Bugfix: The contact names had to be escaped
This commit is contained in:
Michael Vogel
parent
1f0b759e2f
commit
61c3ce7a21
11 changed files with 64 additions and 44 deletions
|
|
@ -21,7 +21,7 @@ function allfriends_content(&$a) {
|
|||
);
|
||||
|
||||
$vcard_widget .= replace_macros(get_markup_template("vcard-widget.tpl"),array(
|
||||
'$name' => $c[0]['name'],
|
||||
'$name' => htmlentities($c[0]['name']),
|
||||
'$photo' => $c[0]['photo'],
|
||||
'url' => z_root() . '/contacts/' . $cid
|
||||
));
|
||||
|
|
@ -34,7 +34,7 @@ function allfriends_content(&$a) {
|
|||
return;
|
||||
|
||||
$o .= replace_macros(get_markup_template("section_title.tpl"),array(
|
||||
'$title' => sprintf( t('Friends of %s'), $c[0]['name'])
|
||||
'$title' => sprintf( t('Friends of %s'), htmlentities($c[0]['name']))
|
||||
));
|
||||
|
||||
|
||||
|
|
@ -48,10 +48,10 @@ function allfriends_content(&$a) {
|
|||
$tpl = get_markup_template('common_friends.tpl');
|
||||
|
||||
foreach($r as $rr) {
|
||||
|
||||
|
||||
$o .= replace_macros($tpl,array(
|
||||
'$url' => $rr['url'],
|
||||
'$name' => $rr['name'],
|
||||
'$name' => htmlentities($rr['name']),
|
||||
'$photo' => $rr['photo'],
|
||||
'$tags' => ''
|
||||
));
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ function common_content(&$a) {
|
|||
if(! $uid)
|
||||
return;
|
||||
|
||||
if($cmd === 'loc' && $cid) {
|
||||
if($cmd === 'loc' && $cid) {
|
||||
$c = q("select name, url, photo from contact where id = %d and uid = %d limit 1",
|
||||
intval($cid),
|
||||
intval($uid)
|
||||
|
|
@ -26,10 +26,10 @@ function common_content(&$a) {
|
|||
$c = q("select name, url, photo from contact where self = 1 and uid = %d limit 1",
|
||||
intval($uid)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
$vcard_widget .= replace_macros(get_markup_template("vcard-widget.tpl"),array(
|
||||
'$name' => $c[0]['name'],
|
||||
'$name' => htmlentities($c[0]['name']),
|
||||
'$photo' => $c[0]['photo'],
|
||||
'url' => z_root() . '/contacts/' . $cid
|
||||
));
|
||||
|
|
@ -97,10 +97,10 @@ function common_content(&$a) {
|
|||
$tpl = get_markup_template('common_friends.tpl');
|
||||
|
||||
foreach($r as $rr) {
|
||||
|
||||
|
||||
$o .= replace_macros($tpl,array(
|
||||
'$url' => $rr['url'],
|
||||
'$name' => $rr['name'],
|
||||
'$name' => htmlentities($rr['name']),
|
||||
'$photo' => $rr['photo'],
|
||||
'$tags' => ''
|
||||
));
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ function contacts_init(&$a) {
|
|||
if($contact_id) {
|
||||
$a->data['contact'] = $r[0];
|
||||
$vcard_widget = replace_macros(get_markup_template("vcard-widget.tpl"),array(
|
||||
'$name' => $a->data['contact']['name'],
|
||||
'$name' => htmlentities($a->data['contact']['name']),
|
||||
'$photo' => $a->data['contact']['photo'],
|
||||
'$url' => ($a->data['contact']['network'] == NETWORK_DFRN) ? $a->get_baseurl()."/redir/".$a->data['contact']['id'] : $a->data['contact']['url']
|
||||
));
|
||||
|
|
@ -432,7 +432,7 @@ function contacts_content(&$a) {
|
|||
}
|
||||
|
||||
$a->page['aside'] = '';
|
||||
|
||||
|
||||
return replace_macros(get_markup_template('contact_drop_confirm.tpl'), array(
|
||||
'$contact' => _contact_detail_for_template($orig_record[0]),
|
||||
'$method' => 'get',
|
||||
|
|
@ -509,7 +509,7 @@ function contacts_content(&$a) {
|
|||
if(!in_array($contact['network'], array(NETWORK_DFRN, NETWORK_OSTATUS, NETWORK_DIASPORA)))
|
||||
$relation_text = "";
|
||||
|
||||
$relation_text = sprintf($relation_text,$contact['name']);
|
||||
$relation_text = sprintf($relation_text,htmlentities($contact['name']));
|
||||
|
||||
if(($contact['network'] === NETWORK_DFRN) && ($contact['rel'])) {
|
||||
$url = "redir/{$contact['id']}";
|
||||
|
|
@ -632,7 +632,7 @@ function contacts_content(&$a) {
