Merge pull request #1948 from annando/1510-more-escaping
Handling contact names with > and <
This commit is contained in:
		
				commit
				
					
						9e2b62b082
					
				
			
		
					 5 changed files with 23 additions and 18 deletions
				
			
		|  | @ -392,7 +392,6 @@ function acl_lookup(&$a, $out_type = 'json') { | ||||||
| 	if(!local_user()) | 	if(!local_user()) | ||||||
| 		return ""; | 		return ""; | ||||||
| 
 | 
 | ||||||
| 
 |  | ||||||
| 	$start = (x($_REQUEST,'start')?$_REQUEST['start']:0); | 	$start = (x($_REQUEST,'start')?$_REQUEST['start']:0); | ||||||
| 	$count = (x($_REQUEST,'count')?$_REQUEST['count']:100); | 	$count = (x($_REQUEST,'count')?$_REQUEST['count']:100); | ||||||
| 	$search = (x($_REQUEST,'search')?$_REQUEST['search']:""); | 	$search = (x($_REQUEST,'search')?$_REQUEST['search']:""); | ||||||
|  | @ -492,7 +491,7 @@ function acl_lookup(&$a, $out_type = 'json') { | ||||||
| 			$groups[] = array( | 			$groups[] = array( | ||||||
| 				"type"  => "g", | 				"type"  => "g", | ||||||
| 				"photo" => "images/twopeople.png", | 				"photo" => "images/twopeople.png", | ||||||
| 				"name"  => $g['name'], | 				"name"  => htmlentities($g['name']), | ||||||
| 				"id"	=> intval($g['id']), | 				"id"	=> intval($g['id']), | ||||||
| 				"uids"  => array_map("intval", explode(",",$g['uids'])), | 				"uids"  => array_map("intval", explode(",",$g['uids'])), | ||||||
| 				"link"  => '', | 				"link"  => '', | ||||||
|  | @ -547,7 +546,7 @@ function acl_lookup(&$a, $out_type = 'json') { | ||||||
| 			foreach($r as $g) { | 			foreach($r as $g) { | ||||||
| 				$x['photos'][] = proxy_url($g['micro'], false, PROXY_SIZE_MICRO); | 				$x['photos'][] = proxy_url($g['micro'], false, PROXY_SIZE_MICRO); | ||||||
| 				$x['links'][] = $g['url']; | 				$x['links'][] = $g['url']; | ||||||
| 				$x['suggestions'][] = $g['name']; | 				$x['suggestions'][] = htmlentities($g['name']); | ||||||
| 				$x['data'][] = intval($g['id']); | 				$x['data'][] = intval($g['id']); | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
|  | @ -560,11 +559,11 @@ function acl_lookup(&$a, $out_type = 'json') { | ||||||
| 			$contacts[] = array( | 			$contacts[] = array( | ||||||
| 				"type"  => "c", | 				"type"  => "c", | ||||||
| 				"photo" => proxy_url($g['micro'], false, PROXY_SIZE_MICRO), | 				"photo" => proxy_url($g['micro'], false, PROXY_SIZE_MICRO), | ||||||
| 				"name"  => $g['name'], | 				"name"  => htmlentities($g['name']), | ||||||
| 				"id"	=> intval($g['id']), | 				"id"	=> intval($g['id']), | ||||||
| 				"network" => $g['network'], | 				"network" => $g['network'], | ||||||
| 				"link" => $g['url'], | 				"link" => $g['url'], | ||||||
| 				"nick" => ($g['attag']) ? $g['attag'] : $g['nick'], | 				"nick" => htmlentities(($g['attag']) ? $g['attag'] : $g['nick']), | ||||||
| 				"forum" => $g['forum'] | 				"forum" => $g['forum'] | ||||||
| 			); | 			); | ||||||
| 		} | 		} | ||||||
|  | @ -605,11 +604,11 @@ function acl_lookup(&$a, $out_type = 'json') { | ||||||
| 				$unknow_contacts[] = array( | 				$unknow_contacts[] = array( | ||||||
| 					"type"  => "c", | 					"type"  => "c", | ||||||
| 					"photo" => proxy_url($row['author-avatar'], false, PROXY_SIZE_MICRO), | 					"photo" => proxy_url($row['author-avatar'], false, PROXY_SIZE_MICRO), | ||||||
| 					"name"  => $row['author-name'], | 					"name"  => htmlentities($row['author-name']), | ||||||
| 					"id"	=> '', | 					"id"	=> '', | ||||||
| 					"network" => "unknown", | 					"network" => "unknown", | ||||||
| 					"link" => $row['author-link'], | 					"link" => $row['author-link'], | ||||||
| 					"nick" => $nick, | 					"nick" => htmlentities($nick), | ||||||
| 					"forum" => false | 					"forum" => false | ||||||
| 				); | 				); | ||||||
| 			} | 			} | ||||||
|  |  | ||||||
|  | @ -942,7 +942,7 @@ function like_puller($a,$item,&$arr,$mode) { | ||||||
| 			$arr[$item['thr-parent']] = 1; | 			$arr[$item['thr-parent']] = 1; | ||||||
| 		else | 		else | ||||||
| 			$arr[$item['thr-parent']] ++; | 			$arr[$item['thr-parent']] ++; | ||||||
| 		$arr[$item['thr-parent'] . '-l'][] = '<a href="'. $url . '"'. $sparkle .'>' . $item['author-name'] . '</a>'; | 		$arr[$item['thr-parent'] . '-l'][] = '<a href="'. $url . '"'. $sparkle .'>' . htmlentities($item['author-name']) . '</a>'; | ||||||
| 	} | 	} | ||||||
| 	return; | 	return; | ||||||
| }} | }} | ||||||
|  | @ -958,7 +958,7 @@ if(! function_exists('format_like')) { | ||||||
| function format_like($cnt,$arr,$type,$id) { | function format_like($cnt,$arr,$type,$id) { | ||||||
| 	$o = ''; | 	$o = ''; | ||||||
| 	if($cnt == 1) | 	if($cnt == 1) | ||||||
| 		$o .= (($type === 'like') ? sprintf( t('%s likes this.'), $arr[0]) : sprintf( t('%s doesn\'t like this.'), $arr[0])) . EOL ; | 		$o .= (($type === 'like') ? sprintf( t('%s likes this.'), $arr[0]) : sprintf( t('%s doesn\'t like this.'), $arr[0])) . EOL; | ||||||
| 	else { | 	else { | ||||||
| 		$spanatts = "class=\"fakelink\" onclick=\"openClose('{$type}list-$id');\""; | 		$spanatts = "class=\"fakelink\" onclick=\"openClose('{$type}list-$id');\""; | ||||||
| 		switch($type) { | 		switch($type) { | ||||||
|  |  | ||||||
|  | @ -1239,10 +1239,10 @@ function item_store($arr,$force_parent = false, $notify = false, $dontcache = fa | ||||||
| 	$arr['guid']          = ((x($arr,'guid'))          ? notags(trim($arr['guid']))          : get_guid(32, $guid_prefix)); | 	$arr['guid']          = ((x($arr,'guid'))          ? notags(trim($arr['guid']))          : get_guid(32, $guid_prefix)); | ||||||
| 	$arr['uri']           = ((x($arr,'uri'))           ? notags(trim($arr['uri']))           : $arr['guid']); | 	$arr['uri']           = ((x($arr,'uri'))           ? notags(trim($arr['uri']))           : $arr['guid']); | ||||||
| 	$arr['extid']         = ((x($arr,'extid'))         ? notags(trim($arr['extid']))         : ''); | 	$arr['extid']         = ((x($arr,'extid'))         ? notags(trim($arr['extid']))         : ''); | ||||||
| 	$arr['author-name']   = ((x($arr,'author-name'))   ? notags(trim($arr['author-name']))   : ''); | 	$arr['author-name']   = ((x($arr,'author-name'))   ? trim($arr['author-name'])   : ''); | ||||||
| 	$arr['author-link']   = ((x($arr,'author-link'))   ? notags(trim($arr['author-link']))   : ''); | 	$arr['author-link']   = ((x($arr,'author-link'))   ? notags(trim($arr['author-link']))   : ''); | ||||||
| 	$arr['author-avatar'] = ((x($arr,'author-avatar')) ? notags(trim($arr['author-avatar'])) : ''); | 	$arr['author-avatar'] = ((x($arr,'author-avatar')) ? notags(trim($arr['author-avatar'])) : ''); | ||||||
| 	$arr['owner-name']    = ((x($arr,'owner-name'))    ? notags(trim($arr['owner-name']))    : ''); | 	$arr['owner-name']    = ((x($arr,'owner-name'))    ? trim($arr['owner-name'])    : ''); | ||||||
| 	$arr['owner-link']    = ((x($arr,'owner-link'))    ? notags(trim($arr['owner-link']))    : ''); | 	$arr['owner-link']    = ((x($arr,'owner-link'))    ? notags(trim($arr['owner-link']))    : ''); | ||||||
| 	$arr['owner-avatar']  = ((x($arr,'owner-avatar'))  ? notags(trim($arr['owner-avatar']))  : ''); | 	$arr['owner-avatar']  = ((x($arr,'owner-avatar'))  ? notags(trim($arr['owner-avatar']))  : ''); | ||||||
| 	$arr['created']       = ((x($arr,'created') !== false) ? datetime_convert('UTC','UTC',$arr['created']) : datetime_convert()); | 	$arr['created']       = ((x($arr,'created') !== false) ? datetime_convert('UTC','UTC',$arr['created']) : datetime_convert()); | ||||||
