From a2f280e3590cc3b0b9d9b9abd7183160efadd43d Mon Sep 17 00:00:00 2001
From: Jonathan Bauer
Date: Mon, 9 Nov 2015 13:47:31 +0100
Subject: [news.inc.php] fix newline not beeing escaped properly

---
 apis/news.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'apis')

diff --git a/apis/news.inc.php b/apis/news.inc.php
index ace41b21..610db289 100644
--- a/apis/news.inc.php
+++ b/apis/news.inc.php
@@ -9,10 +9,10 @@ if ($row !== false ) {
 	echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
 	echo "<news>" . "\n";
 	echo "\t" . '<headline>' . "\n";
-	echo "\t\t" . $row['title'] . "\n";
+	echo "\t\t" . htmlspecialchars($row['title']) . "\n";
 	echo "\t" . '</headline>' . "\n";
 	echo "\t" . "<info>" . "\n";
-	echo "\t\t" . $row['content'] . "\n";
+	echo "\t\t" . htmlspecialchars(nl2br($row['content'])) . "\n";
 	echo "\t" . '</info>' . "\n";
 	echo "\t" . "<date>" . "\n";
 	echo "\t\t" . $row['dateline'] . "\n";
-- 
cgit v1.2.3-55-g7522