X-Git-Url: https://git.deb.at/?p=pkg%2Fblosxom.git;a=blobdiff_plain;f=blosxom.cgi;h=2e6181fee151acdaa4a6685941cf9b4d3ada775a;hp=e415d60984c50e6f0596c595632d5a429ebb5546;hb=3338156aa6ba79dae5ef7e585dc022f175a867fa;hpb=9cd41cf7b0183b15baa6fcca6cd290b351effeba

diff --git a/blosxom.cgi b/blosxom.cgi
index e415d60..2e6181f 100755
--- a/blosxom.cgi
+++ b/blosxom.cgi
@@ -661,17 +661,30 @@ sub generate {
             }
 
             if ( $encode_xml_entities && $content_type =~ m{\bxml\b} ) {
+                # Escape special characters inside the <link> container
+
+                # The following line should be moved more towards to top for
+                # performance reasons -- Axel Beckert, 2008-07-22
+                my $url_escape_re = qr([^-/a-zA-Z0-9:._]);
+
+                $url   =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg;
+                $path  =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg;
+                $fn    =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg;
 
                 # Escape <, >, and &, and to produce valid RSS
                 my %escape = (
                     '<' => '&lt;',
                     '>' => '&gt;',
                     '&' => '&amp;',
-                    '"' => '&quot;'
+                    '"' => '&quot;',
+                    "'" => '&apos;'
                 );
                 my $escape_re = join '|' => keys %escape;
                 $title =~ s/($escape_re)/$escape{$1}/g;
                 $body  =~ s/($escape_re)/$escape{$1}/g;
+                $url   =~ s/($escape_re)/$escape{$1}/g;
+                $path  =~ s/($escape_re)/$escape{$1}/g;
+                $fn    =~ s/($escape_re)/$escape{$1}/g;
             }
 
             $story = &$interpolate($story);