From 4f55b6a115ce0de8c5c258fb44eca52b8b112caf Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Mon, 2 Nov 2015 11:33:04 +1300
Subject: [PATCH] [ss-2015-022]: XML escape RSSFeed $link parameter

---
 api/RSSFeed.php           | 1 +
 tests/api/RSSFeedTest.php | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/api/RSSFeed.php b/api/RSSFeed.php
index 12174d9c9..22d6d704e 100644
--- a/api/RSSFeed.php
+++ b/api/RSSFeed.php
@@ -16,6 +16,7 @@ class RSSFeed extends ViewableData {
 	private static $casting = array(
 		"Title" => "Varchar",
 		"Description" => "Varchar",
+		"Link" => "Varchar",
 	);
 
 	/**
diff --git a/tests/api/RSSFeedTest.php b/tests/api/RSSFeedTest.php
index 0402bd30a..9bbf25927 100644
--- a/tests/api/RSSFeedTest.php
+++ b/tests/api/RSSFeedTest.php
@@ -43,6 +43,13 @@ class RSSFeedTest extends SapphireTest {
 		$this->assertContains('<description>ItemC AltContent</description>', $content);
 	}
 
+	public function testLinkEncoding() {
+		$list = new ArrayList();
+		$rssFeed = new RSSFeed($list, "http://www.example.com/?param1=true&param2=true", "Test RSS Feed");
+		$content = $rssFeed->outputToBrowser();
+		$this->assertContains('<link>http://www.example.com/?param1=true&amp;param2=true', $content);
+	}
+
 	public function testRSSFeedWithShortcode() {
 		$list = new ArrayList();
 		$list->push(new RSSFeedTest_ItemD());