From c5c8d784d494f17456d51c821f5e25e863aa00fe Mon Sep 17 00:00:00 2001
From: joyqi <magike.net@gmail.com>
Date: Sun, 20 Oct 2013 11:26:14 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E5=88=86=E9=A1=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 var/Widget/Abstract/Contents.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/var/Widget/Abstract/Contents.php b/var/Widget/Abstract/Contents.php
index cbefb800..524690a5 100644
--- a/var/Widget/Abstract/Contents.php
+++ b/var/Widget/Abstract/Contents.php
@@ -83,19 +83,19 @@ class Widget_Abstract_Contents extends Widget_Abstract
      */
     protected function ___excerpt()
     {
-        $contents = explode('<!--more-->', $this->text);
-        list($excerpt) = $contents;
-
-        $excerpt = $this->pluginHandle(__CLASS__)->trigger($plugged)->excerpt($excerpt, $this);
+        $content = $this->pluginHandle(__CLASS__)->trigger($plugged)->excerpt($this->text, $this);
         if (!$plugged) {
             if ($this->isMarkdown) {
                 $markdown = new Markdown();
-                $excerpt = $markdown->transform($excerpt);
+                $content = $markdown->transform($content);
             } else {
-                $excerpt = Typecho_Common::cutParagraph($excerpt);
+                $content = Typecho_Common::cutParagraph($content);
             }
         }
 
+        $contents = explode('<!--more-->', $content);
+        list($excerpt) = $contents;
+
         return Typecho_Common::fixHtml($this->pluginHandle(__CLASS__)->excerptEx($excerpt, $this));
     }
 
@@ -235,7 +235,7 @@ class Widget_Abstract_Contents extends Widget_Abstract
     {
         /** 构建插入结构 */
         $insertStruct = array(
-            'title'         =>  empty($content['title']) ? NULL : $content['title'],
+            'title'         =>  empty($content['title']) ? NULL : htmlspecialchars($content['title']),
             'created'       =>  empty($content['created']) ? $this->options->gmtTime : $content['created'],
             'modified'      =>  $this->options->gmtTime,
             'text'          =>  empty($content['text']) ? NULL : $content['text'],
@@ -284,7 +284,7 @@ class Widget_Abstract_Contents extends Widget_Abstract
 
         /** 构建更新结构 */
         $preUpdateStruct = array(
-            'title'         =>  empty($content['title']) ? NULL : $content['title'],
+            'title'         =>  empty($content['title']) ? NULL : htmlspecialchars($content['title']),
             'order'         =>  empty($content['order']) ? 0 : intval($content['order']),
             'text'          =>  empty($content['text']) ? NULL : $content['text'],
             'template'      =>  empty($content['template']) ? NULL : $content['template'],