Merge pull request #1948 from annando/1510-more-escaping
Handling contact names with > and <
This commit is contained in:
commit
9e2b62b082
5 changed files with 23 additions and 18 deletions
|
|
@ -392,7 +392,6 @@ function acl_lookup(&$a, $out_type = 'json') {
|
|||
if(!local_user())
|
||||
return "";
|
||||
|
||||
|
||||
$start = (x($_REQUEST,'start')?$_REQUEST['start']:0);
|
||||
$count = (x($_REQUEST,'count')?$_REQUEST['count']:100);
|
||||
$search = (x($_REQUEST,'search')?$_REQUEST['search']:"");
|
||||
|
|
@ -492,7 +491,7 @@ function acl_lookup(&$a, $out_type = 'json') {
|
|||
$groups[] = array(
|
||||
"type" => "g",
|
||||
"photo" => "images/twopeople.png",
|
||||
"name" => $g['name'],
|
||||
"name" => htmlentities($g['name']),
|
||||
"id" => intval($g['id']),
|
||||
"uids" => array_map("intval", explode(",",$g['uids'])),
|
||||
"link" => '',
|
||||
|
|
@ -547,7 +546,7 @@ function acl_lookup(&$a, $out_type = 'json') {
|
|||
foreach($r as $g) {
|
||||
$x['photos'][] = proxy_url($g['micro'], false, PROXY_SIZE_MICRO);
|
||||
$x['links'][] = $g['url'];
|
||||
$x['suggestions'][] = $g['name'];
|
||||
$x['suggestions'][] = htmlentities($g['name']);
|
||||
$x['data'][] = intval($g['id']);
|
||||
}
|
||||
}
|
||||
|
|
@ -560,11 +559,11 @@ function acl_lookup(&$a, $out_type = 'json') {
|
|||
$contacts[] = array(
|
||||
"type" => "c",
|
||||
"photo" => proxy_url($g['micro'], false, PROXY_SIZE_MICRO),
|
||||
"name" => $g['name'],
|
||||
"name" => htmlentities($g['name']),
|
||||
"id" => intval($g['id']),
|
||||
"network" => $g['network'],
|
||||
"link" => $g['url'],
|
||||
"nick" => ($g['attag']) ? $g['attag'] : $g['nick'],
|
||||
"nick" => htmlentities(($g['attag']) ? $g['attag'] : $g['nick']),
|
||||
"forum" => $g['forum']
|
||||
);
|
||||
}
|
||||
|
|
@ -605,11 +604,11 @@ function acl_lookup(&$a, $out_type = 'json') {
|
|||
$unknow_contacts[] = array(
|
||||
"type" => "c",
|
||||
"photo" => proxy_url($row['author-avatar'], false, PROXY_SIZE_MICRO),
|
||||
"name" => $row['author-name'],
|
||||
"name" => htmlentities($row['author-name']),
|
||||
"id" => '',
|
||||
"network" => "unknown",
|
||||
"link" => $row['author-link'],
|
||||
"nick" => $nick,
|
||||
"nick" => htmlentities($nick),
|
||||
"forum" => false
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -942,7 +942,7 @@ function like_puller($a,$item,&$arr,$mode) {
|
|||
$arr[$item['thr-parent']] = 1;
|
||||
else
|
||||
$arr[$item['thr-parent']] ++;
|
||||
$arr[$item['thr-parent'] . '-l'][] = '<a href="'. $url . '"'. $sparkle .'>' . $item['author-name'] . '</a>';
|
||||
$arr[$item['thr-parent'] . '-l'][] = '<a href="'. $url . '"'. $sparkle .'>' . htmlentities($item['author-name']) . '</a>';
|
||||
}
|
||||
return;
|
||||
}}
|
||||
|
|
@ -958,7 +958,7 @@ if(! function_exists('format_like')) {
|
|||
function format_like($cnt,$arr,$type,$id) {
|
||||
$o = '';
|
||||
if($cnt == 1)
|
||||
$o .= (($type === 'like') ? sprintf( t('%s likes this.'), $arr[0]) : sprintf( t('%s doesn\'t like this.'), $arr[0])) . EOL ;
|
||||
$o .= (($type === 'like') ? sprintf( t('%s likes this.'), $arr[0]) : sprintf( t('%s doesn\'t like this.'), $arr[0])) . EOL;
|
||||
else {
|
||||
$spanatts = "class=\"fakelink\" onclick=\"openClose('{$type}list-$id');\"";
|
||||
switch($type) {
|
||||
|
|
|
|||
|
|
@ -1239,10 +1239,10 @@ function item_store($arr,$force_parent = false, $notify = false, $dontcache = fa
|
|||
$arr['guid'] = ((x($arr,'guid')) ? notags(trim($arr['guid'])) : get_guid(32, $guid_prefix));
|
||||
$arr['uri'] = ((x($arr,'uri')) ? notags(trim($arr['uri'])) : $arr['guid']);
|
||||
$arr['extid'] = ((x($arr,'extid')) ? notags(trim($arr['extid'])) : '');
|
||||
$arr['author-name'] = ((x($arr,'author-name')) ? notags(trim($arr['author-name'])) : '');
|
||||
$arr['author-name'] = ((x($arr,'author-name')) ? trim($arr['author-name']) : '');
|
||||
$arr['author-link'] = ((x($arr,'author-link')) ? notags(trim($arr['author-link'])) : '');
|
||||
$arr['author-avatar'] = ((x($arr,'author-avatar')) ? notags(trim($arr['author-avatar'])) : '');
|
||||
$arr['owner-name'] = ((x($arr,'owner-name')) ? notags(trim($arr['owner-name'])) : '');
|
||||
$arr['owner-name'] = ((x($arr,'owner-name')) ? trim($arr['owner-name']) : '');
|
||||
$arr['owner-link'] = ((x($arr,'owner-link')) ? notags(trim($arr['owner-link'])) : '');
|
||||
$arr['owner-avatar'] = ((x($arr,'owner-avatar')) ? notags(trim($arr['owner-avatar'])) : '');
|
||||
$arr['created'] = ((x($arr,'created') !== false) ? datetime_convert('UTC','UTC',$arr['created']) : datetime_convert());
|
||||
|
|
@ -1250,8 +1250,8 @@ function item_store($arr,$force_parent = false, $notify = false, $dontcache = fa
|
|||
$arr['commented'] = ((x($arr,'commented') !== false) ? datetime_convert('UTC','UTC',$arr['commented']) : datetime_convert());
|
||||
$arr['received'] = ((x($arr,'received') !== false) ? datetime_convert('UTC','UTC',$arr['received']) : datetime_convert());
|
||||
$arr['changed'] = ((x($arr,'changed') !== false) ? datetime_convert('UTC','UTC',$arr['changed']) : datetime_convert());
|
||||
$arr['title'] = ((x($arr,'title')) ? notags(trim($arr['title'])) : '');
|
||||
$arr['location'] = ((x($arr,'location')) ? notags(trim($arr['location'])) : '');
|
||||
$arr['title'] = ((x($arr,'title')) ? trim($arr['title']) : '');
|
||||
$arr['location'] = ((x($arr,'location')) ? trim($arr['location']) : '');
|
||||
$arr['coord'] = ((x($arr,'coord')) ? notags(trim($arr['coord'])) : '');
|
||||
$arr['last-child'] = ((x($arr,'last-child')) ? intval($arr['last-child']) : 0 );
|
||||
$arr['visible'] = ((x($arr,'visible') !== false) ? intval($arr['visible']) : 1 );
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue