X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=blobdiff_plain;f=items.php;h=a2a04464e398110e1cd1e2bc71f66b3d87a9e3c8;hp=cd2cd91bb14c6aff37a52a2f250ce4e2231b4c26;hb=b6cae6a5698c5d0655d921f78f0ccab470bf034c;hpb=3b38ca36fc18d34999073625a9c66dc2f05747a3

diff --git a/items.php b/items.php
index cd2cd91..a2a0446 100644
--- a/items.php
+++ b/items.php
@@ -2,10 +2,6 @@
 /* Copyright (c) 2009 Arnaud Renevier, Inc, published under the modified BSD
    license. */
 
-require_once ("./inc/settings.php");
-require_once ("./inc/utils.php");
-require_once ("./inc/db/mysql.php");
-
 function headers_callback ($output) {
     $etag = md5 ($output);
     if ((isset ($_SERVER ["HTTP_IF_NONE_MATCH"])) && 
@@ -29,7 +25,7 @@ function main ($features) {
 ';
 
     if (SITETITLE) {
-        printf ('    <name>%s</name>', SITETITLE);
+        printf ('    <name>%s</name>', htmlspecialchars (SITETITLE));
     }
     foreach ($features as $feature) {
         $id = $feature->id;
@@ -77,6 +73,12 @@ function main ($features) {
     </kml>';
 }
 
+if (!@include_once ("./inc/settings.php")) {
+    exit ("server error");
+}
+require_once ("./inc/utils.php");
+require_once ("./inc/db/mysql.php");
+
 try {
     $connection->connect (DBHOST, DBUSER, DBPWD, DBNAME, DBPREFIX);
     $features = $connection->listfeatures ($_GET ['from_user']);