From b1e592d37f3b8b82cbfb033ba755e75e7415f112 Mon Sep 17 00:00:00 2001 From: Alexandre Gravel-Raymond Date: Sat, 19 May 2012 20:26:09 +0200 Subject: [PATCH] Escape quotes in bookmarklet confirm message --- classes/pref_feeds.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/pref_feeds.php b/classes/pref_feeds.php index db1161c35..61eeb598b 100644 --- a/classes/pref_feeds.php +++ b/classes/pref_feeds.php @@ -1501,7 +1501,7 @@ class Pref_Feeds extends Protected_Handler { $bm_subscribe_url = str_replace('%s', '', add_feed_url()); - $confirm_str = __('Subscribe to %s in Tiny Tiny RSS?'); + $confirm_str = str_replace("'", "\'", __('Subscribe to %s in Tiny Tiny RSS?')); $bm_url = htmlspecialchars("javascript:{if(confirm('$confirm_str'.replace('%s',window.location.href)))window.location.href='$bm_subscribe_url'+window.location.href}");