Merge pull request #1948 from annando/1510-more-escaping
Handling contact names with > and <
This commit is contained in:
commit
9e2b62b082
5 changed files with 23 additions and 18 deletions
|
@ -392,7 +392,6 @@ function acl_lookup(&$a, $out_type = 'json') {
|
||||||
if(!local_user())
|
if(!local_user())
|
||||||
return "";
|
return "";
|
||||||
|
|
||||||
|
|
||||||
$start = (x($_REQUEST,'start')?$_REQUEST['start']:0);
|
$start = (x($_REQUEST,'start')?$_REQUEST['start']:0);
|
||||||
$count = (x($_REQUEST,'count')?$_REQUEST['count']:100);
|
$count = (x($_REQUEST,'count')?$_REQUEST['count']:100);
|
||||||
$search = (x($_REQUEST,'search')?$_REQUEST['search']:"");
|
$search = (x($_REQUEST,'search')?$_REQUEST['search']:"");
|
||||||
|
@ -492,7 +491,7 @@ function acl_lookup(&$a, $out_type = 'json') {
|
||||||
$groups[] = array(
|
$groups[] = array(
|
||||||
"type" => "g",
|
"type" => "g",
|
||||||
"photo" => "images/twopeople.png",
|
"photo" => "images/twopeople.png",
|
||||||
"name" => $g['name'],
|
"name" => htmlentities($g['name']),
|
||||||
"id" => intval($g['id']),
|
"id" => intval($g['id']),
|
||||||
"uids" => array_map("intval", explode(",",$g['uids'])),
|
"uids" => array_map("intval", explode(",",$g['uids'])),
|
||||||
"link" => '',
|
"link" => '',
|
||||||
|
@ -547,7 +546,7 @@ function acl_lookup(&$a, $out_type = 'json') {
|
||||||
foreach($r as $g) {
|
foreach($r as $g) {
|
||||||
$x['photos'][] = proxy_url($g['micro'], false, PROXY_SIZE_MICRO);
|
$x['photos'][] = proxy_url($g['micro'], false, PROXY_SIZE_MICRO);
|
||||||
$x['links'][] = $g['url'];
|
$x['links'][] = $g['url'];
|
||||||
$x['suggestions'][] = $g['name'];
|
$x['suggestions'][] = htmlentities($g['name']);
|
||||||
$x['data'][] = intval($g['id']);
|
$x['data'][] = intval($g['id']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -560,11 +559,11 @@ function acl_lookup(&$a, $out_type = 'json') {
|
||||||
$contacts[] = array(
|
$contacts[] = array(
|
||||||
"type" => "c",
|
"type" => "c",
|
||||||
"photo" => proxy_url($g['micro'], false, PROXY_SIZE_MICRO),
|
"photo" => proxy_url($g['micro'], false, PROXY_SIZE_MICRO),
|
||||||
"name" => $g['name'],
|
"name" => htmlentities($g['name']),
|
||||||
"id" => intval($g['id']),
|
"id" => intval($g['id']),
|
||||||
"network" => $g['network'],
|
"network" => $g['network'],
|
||||||
"link" => $g['url'],
|
"link" => $g['url'],
|
||||||
"nick" => ($g['attag']) ? $g['attag'] : $g['nick'],
|
"nick" => htmlentities(($g['attag']) ? $g['attag'] : $g['nick']),
|
||||||
"forum" => $g['forum']
|
"forum" => $g['forum']
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -605,11 +604,11 @@ function acl_lookup(&$a, $out_type = 'json') {
|
||||||
$unknow_contacts[] = array(
|
$unknow_contacts[] = array(
|
||||||
"type" => "c",
|
"type" => "c",
|
||||||
"photo" => proxy_url($row['author-avatar'], false, PROXY_SIZE_MICRO),
|
"photo" => proxy_url($row['author-avatar'], false, PROXY_SIZE_MICRO),
|
||||||
"name" => $row['author-name'],
|
"name" => htmlentities($row['author-name']),
|
||||||
"id" => '',
|
"id" => '',
|
||||||
"network" => "unknown",
|
"network" => "unknown",
|
||||||
"link" => $row['author-link'],
|
"link" => $row['author-link'],
|
||||||
"nick" => $nick,
|
"nick" => htmlentities($nick),
|
||||||
"forum" => false
|
"forum" => false
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
|
@ -942,7 +942,7 @@ function like_puller($a,$item,&$arr,$mode) {
|
||||||
$arr[$item['thr-parent']] = 1;
|
$arr[$item['thr-parent']] = 1;
|
||||||
else
|
else
|
||||||
$arr[$item['thr-parent']] ++;
|
$arr[$item['thr-parent']] ++;
|
||||||
$arr[$item['thr-parent'] . '-l'][] = '<a href="'. $url . '"'. $sparkle .'>' . $item['author-name'] . '</a>';
|
$arr[$item['thr-parent'] . '-l'][] = '<a href="'. $url . '"'. $sparkle .'>' . htmlentities($item['author-name']) . '</a>';
|
||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
}}
|
}}
|
||||||
|
|
|
@ -1239,10 +1239,10 @@ function item_store($arr,$force_parent = false, $notify = false, $dontcache = fa
|
||||||
$arr['guid'] = ((x($arr,'guid')) ? notags(trim($arr['guid'])) : get_guid(32, $guid_prefix));
|
$arr['guid'] = ((x($arr,'guid')) ? notags(trim($arr['guid'])) : get_guid(32, $guid_prefix));
|
||||||
$arr['uri'] = ((x($arr,'uri')) ? notags(trim($arr['uri'])) : $arr['guid']);
|
$arr['uri'] = ((x($arr,'uri')) ? notags(trim($arr['uri'])) : $arr['guid']);
|
||||||
$arr['extid'] = ((x($arr,'extid')) ? notags(trim($arr['extid'])) : '');
|
$arr['extid'] = ((x($arr,'extid')) ? notags(trim($arr['extid'])) : '');
|
||||||
$arr['author-name'] = ((x($arr,'author-name')) ? notags(trim($arr['author-name'])) : '');
|
$arr['author-name'] = ((x($arr,'author-name')) ? trim($arr['author-name']) : '');
|
||||||
$arr['author-link'] = ((x($arr,'author-link')) ? notags(trim($arr['author-link'])) : '');
|
$arr['author-link'] = ((x($arr,'author-link')) ? notags(trim($arr['author-link'])) : '');
|
||||||
$arr['author-avatar'] = ((x($arr,'author-avatar')) ? notags(trim($arr['author-avatar'])) : '');
|
$arr['author-avatar'] = ((x($arr,'author-avatar')) ? notags(trim($arr['author-avatar'])) : '');
|
||||||
$arr['owner-name'] = ((x($arr,'owner-name')) ? notags(trim($arr['owner-name'])) : '');
|
$arr['owner-name'] = ((x($arr,'owner-name')) ? trim($arr['owner-name']) : '');
|
||||||
$arr['owner-link'] = ((x($arr,'owner-link')) ? notags(trim($arr['owner-link'])) : '');
|
$arr['owner-link'] = ((x($arr,'owner-link')) ? notags(trim($arr['owner-link'])) : '');
|
||||||
$arr['owner-avatar'] = ((x($arr,'owner-avatar')) ? notags(trim($arr['owner-avatar'])) : '');
|
$arr['owner-avatar'] = ((x($arr,'owner-avatar')) ? notags(trim($arr['owner-avatar'])) : '');
|
||||||
$arr['created'] = ((x($arr,'created') !== false) ? datetime_convert('UTC','UTC',$arr['created']) : datetime_convert());
|
$arr['created'] = ((x($arr,'created') !== false) ? datetime_convert('UTC','UTC',$arr['created']) : datetime_convert());
|
||||||
|
@ -1250,8 +1250,8 @@ function item_store($arr,$force_parent = false, $notify = false, $dontcache = fa
|
||||||
$arr['commented'] = ((x($arr,'commented') !== false) ? datetime_convert('UTC','UTC',$arr['commented']) : datetime_convert());
|
$arr['commented'] = ((x($arr,'commented') !== false) ? datetime_convert('UTC','UTC',$arr['commented']) : datetime_convert());
|
||||||
$arr['received'] = ((x($arr,'received') !== false) ? datetime_convert('UTC','UTC',$arr['received']) : datetime_convert());
|
$arr['received'] = ((x($arr,'received') !== false) ? datetime_convert('UTC','UTC',$arr['received']) : datetime_convert());
|
||||||
$arr['changed'] = ((x($arr,'changed') !== false) ? datetime_convert('UTC','UTC',$arr['changed']) : datetime_convert());
|
$arr['changed'] = ((x($arr,'changed') !== false) ? datetime_convert('UTC','UTC',$arr['changed']) : datetime_convert());
|
||||||
$arr['title'] = ((x($arr,'title')) ? notags(trim($arr['title'])) : '');
|
$arr['title'] = ((x($arr,'title')) ? trim($arr['title']) : '');
|
||||||
$arr['location'] = ((x($arr,'location')) ? notags(trim($arr['location'])) : '');
|
$arr['location'] = ((x($arr,'location')) ? trim($arr['location']) : '');
|
||||||
$arr['coord'] = ((x($arr,'coord')) ? notags(trim($arr['coord'])) : '');
|
$arr['coord'] = ((x($arr,'coord')) ? notags(trim($arr['coord'])) : '');
|
||||||
$arr['last-child'] = ((x($arr,'last-child')) ? intval($arr['last-child']) : 0 );
|
$arr['last-child'] = ((x($arr,'last-child')) ? intval($arr['last-child']) : 0 );
|
||||||
$arr['visible'] = ((x($arr,'visible') !== false) ? intval($arr['visible']) : 1 );
|
$arr['visible'] = ((x($arr,'visible') !== false) ? intval($arr['visible']) : 1 );
|
||||||
|
|
|
@ -139,7 +139,7 @@ function dirfind_content(&$a, $prefix = "") {
|
||||||
|
|
||||||
$o .= replace_macros($tpl,array(
|
$o .= replace_macros($tpl,array(
|
||||||
'$url' => zrl($jj->url),
|
'$url' => zrl($jj->url),
|
||||||
'$name' => $jj->name,
|
'$name' => htmlentities($jj->name),
