Merge pull request #13328 from MrPetovan/bug/escape-username
Escape HTML in system messages and in display names for inclusion in syndication link tags
This commit is contained in:
commit
bf2c19b2e0
3 changed files with 9 additions and 9 deletions
|
@ -799,7 +799,7 @@ class Contact
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$fields = ['uid', 'nickname', 'page-flags', 'account-type', 'prvkey', 'pubkey'];
|
$fields = ['uid', 'username', 'nickname', 'page-flags', 'account-type', 'prvkey', 'pubkey'];
|
||||||
$user = DBA::selectFirst('user', $fields, ['uid' => $uid, 'account_expired' => false]);
|
$user = DBA::selectFirst('user', $fields, ['uid' => $uid, 'account_expired' => false]);
|
||||||
if (!DBA::isResult($user)) {
|
if (!DBA::isResult($user)) {
|
||||||
return false;
|
return false;
|
||||||
|
@ -818,7 +818,7 @@ class Contact
|
||||||
$url = DI::baseUrl() . '/profile/' . $user['nickname'];
|
$url = DI::baseUrl() . '/profile/' . $user['nickname'];
|
||||||
|
|
||||||
$fields = [
|
$fields = [
|
||||||
'name' => $profile['name'],
|
'name' => $user['username'],
|
||||||
'nick' => $user['nickname'],
|
'nick' => $user['nickname'],
|
||||||
'avatar-date' => $self['avatar-date'],
|
'avatar-date' => $self['avatar-date'],
|
||||||
'location' => Profile::formatLocation($profile),
|
'location' => Profile::formatLocation($profile),
|
||||||
|
@ -841,7 +841,6 @@ class Contact
|
||||||
'confirm' => DI::baseUrl() . '/dfrn_confirm/' . $user['nickname'],
|
'confirm' => DI::baseUrl() . '/dfrn_confirm/' . $user['nickname'],
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
$avatar = Photo::selectFirst(['resource-id', 'type'], ['uid' => $uid, 'profile' => true]);
|
$avatar = Photo::selectFirst(['resource-id', 'type'], ['uid' => $uid, 'profile' => true]);
|
||||||
if (DBA::isResult($avatar)) {
|
if (DBA::isResult($avatar)) {
|
||||||
if ($update_avatar) {
|
if ($update_avatar) {
|
||||||
|
|
|
@ -52,6 +52,7 @@ use Friendica\Network\HTTPException;
|
||||||
use Friendica\Protocol\Activity;
|
use Friendica\Protocol\Activity;
|
||||||
use Friendica\Util\DateTimeFormat;
|
use Friendica\Util\DateTimeFormat;
|
||||||
use Friendica\Util\Profiler;
|
use Friendica\Util\Profiler;
|
||||||
|
use Friendica\Util\Strings;
|
||||||
use GuzzleHttp\Psr7\Uri;
|
use GuzzleHttp\Psr7\Uri;
|
||||||
use Psr\Log\LoggerInterface;
|
use Psr\Log\LoggerInterface;
|
||||||
|
|
||||||
|
@ -296,8 +297,8 @@ class Ping extends BaseModule
|
||||||
$data['notifications'] = $navNotifications;
|
$data['notifications'] = $navNotifications;
|
||||||
|
|
||||||
$data['sysmsgs'] = [
|
$data['sysmsgs'] = [
|
||||||
'notice' => $this->systemMessages->flushNotices(),
|
'notice' => array_map([Strings::class, 'escapeHtml'], $this->systemMessages->flushNotices()),
|
||||||
'info' => $this->systemMessages->flushInfos(),
|
'info' => array_map([Strings::class, 'escapeHtml'], $this->systemMessages->flushInfos()),
|
||||||
];
|
];
|
||||||
|
|
||||||
if (isset($_GET['callback'])) {
|
if (isset($_GET['callback'])) {
|
||||||
|
|
|
@ -103,10 +103,10 @@ class Conversations extends BaseProfile
|
||||||
$this->page['htmlhead'] .= '<meta content="noindex, noarchive" name="robots" />' . "\n";
|
$this->page['htmlhead'] .= '<meta content="noindex, noarchive" name="robots" />' . "\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $this->baseUrl . '/dfrn_poll/' . $this->parameters['nickname'] . '" title="DFRN: ' . $this->t('%s\'s timeline', $profile['name']) . '"/>' . "\n";
|
$this->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $this->baseUrl . '/dfrn_poll/' . $this->parameters['nickname'] . '" title="DFRN: ' . $this->t('%s\'s timeline', Strings::escapeHtml($profile['name'])) . '"/>' . "\n";
|
||||||
$this->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $this->baseUrl . '/feed/' . $this->parameters['nickname'] . '/" title="' . $this->t('%s\'s posts', $profile['name']) . '"/>' . "\n";
|
$this->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $this->baseUrl . '/feed/' . $this->parameters['nickname'] . '/" title="' . $this->t('%s\'s posts', Strings::escapeHtml($profile['name'])) . '"/>' . "\n";
|
||||||
$this->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $this->baseUrl . '/feed/' . $this->parameters['nickname'] . '/comments" title="' . $this->t('%s\'s comments', $profile['name']) . '"/>' . "\n";
|
$this->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $this->baseUrl . '/feed/' . $this->parameters['nickname'] . '/comments" title="' . $this->t('%s\'s comments', Strings::escapeHtml($profile['name'])) . '"/>' . "\n";
|
||||||
$this->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $this->baseUrl . '/feed/' . $this->parameters['nickname'] . '/activity" title="' . $this->t('%s\'s timeline', $profile['name']) . '"/>' . "\n";
|
$this->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $this->baseUrl . '/feed/' . $this->parameters['nickname'] . '/activity" title="' . $this->t('%s\'s timeline', Strings::escapeHtml($profile['name'])) . '"/>' . "\n";
|
||||||
|
|
||||||
$category = $datequery = $datequery2 = '';
|
$category = $datequery = $datequery2 = '';
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue