diff options
| author | Jonathan Bauer | 2015-11-09 13:47:31 +0100 |
|---|---|---|
| committer | Jonathan Bauer | 2015-11-09 13:47:31 +0100 |
| commit | a2f280e3590cc3b0b9d9b9abd7183160efadd43d (patch) | |
| tree | 1af62052c9dbbd4cfc6a69fbe0dc053e63c71c51 /apis | |
| parent | [systemstatus] Move ldadp logs to /var/log/ldadp (diff) | |
| download | slx-admin-a2f280e3590cc3b0b9d9b9abd7183160efadd43d.tar.gz slx-admin-a2f280e3590cc3b0b9d9b9abd7183160efadd43d.tar.xz slx-admin-a2f280e3590cc3b0b9d9b9abd7183160efadd43d.zip | |
[news.inc.php] fix newline not beeing escaped properly
Diffstat (limited to 'apis')
| -rw-r--r-- | apis/news.inc.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/apis/news.inc.php b/apis/news.inc.php index ace41b21..610db289 100644 --- a/apis/news.inc.php +++ b/apis/news.inc.php @@ -9,10 +9,10 @@ if ($row !== false ) { echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; echo "<news>" . "\n"; echo "\t" . '<headline>' . "\n"; - echo "\t\t" . $row['title'] . "\n"; + echo "\t\t" . htmlspecialchars($row['title']) . "\n"; echo "\t" . '</headline>' . "\n"; echo "\t" . "<info>" . "\n"; - echo "\t\t" . $row['content'] . "\n"; + echo "\t\t" . htmlspecialchars(nl2br($row['content'])) . "\n"; echo "\t" . '</info>' . "\n"; echo "\t" . "<date>" . "\n"; echo "\t\t" . $row['dateline'] . "\n"; |