|
||||||
'$photo' => proxy_url($jj->photo, false, PROXY_SIZE_THUMB),
|
'$photo' => proxy_url($jj->photo, false, PROXY_SIZE_THUMB),
|
||||||
'$tags' => $jj->tags,
|
'$tags' => $jj->tags,
|
||||||
'$conntxt' => $conntxt,
|
'$conntxt' => $conntxt,
|
||||||
|
|
|
@ -235,6 +235,8 @@ class Item extends BaseObject {
|
||||||
if ($shareable) $buttons['share'] = array( t('Share this'), t('share'));
|
if ($shareable) $buttons['share'] = array( t('Share this'), t('share'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$comment = $this->get_comment_box($indent);
|
||||||
|
|
||||||
if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0){
|
if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0){
|
||||||
$shiny = 'shiny';
|
$shiny = 'shiny';
|
||||||
}
|
}
|
||||||
|
@ -304,6 +306,10 @@ class Item extends BaseObject {
|
||||||
!diaspora_is_redmatrix($item["owner-link"]) AND isset($buttons["like"]))
|
!diaspora_is_redmatrix($item["owner-link"]) AND isset($buttons["like"]))
|
||||||
unset($buttons["like"]);
|
unset($buttons["like"]);
|
||||||
|
|
||||||
|
// Diaspora doesn't has multithreaded comments
|
||||||
|
if (($item["item_network"] == NETWORK_DIASPORA) AND ($indent == 'comment'))
|
||||||
|
unset($comment);
|
||||||
|
|
||||||
// Facebook can like comments - but it isn't programmed in the connector yet.
|
// Facebook can like comments - but it isn't programmed in the connector yet.
|
||||||
if (($item["item_network"] == NETWORK_FACEBOOK) AND ($indent == 'comment') AND isset($buttons["like"]))
|
if (($item["item_network"] == NETWORK_FACEBOOK) AND ($indent == 'comment') AND isset($buttons["like"]))
|
||||||
unset($buttons["like"]);
|
unset($buttons["like"]);
|
||||||
|
@ -326,7 +332,7 @@ class Item extends BaseObject {
|
||||||
'id' => $this->get_id(),
|
'id' => $this->get_id(),
|
||||||
'guid' => urlencode($item['guid']),
|
'guid' => urlencode($item['guid']),
|
||||||
'linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])),
|
'linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])),
|
||||||
'olinktitle' => sprintf( t('View %s\'s profile @ %s'), $this->get_owner_name(), ((strlen($item['owner-link'])) ? $item['owner-link'] : $item['url'])),
|
'olinktitle' => sprintf( t('View %s\'s profile @ %s'), htmlentities($this->get_owner_name()), ((strlen($item['owner-link'])) ? $item['owner-link'] : $item['url'])),
|
||||||
'to' => t('to'),
|
'to' => t('to'),
|
||||||
'via' => t('via'),
|
'via' => t('via'),
|
||||||
'wall' => t('Wall-to-Wall'),
|
'wall' => t('Wall-to-Wall'),
|
||||||
|
@ -348,7 +354,7 @@ class Item extends BaseObject {
|
||||||
'shiny' => $shiny,
|
'shiny' => $shiny,
|
||||||
'owner_url' => $this->get_owner_url(),
|
'owner_url' => $this->get_owner_url(),
|
||||||
'owner_photo' => proxy_url($this->get_owner_photo(), false, PROXY_SIZE_THUMB),
|
'owner_photo' => proxy_url($this->get_owner_photo(), false, PROXY_SIZE_THUMB),
|
||||||
'owner_name' => $owner_name_e,
|
'owner_name' => htmlentities($owner_name_e),
|
||||||
'plink' => get_plink($item),
|
'plink' => get_plink($item),
|
||||||
'edpost' => ((feature_enabled($conv->get_profile_owner(),'edit_posts')) ? $edpost : ''),
|
'edpost' => ((feature_enabled($conv->get_profile_owner(),'edit_posts')) ? $edpost : ''),
|
||||||
'isstarred' => $isstarred,
|
'isstarred' => $isstarred,
|
||||||
|
@ -361,7 +367,7 @@ class Item extends BaseObject {
|
||||||
'like' => $like,
|
'like' => $like,
|
||||||
'dislike' => $dislike,
|
'dislike' => $dislike,
|
||||||
'switchcomment' => t('Comment'),
|
'switchcomment' => t('Comment'),
|
||||||
'comment' => $this->get_comment_box($indent),
|
'comment' => $comment,
|
||||||
'previewing' => ($conv->is_preview() ? ' preview ' : ''),
|
'previewing' => ($conv->is_preview() ? ' preview ' : ''),
|
||||||
'wait' => t('Please wait'),
|
'wait' => t('Please wait'),
|
||||||
'thread_level' => $thread_level,
|
'thread_level' => $thread_level,
|
||||||
|
|
Loading…
Reference in a new issue