friendica/dir
6
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

dangerous values in usernames for shared messages from diaspora are now encoded.

Browse source
This commit is contained in:
Michael Vogel 2013-12-02 20:26:57 +01:00
parent 3331e71e8e
commit e875a104ce
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/diaspora.php
View file

@ -1041,10 +1041,10 @@ function diaspora_reshare($importer,$xml,$msg) {
$datarray['owner-link'] = $contact['url'];
$datarray['owner-avatar'] = ((x($contact,'thumb')) ? $contact['thumb'] : $contact['photo']);
if (!intval(get_config('system','wall-to-wall_share'))) {
$prefix = "[share author='".str_replace("'", "'",$person['name']).
$prefix = "[share author='".str_replace(array("'", "[", "]"), array("'", "[", "]"),$person['name']).
"' profile='".$person['url'].
"' avatar='".((x($person,'thumb')) ? $person['thumb'] : $person['photo']).
"' link='".$orig_url."']";
"' link='".str_replace(array("'", "[", "]"), array("'", "[", "]"),$orig_url)."']";
$datarray['author-name'] = $contact['name'];
$datarray['author-link'] = $contact['url'];
$datarray['author-avatar'] = $contact['thumb'];