🐛 Fix #12407

e13ec102 · Liang Ding · b7393818 · e13ec102 · e13ec102 · e13ec102
Commit e13ec102 authored Mar 10, 2018 by Liang Ding
4 changed files
--- a/src/main/java/org/b3log/solo/model/feed/atom/Entry.java
+++ b/src/main/java/org/b3log/solo/model/feed/atom/Entry.java
@@ -324,10 +324,10 @@ public final class Entry {
            stringBuilder.append(category.toString());
        }

-        stringBuilder.append(LINK_ELEMENT.replace(LINK_VARIABLE, link));
+        stringBuilder.append(LINK_ELEMENT.replace(LINK_VARIABLE, StringEscapeUtils.escapeXml(link)));

        stringBuilder.append(START_ID_ELEMENT);
-        stringBuilder.append(id);
+        stringBuilder.append(StringEscapeUtils.escapeXml(id));
        stringBuilder.append(END_ID_ELEMENT);

        stringBuilder.append(START_UPDATED_ELEMENT);

--- a/src/main/java/org/b3log/solo/model/feed/atom/Feed.java
+++ b/src/main/java/org/b3log/solo/model/feed/atom/Feed.java
@@ -332,7 +332,7 @@ public final class Feed {
        stringBuilder.append(START_FEED_ELEMENT);

        stringBuilder.append(START_ID_ELEMENT);
-        stringBuilder.append(id);
+        stringBuilder.append(StringEscapeUtils.escapeXml(id));
        stringBuilder.append(END_ID_ELEMENT);

        stringBuilder.append(START_TITLE_ELEMENT);
@@ -354,7 +354,7 @@ public final class Feed {
        stringBuilder.append(END_NAME_ELEMENT);
        stringBuilder.append(END_AUTHOR_ELEMENT);

-        stringBuilder.append(LINK_ELEMENT.replace(LINK_VARIABLE, link));
+        stringBuilder.append(LINK_ELEMENT.replace(LINK_VARIABLE, StringEscapeUtils.escapeXml(link)));

        for (final Entry entry : entries) {
            stringBuilder.append(entry.toString());

--- a/src/main/java/org/b3log/solo/model/feed/rss/Item.java
+++ b/src/main/java/org/b3log/solo/model/feed/rss/Item.java
@@ -253,7 +253,7 @@ public final class Item {
        stringBuilder.append(END_TITLE_ELEMENT);

        stringBuilder.append(START_LINK_ELEMENT);
-        stringBuilder.append(link);
+        stringBuilder.append(StringEscapeUtils.escapeXml(link));
        stringBuilder.append(END_LINK_ELEMENT);

        stringBuilder.append(START_DESCRIPTION_ELEMENT);
@@ -265,7 +265,7 @@ public final class Item {
        stringBuilder.append(END_AUTHOR_ELEMENT);

        stringBuilder.append(START_GUID_ELEMENT);
-        stringBuilder.append(guid);
+        stringBuilder.append(StringEscapeUtils.escapeXml(guid));
        stringBuilder.append(END_GUID_ELEMENT);

        for (final Category category : categories) {

--- a/src/main/java/org/b3log/solo/processor/SitemapProcessor.java
+++ b/src/main/java/org/b3log/solo/processor/SitemapProcessor.java
@@ -15,7 +15,7 @@
 */
 package org.b3log.solo.processor;

-
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.time.DateFormatUtils;
 import org.b3log.latke.Keys;
 import org.b3log.latke.Latkes;
@@ -50,12 +50,11 @@ import java.io.IOException;
 import java.net.URLEncoder;
 import java.util.Date;

-
 /**
 * Site map (sitemap) processor.
 *
 * @author <a href="http://88250.b3log.org">Liang Ding</a>
- * @version 1.0.0.6, May 17, 2013
+ * @version 1.0.1.0, Mar 10, 2018
 * @since 0.3.1
 */
 @RequestProcessor
@@ -151,7 +150,7 @@ public class SitemapProcessor {
            final String permalink = article.getString(Article.ARTICLE_PERMALINK);

            final URL url = new URL();
-            url.setLoc(Latkes.getServePath() + permalink);
+            url.setLoc(StringEscapeUtils.escapeXml(Latkes.getServePath() + permalink));
            final Date updateDate = (Date) article.get(Article.ARTICLE_UPDATE_DATE);
            final String lastMod = DateFormatUtils.ISO_DATETIME_TIME_ZONE_FORMAT.format(updateDate);
            url.setLastMod(lastMod);