|  | @ -1250,8 +1250,8 @@ function item_store($arr,$force_parent = false, $notify = false, $dontcache = fa | ||||||
| 	$arr['commented']     = ((x($arr,'commented')  !== false) ? datetime_convert('UTC','UTC',$arr['commented'])  : datetime_convert()); | 	$arr['commented']     = ((x($arr,'commented')  !== false) ? datetime_convert('UTC','UTC',$arr['commented'])  : datetime_convert()); | ||||||
| 	$arr['received']      = ((x($arr,'received')  !== false) ? datetime_convert('UTC','UTC',$arr['received'])  : datetime_convert()); | 	$arr['received']      = ((x($arr,'received')  !== false) ? datetime_convert('UTC','UTC',$arr['received'])  : datetime_convert()); | ||||||
| 	$arr['changed']       = ((x($arr,'changed')  !== false) ? datetime_convert('UTC','UTC',$arr['changed'])  : datetime_convert()); | 	$arr['changed']       = ((x($arr,'changed')  !== false) ? datetime_convert('UTC','UTC',$arr['changed'])  : datetime_convert()); | ||||||
| 	$arr['title']         = ((x($arr,'title'))         ? notags(trim($arr['title']))         : ''); | 	$arr['title']         = ((x($arr,'title'))         ? trim($arr['title'])         : ''); | ||||||
| 	$arr['location']      = ((x($arr,'location'))      ? notags(trim($arr['location']))      : ''); | 	$arr['location']      = ((x($arr,'location'))      ? trim($arr['location'])      : ''); | ||||||
| 	$arr['coord']         = ((x($arr,'coord'))         ? notags(trim($arr['coord']))         : ''); | 	$arr['coord']         = ((x($arr,'coord'))         ? notags(trim($arr['coord']))         : ''); | ||||||
| 	$arr['last-child']    = ((x($arr,'last-child'))    ? intval($arr['last-child'])          : 0 ); | 	$arr['last-child']    = ((x($arr,'last-child'))    ? intval($arr['last-child'])          : 0 ); | ||||||
| 	$arr['visible']       = ((x($arr,'visible') !== false) ? intval($arr['visible'])         : 1 ); | 	$arr['visible']       = ((x($arr,'visible') !== false) ? intval($arr['visible'])         : 1 ); | ||||||
|  |  | ||||||
|  | @ -139,7 +139,7 @@ function dirfind_content(&$a, $prefix = "") { | ||||||
| 
 | 
 | ||||||
| 				$o .= replace_macros($tpl,array( | 				$o .= replace_macros($tpl,array( | ||||||
| 					'$url' => zrl($jj->url), | 					'$url' => zrl($jj->url), | ||||||
| 					'$name' => $jj->name, | 					'$name' => htmlentities($jj->name), | ||||||
| 					'$photo' => proxy_url($jj->photo, false, PROXY_SIZE_THUMB), | 					'$photo' => proxy_url($jj->photo, false, PROXY_SIZE_THUMB), | ||||||
| 					'$tags' => $jj->tags, | 					'$tags' => $jj->tags, | ||||||
| 					'$conntxt' => $conntxt, | 					'$conntxt' => $conntxt, | ||||||
|  |  | ||||||
|  | @ -235,6 +235,8 @@ class Item extends BaseObject { | ||||||
| 			if ($shareable) $buttons['share'] = array( t('Share this'), t('share')); | 			if ($shareable) $buttons['share'] = array( t('Share this'), t('share')); | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
|  | 		$comment = $this->get_comment_box($indent); | ||||||
|  | 
 | ||||||
| 		if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0){ | 		if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0){ | ||||||
| 			$shiny = 'shiny'; | 			$shiny = 'shiny'; | ||||||
| 		} | 		} | ||||||
|  | @ -304,6 +306,10 @@ class Item extends BaseObject { | ||||||
| 			!diaspora_is_redmatrix($item["owner-link"]) AND isset($buttons["like"])) | 			!diaspora_is_redmatrix($item["owner-link"]) AND isset($buttons["like"])) | ||||||
| 			unset($buttons["like"]); | 			unset($buttons["like"]); | ||||||
| 
 | 
 | ||||||
|  | 		// Diaspora doesn't has multithreaded comments
 | ||||||
|  | 		if (($item["item_network"] == NETWORK_DIASPORA) AND ($indent == 'comment')) | ||||||
|  | 			unset($comment); | ||||||
|  | 
 | ||||||
| 		// Facebook can like comments - but it isn't programmed in the connector yet.
 | 		// Facebook can like comments - but it isn't programmed in the connector yet.
 | ||||||
| 		if (($item["item_network"] == NETWORK_FACEBOOK) AND ($indent == 'comment') AND isset($buttons["like"])) | 		if (($item["item_network"] == NETWORK_FACEBOOK) AND ($indent == 'comment') AND isset($buttons["like"])) | ||||||
| 			unset($buttons["like"]); | 			unset($buttons["like"]); | ||||||
|  | @ -326,7 +332,7 @@ class Item extends BaseObject { | ||||||
| 			'id' => $this->get_id(), | 			'id' => $this->get_id(), | ||||||
| 			'guid' => urlencode($item['guid']), | 			'guid' => urlencode($item['guid']), | ||||||
| 			'linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])), | 			'linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])), | ||||||
| 			'olinktitle' => sprintf( t('View %s\'s profile @ %s'), $this->get_owner_name(), ((strlen($item['owner-link'])) ? $item['owner-link'] : $item['url'])), | 			'olinktitle' => sprintf( t('View %s\'s profile @ %s'), htmlentities($this->get_owner_name()), ((strlen($item['owner-link'])) ? $item['owner-link'] : $item['url'])), | ||||||
| 			'to' => t('to'), | 			'to' => t('to'), | ||||||
| 			'via' => t('via'), | 			'via' => t('via'), | ||||||
| 			'wall' => t('Wall-to-Wall'), | 			'wall' => t('Wall-to-Wall'), | ||||||
|  | @ -348,7 +354,7 @@ class Item extends BaseObject { | ||||||
| 			'shiny' => $shiny, | 			'shiny' => $shiny, | ||||||
| 			'owner_url' => $this->get_owner_url(), | 			'owner_url' => $this->get_owner_url(), | ||||||
| 			'owner_photo' => proxy_url($this->get_owner_photo(), false, PROXY_SIZE_THUMB), | 			'owner_photo' => proxy_url($this->get_owner_photo(), false, PROXY_SIZE_THUMB), | ||||||
| 			'owner_name' => $owner_name_e, | 			'owner_name' => htmlentities($owner_name_e), | ||||||
| 			'plink' => get_plink($item), | 			'plink' => get_plink($item), | ||||||
| 			'edpost'    => ((feature_enabled($conv->get_profile_owner(),'edit_posts')) ? $edpost : ''), | 			'edpost'    => ((feature_enabled($conv->get_profile_owner(),'edit_posts')) ? $edpost : ''), | ||||||
| 			'isstarred' => $isstarred, | 			'isstarred' => $isstarred, | ||||||
|  | @ -361,7 +367,7 @@ class Item extends BaseObject { | ||||||
| 			'like' => $like, | 			'like' => $like, | ||||||
|                         'dislike'   => $dislike, |                         'dislike'   => $dislike, | ||||||
| 			'switchcomment' => t('Comment'), | 			'switchcomment' => t('Comment'), | ||||||
| 			'comment' => $this->get_comment_box($indent), | 			'comment' => $comment, | ||||||
| 			'previewing' => ($conv->is_preview() ? ' preview ' : ''), | 			'previewing' => ($conv->is_preview() ? ' preview ' : ''), | ||||||
| 			'wait' => t('Please wait'), | 			'wait' => t('Please wait'), | ||||||
| 			'thread_level' => $thread_level, | 			'thread_level' => $thread_level, | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue