEncodedFileName = htmlentities($oUrlEncodedFileName, ENT_QUOTES, 'UTF-8'); } //set the correct headers header("Content-Type: " . $mimetype); diff --git a/plugins/rssplugin/KTrss.inc.php b/plugins/rssplugin/KTrss.inc.php index bdc2909..7c66159 100644 --- a/plugins/rssplugin/KTrss.inc.php +++ b/plugins/rssplugin/KTrss.inc.php @@ -293,7 +293,7 @@ class KTrss{ $sTypeSelect = 'document.transactionhistory&fDocumentId'; } $feed .= "\n" . - "".KTrss::rss_sanitize($aItems[0][0][name],false)."\n" . + "".htmlentities(KTrss::rss_sanitize($aItems[0][0][name],false), ENT_QUOTES, 'UTF-8')."\n" . "".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0]['id']."\n" . "\n" . "<table border='0' width='90%'>\n". @@ -309,7 +309,7 @@ class KTrss{ "<hr>\n". "<table width='95%'>\n". "<tr>\n". - "<td>Filename: ".KTrss::rss_sanitize($aItems[0][0][filename] )."</td>\n". + "<td>Filename: ".KTrss::rss_sanitize($aItems[0][0][filename])."</td>\n". "<td>\n". "</tr>\n". "<tr>\n". diff --git a/plugins/rssplugin/templates/RSSPlugin/dashlet.smarty b/plugins/rssplugin/templates/RSSPlugin/dashlet.smarty index ba4e0a7..42b1a1c 100644 --- a/plugins/rssplugin/templates/RSSPlugin/dashlet.smarty +++ b/plugins/rssplugin/templates/RSSPlugin/dashlet.smarty @@ -26,7 +26,7 @@ {section name=i start=0 loop=$itemcount} - +
{$internalrss.items[i].title|sanitize}{$internalrss.items[i].title}
{$internalrss.items[i].description}