@@ -328,7 +330,7 @@
@@ -449,8 +451,8 @@
$email = Filter::filterInput(INPUT_POST, 'authorEmail', FILTER_VALIDATE_EMAIL);
$active = Filter::filterInput(INPUT_POST, 'active', FILTER_UNSAFE_RAW);
$comment = Filter::filterInput(INPUT_POST, 'comment', FILTER_UNSAFE_RAW);
- $link = Filter::filterInput(INPUT_POST, 'link', FILTER_SANITIZE_SPECIAL_CHARS);
- $linkTitle = Filter::filterInput(INPUT_POST, 'linkTitle', FILTER_SANITIZE_SPECIAL_CHARS);
+ $link = Filter::filterInput(INPUT_POST, 'link', FILTER_VALIDATE_URL);
+ $linkTitle = Filter::filterInput(INPUT_POST, 'linkTitle', FILTER_SANITIZE_ENCODED);
$newsLang = Filter::filterInput(INPUT_POST, 'langTo', FILTER_UNSAFE_RAW);
$target = Filter::filterInput(INPUT_POST, 'target', FILTER_UNSAFE_RAW);
@@ -500,8 +502,8 @@
$email = Filter::filterInput(INPUT_POST, 'authorEmail', FILTER_VALIDATE_EMAIL);
$active = Filter::filterInput(INPUT_POST, 'active', FILTER_UNSAFE_RAW);
$comment = Filter::filterInput(INPUT_POST, 'comment', FILTER_UNSAFE_RAW);
- $link = Filter::filterInput(INPUT_POST, 'link', FILTER_UNSAFE_RAW);
- $linkTitle = Filter::filterInput(INPUT_POST, 'linkTitle', FILTER_UNSAFE_RAW);
+ $link = Filter::filterInput(INPUT_POST, 'link', FILTER_VALIDATE_URL);
+ $linkTitle = Filter::filterInput(INPUT_POST, 'linkTitle', FILTER_SANITIZE_ENCODED);
$newsLang = Filter::filterInput(INPUT_POST, 'langTo', FILTER_UNSAFE_RAW);
$target = Filter::filterInput(INPUT_POST, 'target', FILTER_UNSAFE_RAW);
diff --git a/phpmyfaq/src/phpMyFAQ/News.php b/phpmyfaq/src/phpMyFAQ/News.php
index b90cc1e825..e40643562d 100644
--- a/phpmyfaq/src/phpMyFAQ/News.php
+++ b/phpmyfaq/src/phpMyFAQ/News.php
@@ -95,7 +95,7 @@ public function getNews(bool $showArchive = false, bool $active = true): string
$this->pmfLang['msgInfo'],
Strings::htmlentities($item['link']),
$item['target'],
- $item['linkTitle']
+ Strings::htmlentities($item['linkTitle'])
);
}