diff --git a/mod/admin.php b/mod/admin.php
index 873966b999..d1b761c980 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -2478,9 +2478,9 @@ function admin_page_viewlogs(App $a)
}
$seek = fseek($fp, 0 - $size, SEEK_END);
if ($seek === 0) {
- $data = Strings::escapeTags(fread($fp, $size));
+ $data = Strings::escapeHtml(fread($fp, $size));
while (!feof($fp)) {
- $data .= Strings::escapeTags(fread($fp, 4096));
+ $data .= Strings::escapeHtml(fread($fp, 4096));
}
}
}
diff --git a/mod/dirfind.php b/mod/dirfind.php
index 7ef217253e..7b603a7427 100644
--- a/mod/dirfind.php
+++ b/mod/dirfind.php
@@ -126,8 +126,8 @@ function dirfind_content(App $a, $prefix = "") {
(`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR
`addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql",
DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
- DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)),
- DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)));
+ DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
+ DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)));
$results = q("SELECT `nurl`
FROM `gcontact`
@@ -138,8 +138,8 @@ function dirfind_content(App $a, $prefix = "") {
GROUP BY `nurl`
ORDER BY `updated` DESC LIMIT %d, %d",
DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
- DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)),
- DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)),
+ DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
+ DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
$pager->getStart(), $pager->getItemsPerPage());
$j = new stdClass();
$j->total = $count[0]["total"];
diff --git a/mod/events.php b/mod/events.php
index 540a5b1650..f147e00545 100644
--- a/mod/events.php
+++ b/mod/events.php
@@ -60,8 +60,8 @@ function events_post(App $a)
$cid = !empty($_POST['cid']) ? intval($_POST['cid']) : 0;
$uid = local_user();
- $start_text = Strings::escapeTags(defaults($_REQUEST, 'start_text', ''));
- $finish_text = Strings::escapeTags(defaults($_REQUEST, 'finish_text', ''));
+ $start_text = Strings::escapeHtml(defaults($_REQUEST, 'start_text', ''));
+ $finish_text = Strings::escapeHtml(defaults($_REQUEST, 'finish_text', ''));
$adjust = intval(defaults($_POST, 'adjust', 0));
$nofinish = intval(defaults($_POST, 'nofinish', 0));
@@ -97,9 +97,9 @@ function events_post(App $a)
// and we'll waste a bunch of time responding to it. Time that
// could've been spent doing something else.
- $summary = Strings::escapeTags(trim(defaults($_POST, 'summary', '')));
- $desc = Strings::escapeTags(trim(defaults($_POST, 'desc', '')));
- $location = Strings::escapeTags(trim(defaults($_POST, 'location', '')));
+ $summary = Strings::escapeHtml(trim(defaults($_POST, 'summary', '')));
+ $desc = Strings::escapeHtml(trim(defaults($_POST, 'desc', '')));
+ $location = Strings::escapeHtml(trim(defaults($_POST, 'location', '')));
$type = 'event';
$action = ($event_id == '') ? 'new' : "event/" . $event_id;
diff --git a/mod/fsuggest.php b/mod/fsuggest.php
index 7768c8cf8c..2195f455af 100644
--- a/mod/fsuggest.php
+++ b/mod/fsuggest.php
@@ -37,7 +37,7 @@ function fsuggest_post(App $a)
$hash = Strings::getRandomHex();
- $note = Strings::escapeTags(trim(defaults($_POST, 'note', '')));
+ $note = Strings::escapeHtml(trim(defaults($_POST, 'note', '')));
if ($new_contact) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
diff --git a/mod/item.php b/mod/item.php
index 193fa9ed9f..0473c74c52 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -205,7 +205,7 @@ function item_post(App $a) {
$app = $orig_post['app'];
$categories = $orig_post['file'];
$title = Strings::removeTags(trim($_REQUEST['title']));
- $body = Strings::escapeTags(trim($_REQUEST['body']));
+ $body = Strings::escapeHtml(trim($_REQUEST['body']));
$private = $orig_post['private'];
$pubmail_enabled = $orig_post['pubmail'];
$network = $orig_post['network'];
@@ -241,7 +241,7 @@ function item_post(App $a) {
$coord = Strings::removeTags(trim(defaults($_REQUEST, 'coord' , '')));
$verb = Strings::removeTags(trim(defaults($_REQUEST, 'verb' , '')));
$emailcc = Strings::removeTags(trim(defaults($_REQUEST, 'emailcc' , '')));
- $body = Strings::escapeTags(trim(defaults($_REQUEST, 'body' , '')));
+ $body = Strings::escapeHtml(trim(defaults($_REQUEST, 'body' , '')));
$network = Strings::removeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN)));
$guid = System::createUUID();
diff --git a/mod/message.php b/mod/message.php
index e689c45021..3a9480f2f2 100644
--- a/mod/message.php
+++ b/mod/message.php
@@ -61,7 +61,7 @@ function message_post(App $a)
$replyto = x($_REQUEST, 'replyto') ? Strings::removeTags(trim($_REQUEST['replyto'])) : '';
