diff --git a/include/conversation.php b/include/conversation.php index 7cea54db..b7fba915 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -485,7 +485,7 @@ function conversation(&$a, $items, $mode, $update) { $tmp_item = replace_macros($template,array( - '$body' => $body, + '$body' => template_escape($body), '$id' => $item['item_id'], '$linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])), '$olinktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['owner-link'])) ? $item['owner-link'] : $item['url'])), @@ -494,18 +494,18 @@ function conversation(&$a, $items, $mode, $update) { '$vwall' => t('via Wall-To-Wall:'), '$profile_url' => $profile_link, '$item_photo_menu' => item_photo_menu($item), - '$name' => $profile_name, + '$name' => template_escape($profile_name), '$thumb' => $profile_avatar, '$osparkle' => $osparkle, '$sparkle' => $sparkle, - '$title' => $item['title'], + '$title' => template_escape($item['title']), '$ago' => ((($item['app']) && ($item['id'] == $item['parent'])) ? sprintf( t('%s from %s'),relative_date($item['created']),$item['app']) : relative_date($item['created'])), '$lock' => $lock, - '$location' => $location, + '$location' => template_escape($location), '$indent' => $indent, '$owner_url' => $owner_url, '$owner_photo' => $owner_photo, - '$owner_name' => $owner_name, + '$owner_name' => template_escape($owner_name), '$plink' => get_plink($item), '$edpost' => $edpost, '$star' => $star, diff --git a/include/template_processor.php b/include/template_processor.php index dc5c24de..90452dac 100644 --- a/include/template_processor.php +++ b/include/template_processor.php @@ -196,8 +196,26 @@ $os=$s; $count++; $s = str_replace($this->search,$this->replace, $s); } - return $s; + return template_unescape($s); } } $t = new Template; + + + + +function template_escape($s) { + + return str_replace(array('$','{{'),array('!_Doll^Ars1Az_!','!_DoubLe^BraceS4Rw_!'),$s); + + +} + +function template_unescape($s) { + + return str_replace(array('!_Doll^Ars1Az_!','!_DoubLe^BraceS4Rw_!'),array('$','{{'),$s); + + + +} diff --git a/mod/message.php b/mod/message.php index 165d6381..e031cdaf 100644 --- a/mod/message.php +++ b/mod/message.php @@ -159,10 +159,10 @@ function message_content(&$a) { '$from_url' => $a->get_baseurl() . '/redir/' . $rr['contact-id'], '$sparkle' => ' sparkle', '$from_photo' => $rr['thumb'], - '$subject' => (($rr['mailseen']) ? $rr['title'] : '' . $rr['title'] . ''), + '$subject' => template_escape((($rr['mailseen']) ? $rr['title'] : '' . $rr['title'] . '')), '$delete' => t('Delete conversation'), - '$body' => $rr['body'], - '$to_name' => $rr['name'], + '$body' => template_escape($rr['body']), + '$to_name' => template_escape($rr['name']), '$date' => datetime_convert('UTC',date_default_timezone_get(),$rr['mailcreated'], t('D, d M Y - g:i A')) )); } @@ -221,14 +221,14 @@ function message_content(&$a) { } $o .= replace_macros($tpl, array( '$id' => $message['id'], - '$from_name' =>$message['from-name'], + '$from_name' => template_escape($message['from-name']), '$from_url' => $from_url, '$sparkle' => $sparkle, '$from_photo' => $message['from-photo'], - '$subject' => $message['title'], - '$body' => smilies(bbcode($message['body'])), + '$subject' => template_escape($message['title']), + '$body' => template_escape(smilies(bbcode($message['body']))), '$delete' => t('Delete message'), - '$to_name' => $message['name'], + '$to_name' => template_escape($message['name']), '$date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A') )); @@ -240,7 +240,7 @@ function message_content(&$a) { '$header' => t('Send Reply'), '$to' => t('To:'), '$subject' => t('Subject:'), - '$subjtxt' => $message['title'], + '$subjtxt' => template_escape($message['title']), '$readonly' => ' readonly="readonly" style="background: #BBBBBB;" ', '$yourmessage' => t('Your message:'), '$select' => $select,