Recent Entries plugin displays titles incorrectly
Posted: Sat Sep 19, 2009 10:03 pm
How to see the problem: create an entry with a title that uses some character that htmlspecialchars() would escape (a double quote works, a left angle bracket works, etc.). Look at that entry's title in the Recent Entries plugin.
What the problem is: it seems everywhere else the title is escaped with htmlspecialchars() before display, and the body of the link generated by the Recent Entries plugin should also escape the title before display (this is on line 226 of plugins/serendipity_plugin_recententries/serendipity_plugin_recententries.php). You'll note that it's run on $entry['title'] for the title attribute of the article link, but it's not run on the body of the link itself.
What the problem is: it seems everywhere else the title is escaped with htmlspecialchars() before display, and the body of the link generated by the Recent Entries plugin should also escape the title before display (this is on line 226 of plugins/serendipity_plugin_recententries/serendipity_plugin_recententries.php). You'll note that it's run on $entry['title'] for the title attribute of the article link, but it's not run on the body of the link itself.