Permalink
Browse files

Properly escaping the GUID in RSS feeds. Spotted by Kurkov.ORG. #265

  • Loading branch information...
1 parent 5247030 commit 59af6771a8c2e211729e281f4e01fc807ec74295 @reines reines committed Jan 30, 2011
Showing with 1 addition and 1 deletion.
  1. +1 −1 extern.php
View
@@ -139,7 +139,7 @@ function output_rss($feed)
echo "\t\t\t".'<description><![CDATA['.escape_cdata($item['description']).']]></description>'."\n";
echo "\t\t\t".'<author><![CDATA['.(isset($item['author']['email']) ? escape_cdata($item['author']['email']) : 'dummy@example.com').' ('.escape_cdata($item['author']['name']).')]]></author>'."\n";
echo "\t\t\t".'<pubDate>'.gmdate('r', $item['pubdate']).'</pubDate>'."\n";
- echo "\t\t\t".'<guid>'.$item['link'].'</guid>'."\n";
+ echo "\t\t\t".'<guid>'.pun_htmlspecialchars($item['link']).'</guid>'."\n";
echo "\t\t".'</item>'."\n";
}

0 comments on commit 59af677

Please sign in to comment.