From 46aae667000941701d6e64df277cbf0d14f3e369 Mon Sep 17 00:00:00 2001
From: Alex Davyskiba <zviryatko@html-and-cms.com>
Date: Sat, 31 Jan 2015 11:23:29 +0200
Subject: [PATCH] Escape commit message from XSS and broken markup.

Closes #769
---
 PHPCI/Model/Build.php             | 7 +++++++
 PHPCI/Model/Build/GithubBuild.php | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/PHPCI/Model/Build.php b/PHPCI/Model/Build.php
index 6dfef060..b5928cfe 100644
--- a/PHPCI/Model/Build.php
+++ b/PHPCI/Model/Build.php
@@ -193,4 +193,11 @@ class Build extends BuildBase
 
         return $rtn;
     }
+
+    public function getCommitMessage()
+    {
+        $rtn = htmlspecialchars($this->data['commit_message']);
+
+        return $rtn;
+    }
 }
diff --git a/PHPCI/Model/Build/GithubBuild.php b/PHPCI/Model/Build/GithubBuild.php
index feef147a..caa21979 100644
--- a/PHPCI/Model/Build/GithubBuild.php
+++ b/PHPCI/Model/Build/GithubBuild.php
@@ -101,7 +101,7 @@ class GithubBuild extends RemoteGitBuild
      */
     public function getCommitMessage()
     {
-        $rtn = $this->data['commit_message'];
+        $rtn = parent::getCommitMessage($this->data['commit_message']);
 
         $reference = $this->getProject()->getReference();
         $commitLink = '<a target="_blank" href="https://github.com/' . $reference . '/issues/$1">#$1</a>';