bitPickups/friendica_2020-09-1_sharedHosting
1
0
Fork 0
Code Pull requests Activity

Add htmlentities to protect nick/addr in acl_lookup

Browse source
This commit is contained in:
Hypolite Petovan 2017-04-13 18:33:40 -04:00
parent 96b1a00e91
commit bffd3f2304
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/acl_selectors.php
View file

@ -639,13 +639,13 @@ function acl_lookup(App $a, $out_type = 'json') {
if (count($contact) > 0) {
$unknown_contacts[] = array(
'type' => 'cu',
'type' => 'c',
'photo' => proxy_url($contact['micro'], false, PROXY_SIZE_MICRO),
'name' => htmlentities($contact['name']),
'id' => intval($contact['cid']),
'network' => $contact['network'],
'link' => $contact['url'],
'nick' => $contact['nick'] ? : $contact['addr'],
'nick' => htmlentities($contact['nick'] ? : $contact['addr']),
'forum' => $contact['forum']
);
}