From 152fb4e75361a55cb350e3da4cc3b47754eff9a2 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sat, 20 Jan 2024 00:40:36 +0900
Subject: [PATCH] RVE-2024-1 always escape DocumentItem->getTitleText()

---
 modules/document/document.item.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/document/document.item.php b/modules/document/document.item.php
index 29d750311..8be5e3645 100644
--- a/modules/document/document.item.php
+++ b/modules/document/document.item.php
@@ -495,7 +495,8 @@ class DocumentItem extends BaseObject
 			return;
 		}
 
-		return $cut_size ? cut_str($this->get('title'), $cut_size, $tail) : $this->get('title');
+		$title = $cut_size ? cut_str($this->get('title'), $cut_size, $tail) : $this->get('title');
+		return escape($title, false);
 	}
 
 	function getVoted()
@@ -593,7 +594,7 @@ class DocumentItem extends BaseObject
 			return false;
 		}
 
-		$title = escape($this->getTitleText($cut_size, $tail), false);
+		$title = $this->getTitleText($cut_size, $tail);
 		$this->add('title_color', trim($this->get('title_color') ?? ''));
 
 		$attrs = array();