escape feed links properly and fix some bugs in the feed link parameters

diff --git a/data/templates/default/bookmarks.tpl.php b/data/templates/default/bookmarks.tpl.php
index 8753b7f5d5cd857b7eb62f6e5469c7fe18ea882e..0ed9c1d5615a5aef137f867e56befd2c32d7a1a7 100644 (file)
--- a/data/templates/default/bookmarks.tpl.php
+++ b/data/templates/default/bookmarks.tpl.php
@@ -222,12 +222,12 @@ if ($currenttag!= '') {
        $size = count($rsschannels);
        for ($i = 0; $i < $size; $i++) {
             $brss =  '<a style="background:#FFFFFF"'
-            . ' href="'. htmlspecialchars($rsschannels[$i][1]) . '"'
-            . ' title="' . $rsschannels[$i][0] . '">'
-            . '<img src="' . $theme->resource('images/rss.gif') . '"'
-            . ' width="16" height="16"'
-            . ' alt="' . $rsschannels[$i][0] .'"/>'
-            . '</a>';
+                . ' href="'. htmlspecialchars($rsschannels[$i][1]) . '"'
+                . ' title="' . htmlspecialchars($rsschannels[$i][0]) . '">'
+                . '<img src="' . $theme->resource('images/rss.gif') . '"'
+                . ' width="16" height="16"'
+                . ' alt="' . htmlspecialchars($rsschannels[$i][0]) .'"/>'
+                . '</a>';
        }
 
        $pagesBanner = '<p class="paging">'. $bfirst .'<span> / </span>'. $bprev .'<span> / </span>'. $bnext .'<span> / </span>'. $blast .'<span> / </span>'. sprintf(T_('Page %d of %d'), $page, $totalpages) ." ". $brss ." </p>\n";

diff --git a/data/templates/default/top.inc.php b/data/templates/default/top.inc.php
index 9eed6ff265b9eb9a738c5ae5b4f7cd20c4c20fe6..0f67a172eca897ddcbc9730a583fa5538db5058b 100644 (file)
--- a/data/templates/default/top.inc.php
+++ b/data/templates/default/top.inc.php
@@ -13,7 +13,7 @@ if (isset($rsschannels)) {
        for ($i = 0; $i < $size; $i++) {
                echo '  <link rel="alternate" type="application/rss+xml" title="'
             . htmlspecialchars($rsschannels[$i][0]) . '"'
-            . ' href="'. $rsschannels[$i][1] .'" />';
+            . ' href="'. htmlspecialchars($rsschannels[$i][1]) .'" />' . "\n";
        }
 }
 ?>

diff --git a/www/bookmarks.php b/www/bookmarks.php
index 7056fa6e0d6d9a4d15d49cca26a04bc949bd5937..72c063e6bfb81ebaa1091de89862fe1fda5097f8 100644 (file)
--- a/www/bookmarks.php
+++ b/www/bookmarks.php
@@ -229,14 +229,14 @@ if ($templatename == 'editbookmark.tpl') {
        $tplVars['sidebar_blocks'] = array('watchstatus');
 
        if (!$cat) { //user page without tags
-                $rssTitle = ": My Bookmarks";
+        $rssTitle = "My Bookmarks";
                $cat = NULL;
                $tplVars['currenttag'] = NULL;
                //$tplVars['sidebar_blocks'][] = 'menu2';
                $tplVars['sidebar_blocks'][] = 'linked';
                $tplVars['sidebar_blocks'][] = 'popular';
        } else { //pages with tags
-                $rssTitle = ": Tags" . $catTitle;
+        $rssTitle = "Tags" . $catTitle;
                $rssCat = '/'. filter($cat, 'url');
                $tplVars['currenttag'] = $cat;
                $tplVars['sidebar_blocks'][] = 'tagactions';
@@ -266,7 +266,11 @@ if ($templatename == 'editbookmark.tpl') {
 
        // Set template vars
        $tplVars['rsschannels'] = array(
-       array(filter($sitename .$rssTitle), createURL('rss', filter($user, 'url') . $rssCat.'?sort='.getSortOrder()))
+        array(
+            sprintf(T_('%s: %s'), $sitename, $rssTitle),
+            createURL('rss', filter($user, 'url'))
+            . $rssCat . '?sort='.getSortOrder()
+        )
        );
 
     if ($userservice->isLoggedOn()) {
@@ -275,8 +279,14 @@ if ($templatename == 'editbookmark.tpl') {
             array_push(
                 $tplVars['rsschannels'],
                 array(
-                    filter($sitename . $rssTitle. sprintf(T_(': (private) ')) . $currentUsername),
-                    createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&privateKey='.$currentUser->getPrivateKey())
+                    sprintf(
+                        T_('%s: %s (+private %s)'),
+                        $sitename, $rssTitle, $currentUsername
+                    ),
+                    createURL('rss', filter($currentUsername, 'url'))
+                    . $rssCat
+                    . '?sort=' . getSortOrder()
+                    . '&privateKey=' . $currentUser->getPrivateKey()
                 )
             );
         }

diff --git a/www/index.php b/www/index.php
index f270f73bf5ca13e7a17fbb8f9d037218bc76ea6e..7fbb84c2a0c8fe5f18f7451b60cf2cedf2d76ad3 100644 (file)
--- a/www/index.php
+++ b/www/index.php
@@ -42,17 +42,25 @@ if (GET_ACTION == "logout") {
 // Header variables
 $tplVars['loadjs'] = true;
 $tplVars['rsschannels'] = array(
-array(sprintf(T_('%s: Recent bookmarks'), htmlspecialchars($sitename)), createURL('rss').'?sort='.getSortOrder())
+    array(
+        sprintf(T_('%s: Recent bookmarks'), $sitename),
+        createURL('rss') . '?sort=' . getSortOrder()
+    )
 );
 
 if ($userservice->isLoggedOn()) {
-    $currentUsername = $currentUser->getUsername();
     if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) {
+        $currentUsername = $currentUser->getUsername();
         array_push(
             $tplVars['rsschannels'],
             array(
-                filter(sprintf(T_('%s: Recent bookmarks (+private) %s'), $sitename, $currentUsername)),
-                createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&privateKey='.$currentUser->getPrivateKey())
+                sprintf(
+                    T_('%s: Recent bookmarks (+private %s)'),
+                    $sitename, $currentUsername
+                ),
+                createURL('rss')
+                . '?sort=' . getSortOrder()
+                . '&privateKey=' . $currentUser->getPrivateKey()
             )
         );
     }

diff --git a/www/tags.php b/www/tags.php
index fca8a04e504d122f6a5ad1e8d6e0c1aac17a6454..127f6c5a8b2d84d48aad7dccd1a569de9ea375eb 100644 (file)
--- a/www/tags.php
+++ b/www/tags.php
@@ -67,17 +67,26 @@ if ($usecache) {
 $tplVars['pagetitle'] = T_('Tags') .': '. $cat;
 $tplVars['loadjs'] = true;
 $tplVars['rsschannels'] = array(
-array(filter($sitename .': Tags: '. $cat), createURL('rss', 'all/'. filter($cat, 'url')).'?sort='.getSortOrder())
+    array(
+        sprintf(T_('%s: tagged with "%s"'), $sitename, $cat),
+        createURL('rss', 'all/' . filter($cat, 'url'))
+        . '?sort='.getSortOrder()
+    )
 );
 
 if ($userservice->isLoggedOn()) {
-    $currentUsername = $currentUser->getUsername();
     if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) {
+        $currentUsername = $currentUser->getUsername();
         array_push(
             $tplVars['rsschannels'],
             array(
-                filter($sitename .': Tags: '. $cat . sprintf(T_(': (private) ')) . $currentUsername),
-                createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&privateKey='.$currentUser->getPrivateKey())
+                sprintf(
+                    T_('%s: tagged with "%s" (+private %s)'),
+                    $sitename, $cat, $currentUsername
+                ),
+                createURL('rss', filter($currentUsername, 'url'))
+                . '?sort=' . getSortOrder()
+                . '&privateKey=' . $currentUser->getPrivateKey()
             )
         );
     }