From 9c15cd2c1fb833440d485af47cc5b6222406490a Mon Sep 17 00:00:00 2001
From: Alex Cabal <alex@alexcabal.com>
Date: Mon, 7 Jul 2025 11:13:32 -0500
Subject: [PATCH] Escape transcriptoin URLs in Wanted Ebooks page

---
 lib/Formatter.php              | 2 +-
 templates/WantedEbooksList.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/Formatter.php b/lib/Formatter.php
index 5878aa2e..3a14292a 100644
--- a/lib/Formatter.php
+++ b/lib/Formatter.php
@@ -83,7 +83,7 @@ class Formatter{
 	}
 
 	/**
-	 * Escape a strin so that it's safe to output directly into an XML document. Note that this is **not the same** as escaping for HTML. Any query strings in URLs should already be URL-encoded, for example `?foo=bar+baz&x=y`.
+	 * Escape a string so that it's safe to output directly into an XML document. Note that this is **not the same** as escaping for HTML. Any query strings in URLs should already be URL-encoded, for example `?foo=bar+baz&x=y`.
 	 */
 	public static function EscapeXml(?string $text): string{
 		return htmlspecialchars(trim($text ?? ''), ENT_QUOTES|ENT_XML1, 'utf-8');
diff --git a/templates/WantedEbooksList.php b/templates/WantedEbooksList.php
index 0a2f06f8..d8ba78f7 100644
--- a/templates/WantedEbooksList.php
+++ b/templates/WantedEbooksList.php
@@ -8,7 +8,7 @@
 	<? foreach($ebooks as $ebook){ ?>
 		<li>
 			<p>
-				<? if(isset($ebook->EbookPlaceholder->TranscriptionUrl)){ ?><a href="<?= $ebook->EbookPlaceholder->TranscriptionUrl ?>"><? } ?><i><?= Formatter::EscapeHtml($ebook->Title) ?></i><? if(isset($ebook->EbookPlaceholder->TranscriptionUrl)){ ?></a><? } ?>
+				<? if(isset($ebook->EbookPlaceholder->TranscriptionUrl)){ ?><a href="<?= Formatter::EscapeHtml($ebook->EbookPlaceholder->TranscriptionUrl) ?>"><? } ?><i><?= Formatter::EscapeHtml($ebook->Title) ?></i><? if(isset($ebook->EbookPlaceholder->TranscriptionUrl)){ ?></a><? } ?>
 
 
 				by <?= Formatter::EscapeHtml($ebook->AuthorsString) ?>. <?= $ebook->ContributorsHtml ?>