diff --git a/include/conversation.php b/include/conversation.php
index ece5d555a..ed9086307 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -520,10 +520,6 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
$threadsid++;
- $owner_url = '';
- $owner_name = '';
- $sparkle = '';
-
// prevent private email from leaking.
if ($item['network'] === Protocol::MAIL && local_user() != $item['uid']) {
continue;
@@ -540,14 +536,14 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
'network' => $item['author-network'], 'url' => $item['author-link']];
$profile_link = Contact::magicLinkByContact($author);
+ $sparkle = '';
if (strpos($profile_link, 'redir/') === 0) {
$sparkle = ' sparkle';
}
$locate = ['location' => $item['location'], 'coord' => $item['coord'], 'html' => ''];
Hook::callAll('render_location',$locate);
-
- $location = ((strlen($locate['html'])) ? $locate['html'] : render_location_dummy($locate));
+ $location_html = $locate['html'] ?: Strings::escapeHtml($locate['location'] ?: $locate['coord'] ?: '');
localize_item($item);
if ($mode === 'network-new') {
@@ -563,10 +559,6 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
'delete' => DI::l10n()->t('Delete'),
];
- $star = false;
- $isstarred = "unstarred";
-
- $lock = false;
$likebuttons = [
'like' => null,
'dislike' => null,
@@ -577,7 +569,7 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
unset($likebuttons['dislike']);
}
- $body = Item::prepareBody($item, true, $preview);
+ $body_html = Item::prepareBody($item, true, $preview);
list($categories, $folders) = DI::contentItem()->determineCategoriesTerms($item);
@@ -596,13 +588,13 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
'network_icon' => ContactSelector::networkToIcon($item['network'], $item['author-link']),
'linktitle' => DI::l10n()->t('View %s\'s profile @ %s', $profile_name, $item['author-link']),
'profile_url' => $profile_link,
- 'item_photo_menu' => item_photo_menu($item),
+ 'item_photo_menu_html' => item_photo_menu($item),
'name' => $profile_name,
'sparkle' => $sparkle,
- 'lock' => $lock,
+ 'lock' => false,
'thumb' => DI::baseUrl()->remove($item['author-avatar']),
'title' => $title,
- 'body' => $body,
+ 'body_html' => $body_html,
'tags' => $tags['tags'],
'hashtags' => $tags['hashtags'],
'mentions' => $tags['mentions'],
@@ -613,23 +605,23 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
'has_folders' => ((count($folders)) ? 'true' : ''),
'categories' => $categories,
'folders' => $folders,
- 'text' => strip_tags($body),
+ 'text' => strip_tags($body_html),
'localtime' => DateTimeFormat::local($item['created'], 'r'),
'ago' => (($item['app']) ? DI::l10n()->t('%s from %s', Temporal::getRelativeDate($item['created']),$item['app']) : Temporal::getRelativeDate($item['created'])),
- 'location' => $location,
+ 'location_html' => $location_html,
'indent' => '',
- 'owner_name' => $owner_name,
- 'owner_url' => $owner_url,
+ 'owner_name' => '',
+ 'owner_url' => '',
'owner_photo' => DI::baseUrl()->remove($item['owner-avatar']),
'plink' => Item::getPlink($item),
'edpost' => false,
- 'isstarred' => $isstarred,
- 'star' => $star,
+ 'isstarred' => 'unstarred',
+ 'star' => false,
'drop' => $drop,
'vote' => $likebuttons,
- 'like' => '',
- 'dislike' => '',
- 'comment' => '',
+ 'like_html' => '',
+ 'dislike_html' => '',
+ 'comment_html' => '',
'conv' => (($preview) ? '' : ['href'=> 'display/'.$item['guid'], 'title'=> DI::l10n()->t('View in context')]),
'previewing' => $previewing,
'wait' => DI::l10n()->t('Please wait'),
@@ -1504,13 +1496,3 @@ function sort_thr_commented(array $a, array $b)
{
return strcmp($b['commented'], $a['commented']);
}
-
-function render_location_dummy(array $item) {
- if (!empty($item['location']) && !empty($item['location'])) {
- return $item['location'];
- }
-
- if (!empty($item['coord']) && !empty($item['coord'])) {
- return $item['coord'];
- }
-}
diff --git a/mod/item.php b/mod/item.php
index 911a9530c..17f6486f8 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -260,7 +260,7 @@ function item_post(App $a) {
$objecttype = $orig_post['object-type'];
$app = $orig_post['app'];
$categories = $orig_post['file'] ?? '';
- $title = Strings::escapeTags(trim($_REQUEST['title']));
+ $title = trim($_REQUEST['title'] ?? '');
$body = trim($body);
$private = $orig_post['private'];
$pubmail_enabled = $orig_post['pubmail'];
@@ -281,13 +281,13 @@ function item_post(App $a) {
$str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? '';
}
- $title = Strings::escapeTags(trim($_REQUEST['title'] ?? ''));
- $location = Strings::escapeTags(trim($_REQUEST['location'] ?? ''));
- $coord = Strings::escapeTags(trim($_REQUEST['coord'] ?? ''));
- $verb = Strings::escapeTags(trim($_REQUEST['verb'] ?? ''));
- $emailcc = Strings::escapeTags(trim($_REQUEST['emailcc'] ?? ''));
+ $title = trim($_REQUEST['title'] ?? '');
+ $location = trim($_REQUEST['location'] ?? '');
+ $coord = trim($_REQUEST['coord'] ?? '');
+ $verb = trim($_REQUEST['verb'] ?? '');
+ $emailcc = trim($_REQUEST['emailcc'] ?? '');
$body = trim($body);
- $network = Strings::escapeTags(trim(($_REQUEST['network'] ?? '') ?: Protocol::DFRN));
+ $network = trim(($_REQUEST['network'] ?? '') ?: Protocol::DFRN);
$guid = System::createUUID();
$postopts = $_REQUEST['postopts'] ?? '';
diff --git a/src/Object/Post.php b/src/Object/Post.php
index d9f0d44d6..0de7bd072 100644
--- a/src/Object/Post.php
+++ b/src/Object/Post.php
@@ -221,15 +221,14 @@ class Post
$delete = $origin ? DI::l10n()->t('Delete globally') : DI::l10n()->t('Remove locally');
}
- $drop = [
- 'dropping' => $dropping,
- 'pagedrop' => $item['pagedrop'],
- 'select' => DI::l10n()->t('Select'),
- 'delete' => $delete,
- ];
-
- if (!local_user()) {
- $drop = false;
+ $drop = false;
+ if (local_user()) {
+ $drop = [
+ 'dropping' => $dropping,
+ 'pagedrop' => $item['pagedrop'],
+ 'select' => DI::l10n()->t('Select'),
+ 'delete' => $delete,
+ ];
}
$filer = (($conv->getProfileOwner() == local_user() && ($item['uid'] != 0)) ? DI::l10n()->t("save to folder") : false);
@@ -254,7 +253,7 @@ class Post
$locate = ['location' => $item['location'], 'coord' => $item['coord'], 'html' => ''];
Hook::callAll('render_location', $locate);
- $location = ((strlen($locate['html'])) ? $locate['html'] : render_location_dummy($locate));
+ $location_html = $locate['html'] ?: Strings::escapeHtml($locate['location'] ?: $locate['coord'] ?: '');
// process action responses - e.g. like/dislike/attend/agree/whatever
$response_verbs = ['like', 'dislike', 'announce'];
@@ -349,7 +348,7 @@ class Post
}
}
- $comment = $this->getCommentBox($indent);
