run htmlentities() before putting contents into a file

BaylorRae · Mar 26, 2012 · 4ac544f · 4ac544f
1 parent a738b5c
commit 4ac544f
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/lib/gist.php b/lib/gist.php
@@ -82,7 +82,7 @@ public function noscript_tag() {
      * then display it
      */
     if( $this->source !== null ) {
-      return sprintf('<noscript><pre><code>%s</code></pre></noscript>', htmlentities($this->source));
+      return sprintf('<noscript><pre><code>%s</code></pre></noscript>', $this->source);
     }
   }
 
@@ -119,6 +119,10 @@ private function download_raw_source() {
 
       // if successful then save it
       if( $this->source ) {
+
+        // turn into an html ready source before caching
+        $this->source = htmlentities($this->source);
+
         file_put_contents($this->get_cache_name(), $this->source);
       }
     }