From e34ef6cb4f77a6360debc73f147a44191d533a2b Mon Sep 17 00:00:00 2001
From: Matthew Seal <matthewseal@protonmail.com>
Date: Sat, 15 Sep 2018 06:13:05 -0600
Subject: [PATCH] [MrssFormat] Escape double quotes in XML attributes (#813)

XML attributes need to have certain characters escaped to be valid. The title attribute can have double quotes in it which need to be properly encoded for attributes.
---
 formats/MrssFormat.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/formats/MrssFormat.php b/formats/MrssFormat.php
index 72a829e7..7ea9756f 100644
--- a/formats/MrssFormat.php
+++ b/formats/MrssFormat.php
@@ -79,6 +79,8 @@ EOD;
 
 		$charset = $this->getCharset();
 
+		/* xml attributes need to have certain characters escaped to be w3c compliant */
+		$imageTitle = htmlspecialchars($title, ENT_COMPAT);
 		/* Data are prepared, now let's begin the "MAGIE !!!" */
 		$toReturn = <<<EOD
 <?xml version="1.0" encoding="{$charset}"?>
@@ -90,7 +92,7 @@ xmlns:atom="http://www.w3.org/2005/Atom">
 		<title>{$title}</title>
 		<link>http{$https}://{$httpHost}{$httpInfo}/</link>
 		<description>{$title}</description>
-		<image url="{$icon}" title="{$title}" link="{$uri}"/>
+		<image url="{$icon}" title="{$imageTitle}" link="{$uri}"/>
 		<atom:link rel="alternate" type="text/html" href="{$uri}" />
 		<atom:link rel="self" href="http{$https}://{$httpHost}{$serverRequestUri}" />
 		{$items}