+ $comment_html = $this->getCommentBox($indent);
if (strcmp(DateTimeFormat::utc($item['created']), DateTimeFormat::utc('now - 12 hours')) > 0) {
$shiny = 'shiny';
@@ -357,23 +356,16 @@ class Post
localize_item($item);
- $body = Item::prepareBody($item, true);
+ $body_html = Item::prepareBody($item, true);
list($categories, $folders) = DI::contentItem()->determineCategoriesTerms($item);
- $body_e = $body;
- $text_e = strip_tags($body);
- $name_e = $profile_name;
-
if (!empty($item['content-warning']) && DI::pConfig()->get(local_user(), 'system', 'disable_cw', false)) {
- $title_e = ucfirst($item['content-warning']);
+ $title = ucfirst($item['content-warning']);
} else {
- $title_e = $item['title'];
+ $title = $item['title'];
}
- $location_e = $location;
- $owner_name_e = $this->getOwnerName();
-
if (DI::pConfig()->get(local_user(), 'system', 'hide_dislike')) {
$buttons['dislike'] = false;
}
@@ -414,8 +406,8 @@ class Post
} elseif (DI::config()->get('debug', 'show_direction')) {
$conversation = DBA::selectFirst('conversation', ['direction'], ['item-uri' => $item['uri']]);
if (!empty($conversation['direction']) && in_array($conversation['direction'], [1, 2])) {
- $title = [1 => DI::l10n()->t('Pushed'), 2 => DI::l10n()->t('Pulled')];
- $direction = ['direction' => $conversation['direction'], 'title' => $title[$conversation['direction']]];
+ $direction_title = [1 => DI::l10n()->t('Pushed'), 2 => DI::l10n()->t('Pulled')];
+ $direction = ['direction' => $conversation['direction'], 'title' => $direction_title[$conversation['direction']]];
}
}
@@ -433,8 +425,8 @@ class Post
'has_folders' => ((count($folders)) ? 'true' : ''),
'categories' => $categories,
'folders' => $folders,
- 'body' => $body_e,
- 'text' => $text_e,
+ 'body_html' => $body_html,
+ 'text' => strip_tags($body_html),
'id' => $this->getId(),
'guid' => urlencode($item['guid']),
'isevent' => $isevent,
@@ -446,24 +438,24 @@ class Post
'wall' => DI::l10n()->t('Wall-to-Wall'),
'vwall' => DI::l10n()->t('via Wall-To-Wall:'),
'profile_url' => $profile_link,
- 'item_photo_menu' => item_photo_menu($item),
- 'name' => $name_e,
+ 'name' => $profile_name,
+ 'item_photo_menu_html' => item_photo_menu($item),
'thumb' => DI::baseUrl()->remove($item['author-avatar']),
'osparkle' => $osparkle,
'sparkle' => $sparkle,
- 'title' => $title_e,
+ 'title' => $title,
'localtime' => DateTimeFormat::local($item['created'], 'r'),
'ago' => $item['app'] ? DI::l10n()->t('%s from %s', $ago, $item['app']) : $ago,
'app' => $item['app'],
'created' => $ago,
'lock' => $lock,
- 'location' => $location_e,
+ 'location_html' => $location_html,
'indent' => $indent,
'shiny' => $shiny,
'owner_self' => $item['author-link'] == Session::get('my_url'),
'owner_url' => $this->getOwnerUrl(),
'owner_photo' => DI::baseUrl()->remove($item['owner-avatar']),
- 'owner_name' => $owner_name_e,
+ 'owner_name' => $this->getOwnerName(),
'plink' => Item::getPlink($item),
'edpost' => $edpost,
'ispinned' => $ispinned,
@@ -476,12 +468,12 @@ class Post
'filer' => $filer,
'drop' => $drop,
'vote' => $buttons,
- 'like' => $responses['like']['output'],
- 'dislike' => $responses['dislike']['output'],
+ 'like_html' => $responses['like']['output'],
+ 'dislike_html' => $responses['dislike']['output'],
'responses' => $responses,
'switchcomment' => DI::l10n()->t('Comment'),
- 'reply_label' => DI::l10n()->t('Reply to %s', $name_e),
- 'comment' => $comment,
+ 'reply_label' => DI::l10n()->t('Reply to %s', $profile_name),
+ 'comment_html' => $comment_html,
'remote_comment' => $remote_comment,
'menu' => DI::l10n()->t('More'),
'previewing' => $conv->isPreview() ? ' preview ' : '',
diff --git a/src/Util/Strings.php b/src/Util/Strings.php
index 1d440c19b..9d4a8212f 100644
--- a/src/Util/Strings.php
+++ b/src/Util/Strings.php
@@ -68,6 +68,7 @@ class Strings
*
* @param string $string Input string
* @return string Filtered string
+ * @deprecated since 2020.09 Please use Smarty default HTML escaping for templates or htmlspecialchars() otherwise
*/
public static function escapeTags($string)
{
diff --git a/view/templates/search_item.tpl b/view/templates/search_item.tpl
index 1a756db8a..4c6dcb722 100644
--- a/view/templates/search_item.tpl
+++ b/view/templates/search_item.tpl
@@ -11,7 +11,7 @@
@@ -19,7 +19,7 @@
{{if $item.lock}}
{{else}}
{{/if}}
-
{{$item.location nofilter}}
+
{{$item.location_html nofilter}}
@@ -30,7 +30,7 @@
{{$item.title}}
-
{{$item.body nofilter}}
+
{{$item.body_html nofilter}}
{{if $item.has_cats}}
diff --git a/view/templates/wall_thread.tpl b/view/templates/wall_thread.tpl
index bd8a1a230..73e99cb1b 100644
--- a/view/templates/wall_thread.tpl
+++ b/view/templates/wall_thread.tpl
@@ -39,7 +39,7 @@
@@ -48,7 +48,7 @@
{{if $item.lock}}
{{else}}
{{/if}}
-
{{$item.location nofilter}}
+
{{$item.location_html nofilter}}
@@ -58,7 +58,7 @@
{{$item.title}}
-
{{$item.body nofilter}}
+ {{$item.body_html nofilter}}
{{if !$item.suppress_tags}}
{{foreach $item.tags as $tag}}
@@ -129,9 +129,9 @@
{{/foreach}}
{{/if}}
{{if $item.threaded}}
- {{if $item.comment}}
+ {{if $item.comment_html}}
{{/if}}
{{/if}}
@@ -144,7 +144,7 @@
{{if $item.flatten}}
{{/if}}
diff --git a/view/theme/frio/templates/search_item.tpl b/view/theme/frio/templates/search_item.tpl
index 2cd231f8f..d7a22927c 100644
--- a/view/theme/frio/templates/search_item.tpl
+++ b/view/theme/frio/templates/search_item.tpl
@@ -66,9 +66,9 @@
{{$item.ago}}
- ({{$item.location nofilter}}) ({{$item.location_html nofilter}})
{{/if}}
@@ -81,7 +81,7 @@
- {{$item.ago}} {{if $item.location}} — ({{$item.location nofilter}}){{/if}}
+ {{$item.ago}} {{if $item.location_html}} — ({{$item.location_html nofilter}}){{/if}}
@@ -96,7 +96,7 @@
{{/if}}
-
{{$item.body nofilter}}
+
{{$item.body_html nofilter}}
@@ -128,7 +128,7 @@
{{* Action buttons to interact with the item (like: like, dislike, share and so on *}}
-
@@ -295,7 +295,7 @@ as the value of $top_child_total (this is done at the end of this file)
{{$item.vote.share.1}}
@@ -422,7 +422,7 @@ as the value of $top_child_total (this is done at the end of this file)
{{/if}}
{{* Button to open the comment text field *}}
- {{if $item.comment}}
+ {{if $item.comment_html}}
@@ -536,9 +536,9 @@ as the value of $top_child_total (this is done at the end of this file)
{{/if}}
{{* Insert comment box of threaded children *}}
- {{if $item.threaded && $item.comment && $item.indent==comment}}
+ {{if $item.threaded && $item.comment_html && $item.indent==comment}}
{{/if}}
@@ -553,13 +553,13 @@ as the value of $top_child_total (this is done at the end of this file)
{{* Insert the comment box of the top level post at the bottom of the thread.
Display this comment box if there are any comments. If not hide it. In this
case it could be opend with the "comment" button *}}
- {{if $item.comment && $item.thread_level==1}}
+ {{if $item.comment_html && $item.thread_level==1}}
{{if $item.total_comments_num}}
{{/if}}
-
+
{{/if}}
{{$item.location nofilter}}
+ {{$item.location_html nofilter}}
{{if $item.title}}
{{/if}}
-
{{$item.body nofilter}}
+
{{$item.body_html nofilter}}
@@ -82,8 +82,8 @@
-
{{$item.like nofilter}}
-
{{$item.dislike nofilter}}
+
{{$item.like_html nofilter}}
+
{{$item.dislike_html nofilter}}
{{if $item.conv}}
{{$item.conv.title}}
diff --git a/view/theme/quattro/templates/wall_item_tag.tpl b/view/theme/quattro/templates/wall_item_tag.tpl
index cb4b89015..71c7e0844 100644
--- a/view/theme/quattro/templates/wall_item_tag.tpl
+++ b/view/theme/quattro/templates/wall_item_tag.tpl
@@ -30,14 +30,14 @@
-
{{$item.location nofilter}}
+
{{$item.location_html nofilter}}
- {{$item.ago}} {{$item.body nofilter}}
+ {{$item.ago}} {{$item.body_html nofilter}}
{{if $item.drop.pagedrop}}
@@ -58,10 +58,10 @@
{{/if}}
{{* top thread comment box *}}
-{{if $item.threaded}}{{if $item.comment}}{{if $item.thread_level==1}}
-
+{{if $item.threaded}}{{if $item.comment_html}}{{if $item.thread_level==1}}
+
{{/if}}{{/if}}{{/if}}
{{if $item.flatten}}
-
+
{{/if}}
diff --git a/view/theme/quattro/templates/wall_thread.tpl b/view/theme/quattro/templates/wall_thread.tpl
index 21de7db2d..a97a0cc5e 100644
--- a/view/theme/quattro/templates/wall_thread.tpl
+++ b/view/theme/quattro/templates/wall_thread.tpl
@@ -39,7 +39,7 @@
@@ -50,11 +50,11 @@
{{/if}}
- {{$item.location nofilter}}
+ {{$item.location_html nofilter}}
{{if $item.title}}
{{/if}}
-
{{$item.body nofilter}}
+
{{$item.body_html nofilter}}
@@ -161,11 +161,11 @@
{{/if}}
- {{if $item.threaded}}{{if $item.comment}}{{if $item.indent==comment}}
+ {{if $item.threaded}}{{if $item.comment_html}}{{if $item.indent==comment}}
{{/if}}{{/if}}{{/if}}
@@ -189,11 +189,11 @@
{{/if}}
{{* top thread comment box *}}
-{{if $item.threaded}}{{if $item.comment}}{{if $item.thread_level==1}}
-
+{{if $item.threaded}}{{if $item.comment_html}}{{if $item.thread_level==1}}
+
{{/if}}{{/if}}{{/if}}
{{if $item.flatten}}
-
+
{{/if}}
diff --git a/view/theme/smoothly/templates/search_item.tpl b/view/theme/smoothly/templates/search_item.tpl
index b3ae01eb4..5d0764de4 100644
--- a/view/theme/smoothly/templates/search_item.tpl
+++ b/view/theme/smoothly/templates/search_item.tpl
@@ -10,12 +10,12 @@
- {{if $item.location}}
+ {{if $item.location_html}}
{{if $item.lock}}
@@ -31,7 +31,7 @@
{{$item.title}}
-
{{$item.body nofilter}}
+
{{$item.body_html nofilter}}
{{$item.name}}
diff --git a/view/theme/smoothly/templates/wall_thread.tpl b/view/theme/smoothly/templates/wall_thread.tpl
index 4ff34aed1..c9f258f6f 100644
--- a/view/theme/smoothly/templates/wall_thread.tpl
+++ b/view/theme/smoothly/templates/wall_thread.tpl
@@ -31,13 +31,13 @@
-
{{if $item.location}}
+
{{if $item.location_html}}
{{if $item.lock}}
@@ -62,7 +62,7 @@
{{$item.title}}
- {{$item.body nofilter}}
+
{{$item.body_html nofilter}}
{{if !$item.suppress_tags}}
{{foreach $item.tags as $tag}}
@@ -143,13 +143,13 @@
-
{{$item.like nofilter}}
-
{{$item.dislike nofilter}}
+
{{$item.like_html nofilter}}
+
{{$item.dislike_html nofilter}}
{{if $item.threaded}}
- {{if $item.comment}}
+ {{if $item.comment_html}}
{{/if}}
{{/if}}
@@ -163,7 +163,7 @@
{{if $item.flatten}}
{{/if}}
diff --git a/view/theme/vier/templates/search_item.tpl b/view/theme/vier/templates/search_item.tpl
index 1da18b086..fd3a0a536 100644
--- a/view/theme/vier/templates/search_item.tpl
+++ b/view/theme/vier/templates/search_item.tpl
@@ -16,7 +16,7 @@
{{if $item.title}}
{{/if}}
-
{{$item.body nofilter}}
+
{{$item.body_html nofilter}}
@@ -51,7 +51,7 @@
-
{{$item.location nofilter}}
+
{{$item.location_html nofilter}}
{{if $item.star}}
@@ -89,7 +89,7 @@
-
{{$item.like nofilter}}
-
{{$item.dislike nofilter}}
+
{{$item.like_html nofilter}}
+
{{$item.dislike_html nofilter}}
{{$item.location nofilter}}
+ {{$item.location_html nofilter}}
- {{$item.ago}} {{$item.body nofilter}}
+ {{$item.ago}} {{$item.body_html nofilter}}
@@ -74,7 +74,7 @@
{{if $item.title}}
{{/if}}
-
{{$item.body nofilter}}
+
{{$item.body_html nofilter}}
@@ -109,7 +109,7 @@
{{/if}}
- {{if $item.comment}}
+ {{if $item.comment_html}}
{{/if}}
@@ -150,7 +150,7 @@
{{/if}}
{{$item.location nofilter}} {{$item.postopts}}
+ {{$item.location_html nofilter}} {{$item.postopts}}
@@ -181,12 +181,12 @@
- {{if $item.threaded}}{{if $item.comment}}
+ {{if $item.threaded}}{{if $item.comment_html}}
{{/if}}{{/if}}
@@ -210,19 +210,19 @@
{{/if}}
{{if $item.total_comments_num}}
- {{if $item.threaded}}{{if $item.comment}}{{if $item.thread_level==1}}
-
+ {{if $item.threaded}}{{if $item.comment_html}}{{if $item.thread_level==1}}
+
{{/if}}{{/if}}{{/if}}
{{if $item.flatten}}
-
+
{{/if}}
{{else}}
- {{if $item.threaded}}{{if $item.comment}}{{if $item.thread_level==1}}
-
+ {{if $item.threaded}}{{if $item.comment_html}}{{if $item.thread_level==1}}
+
{{/if}}{{/if}}{{/if}}
{{if $item.flatten}}
-
+
{{/if}}
{{/if}}
