From: dhawes Date: Thu, 27 Jan 2005 01:43:29 +0000 (+0000) Subject: using rss_unhtmlentities for channel and item title as well as for item description X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=b021c82d82b088a33ca4f2d2b700a281f49b71f5;p=moodle.git using rss_unhtmlentities for channel and item title as well as for item description --- diff --git a/blocks/rss_client/block_rss_client.php b/blocks/rss_client/block_rss_client.php index 1a1f945315..38bbea9324 100644 --- a/blocks/rss_client/block_rss_client.php +++ b/blocks/rss_client/block_rss_client.php @@ -158,7 +158,10 @@ class block_rss_client extends block_base { $rss->items = array_slice($rss->items, 0, $shownumentries); } + $rss->channel['title']) = rss_unhtmlentities($rss->channel['title'])); foreach ($rss->items as $item) { + $item['title'] = rss_unhtmlentities($item['title']); + $item['description'] = rss_unhtmlentities($item['description']); if ($item['title'] == '') { $item['title'] = substr(strip_tags($item['description']), 0, 20) . '...'; } diff --git a/blocks/rss_client/block_rss_client_action.php b/blocks/rss_client/block_rss_client_action.php index 9809287ecc..8cb17fa92a 100644 --- a/blocks/rss_client/block_rss_client_action.php +++ b/blocks/rss_client/block_rss_client_action.php @@ -71,32 +71,32 @@ $dataobject->description = ''; $dataobject->title = ''; } else { - $dataobject->description = addslashes($rss->channel['description']); - $dataobject->title = addslashes($rss->channel['title']); + $dataobject->description = addslashes(rss_unhtmlentities($rss->channel['description'])); + $dataobject->title = addslashes(rss_unhtmlentities($rss->channel['title'])); } $dataobject->url = addslashes($url); - + if (!update_record('block_rss_client', $dataobject)) { error('There was an error trying to update rss feed with id:'. $rssid); } - + rss_display_feeds($rssid); print ''. get_string('block_rss_feed_updated', 'block_rss_client') .''; rss_get_form($act, $url, $rssid); } else if ($act == 'addfeed' ) { - + require_variable($url); $dataobject->userid = $USER->id; $dataobject->description = ''; $dataobject->title = ''; $dataobject->url = addslashes($url); - + $rssid = insert_record('block_rss_client', $dataobject); if (!$rssid){ error('There was an error trying to add a new rss feed:'. $url); } - + // By capturing the output from fetch_rss this way // error messages do not display and clutter up the moodle interface // however, we do lose out on seeing helpful messages like "cache hit", etc. @@ -111,10 +111,10 @@ $dataobject->id = $rssid; if (!empty($rss->channel['description'])) { - $dataobject->description = addslashes($rss->channel['description']); + $dataobject->description = addslashes(rss_unhtmlentities($rss->channel['description'])); } if (!empty($rss->channel['title'])) { - $dataobject->title = addslashes($rss->channel['title']); + $dataobject->title = addslashes(unhtmlentities($rss->channel['title'])); } if (!update_record('block_rss_client', $dataobject)) { error('There was an error trying to update rss feed with id:'. $rssid); @@ -162,10 +162,12 @@ $rsserror = ob_get_contents(); ob_end_clean(); + $rss->channel['title'] - rss_unhtmlentities($rss->channel['title']); print ''."\n"; print ''."\n"; for($y=0; $y < count($rss->items); $y++) { -// $rss->items[$y]['title'] = blog_unhtmlentities($rss->items[$y]['title']); + $rss->items[$y]['title'] = rss_unhtmlentities($rss->items[$y]['title']); + $rss->items[$y]['description'] = rss_unhtmlentities($rss->items[$y]['description']); if ($rss->items[$y]['link'] == '') { $rss->items[$y]['link'] = $rss->items[$y]['guid']; } @@ -186,7 +188,6 @@ print ''."\n"; -// $rss->items[$y]['description'] = blog_unhtmlentities($rss->items[$y]['description']); print ''."\n"; }
'. $rss->channel['title'] .'
 '; } print '
'; print $rss->items[$y]['description'] .'