|
|||
'$ffi_keyword_blacklist' => $contact['ffi_keyword_blacklist'],
|
||||
'$ffi_keyword_blacklist' => array('ffi_keyword_blacklist', t('Blacklisted keywords'), $contact['ffi_keyword_blacklist'], t('Comma separated list of keywords that should not be converted to hashtags, when "Fetch information and keywords" is selected')),
|
||||
'$photo' => $contact['photo'],
|
||||
'$name' => $contact['name'],
|
||||
'$name' => htmlentities($contact['name']),
|
||||
'$dir_icon' => $dir_icon,
|
||||
'$alt_text' => $alt_text,
|
||||
'$sparkle' => $sparkle,
|
||||
|
|
@ -842,8 +842,8 @@ function _contact_detail_for_template($rr){
|
|||
'alt_text' => $alt_text,
|
||||
'dir_icon' => $dir_icon,
|
||||
'thumb' => proxy_url($rr['thumb'], false, PROXY_SIZE_THUMB),
|
||||
'name' => $rr['name'],
|
||||
'username' => $rr['name'],
|
||||
'name' => htmlentities($rr['name']),
|
||||
'username' => htmlentities($rr['name']),
|
||||
'sparkle' => $sparkle,
|
||||
'itemurl' => $rr['url'],
|
||||
'url' => $url,
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ function crepair_init(&$a) {
|
|||
$a->data['contact'] = $r[0];
|
||||
$tpl = get_markup_template("vcard-widget.tpl");
|
||||
$vcard_widget .= replace_macros($tpl, array(
|
||||
'$name' => $a->data['contact']['name'],
|
||||
'$name' => htmlentities($a->data['contact']['name']),
|
||||
'$photo' => $a->data['contact']['photo']
|
||||
));
|
||||
$a->page['aside'] .= $vcard_widget;
|
||||
|
|
@ -179,8 +179,8 @@ function crepair_content(&$a) {
|
|||
'$label_remote_self' => t('Remote Self'),
|
||||
'$allow_remote_self' => $allow_remote_self,
|
||||
'$remote_self' => array('remote_self', t('Mirror postings from this contact'), $contact['remote_self'], t('Mark this contact as remote_self, this will cause friendica to repost new entries from this contact.'), $remote_self_options),
|
||||
'$contact_name' => $contact['name'],
|
||||
'$contact_nick' => $contact['nick'],
|
||||
'$contact_name' => htmlentities($contact['name']),
|
||||
'$contact_nick' => htmlentities($contact['nick']),
|
||||
'$contact_id' => $contact['id'],
|
||||
'$contact_url' => $contact['url'],
|
||||
'$request' => $contact['request'],
|
||||
|
|
|
|||
|
|
@ -568,14 +568,14 @@ function network_content(&$a, $update = 0) {
|
|||
intval($cid)
|
||||
);
|
||||
if(count($r)) {
|
||||
$sql_post_table = " INNER JOIN (SELECT DISTINCT(`parent`) FROM `item`
|
||||
WHERE 1 $sql_options AND `contact-id` = ".intval($cid)." and deleted = 0
|
||||
ORDER BY `item`.`received` DESC) AS `temp1`
|
||||
$sql_post_table = " INNER JOIN (SELECT DISTINCT(`parent`) FROM `item`
|
||||
WHERE 1 $sql_options AND `contact-id` = ".intval($cid)." and deleted = 0
|
||||
ORDER BY `item`.`received` DESC) AS `temp1`
|
||||
ON $sql_table.$sql_parent = `temp1`.`parent` ";
|
||||
$sql_extra = "";
|
||||
|
||||
$o = replace_macros(get_markup_template("section_title.tpl"),array(
|
||||
'$title' => sprintf( t('Contact: %s'), $r[0]['name'])
|
||||
'$title' => sprintf( t('Contact: %s'), htmlentities($r[0]['name']))
|
||||
)) . $o;
|
||||
|
||||
if($r[0]['network'] === NETWORK_OSTATUS && $r[0]['writable'] && (! get_pconfig(local_user(),'system','nowarn_insecure'))) {
|
||||
|
|
|
|||
|
|
@ -63,8 +63,8 @@ function viewcontacts_content(&$a) {
|
|||
'id' => $rr['id'],
|
||||
'img_hover' => sprintf( t('Visit %s\'s profile [%s]'), $rr['name'], $rr['url']),
|
||||
'thumb' => proxy_url($rr['thumb'], false, PROXY_SIZE_THUMB),
|
||||
'name' => substr($rr['name'],0,20),
|
||||
'username' => $rr['name'],
|
||||
'name' => htmlentities(substr($rr['name'],0,20)),
|
||||
'username' => htmlentities($rr['name']),
|
||||
'url' => $url,
|
||||
'sparkle' => '',
|
||||
'itemurl' => $rr['url'],
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue