From 8c42e2e62e4c76d456ed1506a0305611987a8fc0 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 14 Mar 2018 21:47:24 +0000 Subject: [PATCH 1/2] Avoid double encoding of the attachment content --- src/Content/Text/BBCode.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php index 9eb5cfd72..edff3a284 100644 --- a/src/Content/Text/BBCode.php +++ b/src/Content/Text/BBCode.php @@ -705,7 +705,7 @@ class BBCode } if ($data["description"] != "" && $data["description"] != $data["title"]) { - $return .= sprintf('
%s
', trim(BBCode::convert($data["description"]))); + $return .= sprintf('
%s
', trim($data["description"])); } if ($data["type"] == "link") { From 4ba3ba391a4a4cebd8f06275e87253e957850127 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 14 Mar 2018 22:51:14 +0000 Subject: [PATCH 2/2] The attachment text had already been in HTML and mustn't be converted again --- src/Content/Text/BBCode.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php index edff3a284..532397c13 100644 --- a/src/Content/Text/BBCode.php +++ b/src/Content/Text/BBCode.php @@ -25,6 +25,7 @@ use Friendica\Util\ParseUrl; require_once "include/event.php"; require_once "include/html2plain.php"; +require_once "include/html2bbcode.php"; require_once "mod/proxy.php"; class BBCode @@ -705,9 +706,10 @@ class BBCode } if ($data["description"] != "" && $data["description"] != $data["title"]) { - $return .= sprintf('
%s
', trim($data["description"])); + // Sanitize the HTML by converting it to BBCode + $bbcode = html2bbcode($data["description"]); + $return .= sprintf('
%s
', trim(self::convert($bbcode))); } - if ($data["type"] == "link") { $return .= sprintf('%s', $data['url'], parse_url($data['url'], PHP_URL_HOST)); }