From 7da21d6d2cc44288c85971ef274084116583cbd6 Mon Sep 17 00:00:00 2001
From: Vitaliy Filippov <vitalif@yourcmc.ru>
Date: Tue, 9 Dec 2014 16:12:43 +0300
Subject: [PATCH] escape html in error message

---
 add.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/add.php b/add.php
index ee8aff2..5bc4439 100644
--- a/add.php
+++ b/add.php
@@ -39,7 +39,7 @@ if (!empty($_REQUEST['do']))
         $sfile = new SimplePie_File($opml);
         if(!$sfile->success)
         {
-            echo "Cannot open $opml<br>";
+            echo "Cannot open ".htmlspecialchars($opml)."<br>";
             return false;
         }
         $content = $sfile->body;