From a0839b5b1fc45f789160cf5739fc69951d927d12 Mon Sep 17 00:00:00 2001
From: ovclas <ovclas@gmail.com>
Date: Tue, 29 Nov 2011 05:45:42 +0000
Subject: [PATCH] xss defense

git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@9884 201d5d3c-b55e-5fd7-737f-ddc643e51545
---
 modules/menu/menu.admin.view.php  | 2 +-
 widgets/content/content.class.php | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/menu/menu.admin.view.php b/modules/menu/menu.admin.view.php
index df7dd8424..0327092a8 100644
--- a/modules/menu/menu.admin.view.php
+++ b/modules/menu/menu.admin.view.php
@@ -133,7 +133,7 @@
 					{
 						unset($menu);
 						unset($menuItems);
-						$value->xml_file = sprintf('./files/cache/menu/%s.xml.php',$value->menu_srl);
+						//$value->xml_file = sprintf('./files/cache/menu/%s.xml.php',$value->menu_srl);
 						$value->php_file = sprintf('./files/cache/menu/%s.php',$value->menu_srl);
 						if(file_exists($value->php_file)) @include($value->php_file);
 
diff --git a/widgets/content/content.class.php b/widgets/content/content.class.php
index a2879e76c..65b7d3bf0 100644
--- a/widgets/content/content.class.php
+++ b/widgets/content/content.class.php
@@ -251,6 +251,10 @@
 
                 $content_items[0]->setFirstThumbnailIdx($first_thumbnail_idx);
             }
+
+			$oSecurity = new Security($content_items);
+			$oSecurity->encodeHTML('..variables.title', '..variables.content', '..variables.user_name', '..variables.nick_name');
+
             return $content_items;
         }