diff --git a/mod/events.php b/mod/events.php index f147e0054..cb91fae35 100644 --- a/mod/events.php +++ b/mod/events.php @@ -97,13 +97,23 @@ function events_post(App $a) // and we'll waste a bunch of time responding to it. Time that // could've been spent doing something else. - $summary = Strings::escapeHtml(trim(defaults($_POST, 'summary', ''))); - $desc = Strings::escapeHtml(trim(defaults($_POST, 'desc', ''))); - $location = Strings::escapeHtml(trim(defaults($_POST, 'location', ''))); + $summary = trim(defaults($_POST, 'summary' , '')); + $desc = trim(defaults($_POST, 'desc' , '')); + $location = trim(defaults($_POST, 'location', '')); $type = 'event'; - $action = ($event_id == '') ? 'new' : "event/" . $event_id; - $onerror_path = "events/" . $action . "?summary=$summary&description=$desc&location=$location&start=$start_text&finish=$finish_text&adjust=$adjust&nofinish=$nofinish"; + $params = [ + 'summary' => $summary, + 'description' => $desc, + 'location' => $location, + 'start' => $start_text, + 'finish' => $finish_text, + 'adjust' => $adjust, + 'nofinish' => $nofinish, + ]; + + $action = ($event_id == '') ? 'new' : 'event/' . $event_id; + $onerror_path = 'events/' . $action . '?' . http_build_query($params, null, null, PHP_QUERY_RFC3986); if (strcmp($finish, $start) < 0 && !$nofinish) { notice(L10n::t('Event can not end before it has started.') . EOL); @@ -137,10 +147,10 @@ function events_post(App $a) if ($share) { - $str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : ''; - $str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : ''; - $str_group_deny = !empty($_POST['group_deny']) ? perms2str($_POST['group_deny']) : ''; - $str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : ''; + $str_group_allow = perms2str(defaults($_POST, 'group_allow' , '')); + $str_contact_allow = perms2str(defaults($_POST, 'contact_allow', '')); + $str_group_deny = perms2str(defaults($_POST, 'group_deny' , '')); + $str_contact_deny = perms2str(defaults($_POST, 'contact_deny' , '')); // Undo the pseudo-contact of self, since there are real contacts now if (strpos($str_contact_allow, '<' . $self . '>') !== false) { @@ -181,7 +191,7 @@ function events_post(App $a) if (intval($_REQUEST['preview'])) { $html = Event::getHTML($datarray); echo $html; - killme(); + exit(); } $item_id = Event::store($datarray); @@ -364,8 +374,9 @@ function events_content(App $a) } if ($a->argc > 1 && $a->argv[1] === 'json') { + header('Content-Type: application/json'); echo json_encode($events); - killme(); + exit(); } if (!empty($_GET['id'])) { diff --git a/src/Model/Event.php b/src/Model/Event.php index 886f12415..d25f2a151 100644 --- a/src/Model/Event.php +++ b/src/Model/Event.php @@ -14,9 +14,9 @@ use Friendica\Core\PConfig; use Friendica\Core\Renderer; use Friendica\Core\System; use Friendica\Database\DBA; -use Friendica\Model\Contact; use Friendica\Util\DateTimeFormat; use Friendica\Util\Map; +use Friendica\Util\Strings; use Friendica\Util\XML; require_once 'boot.php'; @@ -53,11 +53,11 @@ class Event extends BaseObject if ($simple) { if (!empty($event['summary'])) { - $o = "
" . $event_start . "
"; @@ -67,7 +67,7 @@ class Event extends BaseObject } if (!empty($event['location'])) { - $o .= "" . BBCode::convert($event['location'], false, $simple) . "
"; + $o .= "" . BBCode::convert(Strings::escapeHtml($event['location']), false, $simple) . "
"; } return $o; @@ -75,7 +75,7 @@ class Event extends BaseObject $o = '