From e875a104ceacfd4a395e10800b078270773eb941 Mon Sep 17 00:00:00 2001
From: Michael Vogel <icarus@dabo.de>
Date: Mon, 2 Dec 2013 20:26:57 +0100
Subject: [PATCH] dangerous values in usernames for shared messages from
 diaspora are now encoded.

---
 include/diaspora.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/diaspora.php b/include/diaspora.php
index 0deb3cc2b..abc518cd5 100755
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -1041,10 +1041,10 @@ function diaspora_reshare($importer,$xml,$msg) {
 	$datarray['owner-link'] = $contact['url'];
 	$datarray['owner-avatar'] = ((x($contact,'thumb')) ? $contact['thumb'] : $contact['photo']);
 	if (!intval(get_config('system','wall-to-wall_share'))) {
-		$prefix = "[share author='".str_replace("'", "&#039;",$person['name']).
+		$prefix = "[share author='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"),$person['name']).
 				"' profile='".$person['url'].
 				"' avatar='".((x($person,'thumb')) ? $person['thumb'] : $person['photo']).
-				"' link='".$orig_url."']";
+				"' link='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"),$orig_url)."']";
 		$datarray['author-name'] = $contact['name'];
 		$datarray['author-link'] = $contact['url'];
 		$datarray['author-avatar'] = $contact['thumb'];