Skip to content

Commit

Permalink
escape XML in Google Sitemap output (#6532)
Browse files Browse the repository at this point in the history
  • Loading branch information
@miklcct
miklcct committed Apr 9, 2018
1 parent 2da62da commit 728e555
Showing 1 changed file with 9 additions and 9 deletions.
18 changes: 9 additions & 9 deletions upload/catalog/controller/extension/feed/google_sitemap.php
View file
Expand Up @@ -13,14 +13,14 @@ public function index() {
foreach ($products as $product) { foreach ($products as $product) {
if ($product['image']) { if ($product['image']) {
$output .= '<url>'; $output .= '<url>';
$output .= ' <loc>' . $this->url->link('product/product', 'language=' . $this->config->get('config_language') . '&product_id=' . $product['product_id']) . '</loc>'; $output .= ' <loc>' . htmlspecialchars($this->url->link('product/product', 'language=' . $this->config->get('config_language') . '&product_id=' . $product['product_id']), ENT_COMPAT | ENT_XML1) . '</loc>';
$output .= ' <changefreq>weekly</changefreq>'; $output .= ' <changefreq>weekly</changefreq>';
$output .= ' <lastmod>' . date('Y-m-d\TH:i:sP', strtotime($product['date_modified'])) . '</lastmod>'; $output .= ' <lastmod>' . date('Y-m-d\TH:i:sP', strtotime($product['date_modified'])) . '</lastmod>';
$output .= ' <priority>1.0</priority>'; $output .= ' <priority>1.0</priority>';
$output .= ' <image:image>'; $output .= ' <image:image>';
$output .= ' <image:loc>' . $this->model_tool_image->resize($product['image'], $this->config->get('theme_' . $this->config->get('config_theme') . '_image_popup_width'), $this->config->get('theme_' . $this->config->get('config_theme') . '_image_popup_height')) . '</image:loc>'; $output .= ' <image:loc>' . htmlspecialchars($this->model_tool_image->resize($product['image'], $this->config->get('theme_' . $this->config->get('config_theme') . '_image_popup_width'), $this->config->get('theme_' . $this->config->get('config_theme') . '_image_popup_height')), ENT_COMPAT | ENT_XML1) . '</image:loc>';
$output .= ' <image:caption>' . $product['name'] . '</image:caption>'; $output .= ' <image:caption>' . htmlspecialchars($product['name'], ENT_COMPAT | ENT_XML1) . '</image:caption>';
$output .= ' <image:title>' . $product['name'] . '</image:title>'; $output .= ' <image:title>' . htmlspecialchars($product['name'], ENT_COMPAT | ENT_XML1) . '</image:title>';
$output .= ' </image:image>'; $output .= ' </image:image>';
$output .= '</url>'; $output .= '</url>';
} }
Expand All @@ -36,7 +36,7 @@ public function index() {


foreach ($manufacturers as $manufacturer) { foreach ($manufacturers as $manufacturer) {
$output .= '<url>'; $output .= '<url>';
$output .= ' <loc>' . $this->url->link('product/manufacturer/info', 'language=' . $this->config->get('config_language') . '&manufacturer_id=' . $manufacturer['manufacturer_id']) . '</loc>'; $output .= ' <loc>' . htmlspecialchars($this->url->link('product/manufacturer/info', 'language=' . $this->config->get('config_language') . '&manufacturer_id=' . $manufacturer['manufacturer_id']), ENT_COMPAT | ENT_XML1) . '</loc>';
$output .= ' <changefreq>weekly</changefreq>'; $output .= ' <changefreq>weekly</changefreq>';
$output .= ' <priority>0.7</priority>'; $output .= ' <priority>0.7</priority>';
$output .= '</url>'; $output .= '</url>';
Expand All @@ -45,7 +45,7 @@ public function index() {


foreach ($products as $product) { foreach ($products as $product) {
$output .= '<url>'; $output .= '<url>';
$output .= ' <loc>' . $this->url->link('product/product', 'language=' . $this->config->get('config_language') . '&manufacturer_id=' . $manufacturer['manufacturer_id'] . '&product_id=' . $product['product_id']) . '</loc>'; $output .= ' <loc>' . htmlspecialchars($this->url->link('product/product', 'language=' . $this->config->get('config_language') . '&manufacturer_id=' . $manufacturer['manufacturer_id'] . '&product_id=' . $product['product_id']), ENT_COMPAT | ENT_XML1) . '</loc>';
$output .= ' <changefreq>weekly</changefreq>'; $output .= ' <changefreq>weekly</changefreq>';
$output .= ' <priority>1.0</priority>'; $output .= ' <priority>1.0</priority>';
$output .= '</url>'; $output .= '</url>';
Expand All @@ -58,7 +58,7 @@ public function index() {


foreach ($informations as $information) { foreach ($informations as $information) {
$output .= '<url>'; $output .= '<url>';
$output .= ' <loc>' . $this->url->link('information/information', 'language=' . $this->config->get('config_language') . '&information_id=' . $information['information_id']) . '</loc>'; $output .= ' <loc>' . htmlspecialchars($this->url->link('information/information', 'language=' . $this->config->get('config_language') . '&information_id=' . $information['information_id']), ENT_COMPAT | ENT_XML1) . '</loc>';
$output .= ' <changefreq>weekly</changefreq>'; $output .= ' <changefreq>weekly</changefreq>';
$output .= ' <priority>0.5</priority>'; $output .= ' <priority>0.5</priority>';
$output .= '</url>'; $output .= '</url>';
Expand All @@ -84,7 +84,7 @@ protected function getCategories($parent_id, $current_path = '') {
} }


$output .= '<url>'; $output .= '<url>';
$output .= ' <loc>' . $this->url->link('product/category', 'language=' . $this->config->get('config_language') . '&path=' . $new_path) . '</loc>'; $output .= ' <loc>' . htmlspecialchars($this->url->link('product/category', 'language=' . $this->config->get('config_language') . '&path=' . $new_path), ENT_COMPAT | ENT_XML1) . '</loc>';
$output .= ' <changefreq>weekly</changefreq>'; $output .= ' <changefreq>weekly</changefreq>';
$output .= ' <priority>0.7</priority>'; $output .= ' <priority>0.7</priority>';
$output .= '</url>'; $output .= '</url>';
Expand All @@ -93,7 +93,7 @@ protected function getCategories($parent_id, $current_path = '') {


foreach ($products as $product) { foreach ($products as $product) {
$output .= '<url>'; $output .= '<url>';
$output .= ' <loc>' . $this->url->link('product/product', 'language=' . $this->config->get('config_language') . '&path=' . $new_path . '&product_id=' . $product['product_id']) . '</loc>'; $output .= ' <loc>' . htmlspecialchars($this->url->link('product/product', 'language=' . $this->config->get('config_language') . '&path=' . $new_path . '&product_id=' . $product['product_id']), ENT_COMPAT | ENT_XML1) . '</loc>';
$output .= ' <changefreq>weekly</changefreq>'; $output .= ' <changefreq>weekly</changefreq>';
$output .= ' <priority>1.0</priority>'; $output .= ' <priority>1.0</priority>';
$output .= '</url>'; $output .= '</url>';
Expand Down

1 comment on commit 728e555

@alaplap
Copy link

@alaplap alaplap commented on 728e555 Sep 9, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Committed on April 9 2018
A year later, on April 9 2019 the version 3.0.3.2 is released, but the google_sitemap.php is an old version committed on Jun 15 2017. :(

Please sign in to comment.