$subject = x($_REQUEST, 'subject') ? Strings::removeTags(trim($_REQUEST['subject'])) : '';
- $body = x($_REQUEST, 'body') ? Strings::escapeTags(trim($_REQUEST['body'])) : '';
+ $body = x($_REQUEST, 'body') ? Strings::escapeHtml(trim($_REQUEST['body'])) : '';
$recipient = x($_REQUEST, 'messageto') ? intval($_REQUEST['messageto']) : 0;
$ret = Mail::send($recipient, $body, $subject, $replyto);
@@ -254,7 +254,7 @@ function message_content(App $a)
'$preid' => $preid,
'$subject' => L10n::t('Subject:'),
'$subjtxt' => x($_REQUEST, 'subject') ? strip_tags($_REQUEST['subject']) : '',
- '$text' => x($_REQUEST, 'body') ? Strings::escapeTags(htmlspecialchars($_REQUEST['body'])) : '',
+ '$text' => x($_REQUEST, 'body') ? Strings::escapeHtml(htmlspecialchars($_REQUEST['body'])) : '',
'$readonly' => '',
'$yourmessage' => L10n::t('Your message:'),
'$select' => $select,
diff --git a/mod/network.php b/mod/network.php
index 77e815fe1a..ff20f04d4e 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -42,7 +42,7 @@ function network_init(App $a)
Hook::add('head', __FILE__, 'network_infinite_scroll_head');
- $search = (x($_GET, 'search') ? Strings::escapeTags($_GET['search']) : '');
+ $search = (x($_GET, 'search') ? Strings::escapeHtml($_GET['search']) : '');
if (($search != '') && !empty($_GET['submit'])) {
$a->internalRedirect('search?search=' . urlencode($search));
@@ -519,9 +519,9 @@ function networkThreadedView(App $a, $update, $parent)
for ($x = 1; $x < $a->argc; $x ++) {
if (is_a_date_arg($a->argv[$x])) {
if ($datequery) {
- $datequery2 = Strings::escapeTags($a->argv[$x]);
+ $datequery2 = Strings::escapeHtml($a->argv[$x]);
} else {
- $datequery = Strings::escapeTags($a->argv[$x]);
+ $datequery = Strings::escapeHtml($a->argv[$x]);
$_GET['order'] = 'post';
}
} elseif (intval($a->argv[$x])) {
diff --git a/mod/profile.php b/mod/profile.php
index f520ef94b7..f17888368a 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -115,9 +115,9 @@ function profile_content(App $a, $update = 0)
for ($x = 2; $x < $a->argc; $x ++) {
if (is_a_date_arg($a->argv[$x])) {
if ($datequery) {
- $datequery2 = Strings::escapeTags($a->argv[$x]);
+ $datequery2 = Strings::escapeHtml($a->argv[$x]);
} else {
- $datequery = Strings::escapeTags($a->argv[$x]);
+ $datequery = Strings::escapeHtml($a->argv[$x]);
}
} else {
$category = $a->argv[$x];
diff --git a/mod/profiles.php b/mod/profiles.php
index 00fdc6a29c..83febcc717 100644
--- a/mod/profiles.php
+++ b/mod/profiles.php
@@ -208,7 +208,7 @@ function profiles_post(App $a) {
return;
}
- $dob = $_POST['dob'] ? Strings::escapeTags(trim($_POST['dob'])) : '0000-00-00';
+ $dob = $_POST['dob'] ? Strings::escapeHtml(trim($_POST['dob'])) : '0000-00-00';
$y = substr($dob, 0, 4);
if ((! ctype_digit($y)) || ($y < 1900)) {
@@ -323,19 +323,19 @@ function profiles_post(App $a) {
$politic = Strings::removeTags(trim($_POST['politic']));
$religion = Strings::removeTags(trim($_POST['religion']));
- $likes = Strings::escapeTags(trim($_POST['likes']));
- $dislikes = Strings::escapeTags(trim($_POST['dislikes']));
+ $likes = Strings::escapeHtml(trim($_POST['likes']));
+ $dislikes = Strings::escapeHtml(trim($_POST['dislikes']));
- $about = Strings::escapeTags(trim($_POST['about']));
- $interest = Strings::escapeTags(trim($_POST['interest']));
- $contact = Strings::escapeTags(trim($_POST['contact']));
- $music = Strings::escapeTags(trim($_POST['music']));
- $book = Strings::escapeTags(trim($_POST['book']));
- $tv = Strings::escapeTags(trim($_POST['tv']));
- $film = Strings::escapeTags(trim($_POST['film']));
- $romance = Strings::escapeTags(trim($_POST['romance']));
- $work = Strings::escapeTags(trim($_POST['work']));
- $education = Strings::escapeTags(trim($_POST['education']));
+ $about = Strings::escapeHtml(trim($_POST['about']));
+ $interest = Strings::escapeHtml(trim($_POST['interest']));
+ $contact = Strings::escapeHtml(trim($_POST['contact']));
+ $music = Strings::escapeHtml(trim($_POST['music']));
+ $book = Strings::escapeHtml(trim($_POST['book']));
+ $tv = Strings::escapeHtml(trim($_POST['tv']));
+ $film = Strings::escapeHtml(trim($_POST['film']));
+ $romance = Strings::escapeHtml(trim($_POST['romance']));
+ $work = Strings::escapeHtml(trim($_POST['work']));
+ $education = Strings::escapeHtml(trim($_POST['education']));
$hide_friends = (($_POST['hide-friends'] == 1) ? 1: 0);
diff --git a/mod/wallmessage.php b/mod/wallmessage.php
index f2fb04442c..06b3720f73 100644
--- a/mod/wallmessage.php
+++ b/mod/wallmessage.php
@@ -21,7 +21,7 @@ function wallmessage_post(App $a) {
}
$subject = ((x($_REQUEST,'subject')) ? Strings::removeTags(trim($_REQUEST['subject'])) : '');
- $body = ((x($_REQUEST,'body')) ? Strings::escapeTags(trim($_REQUEST['body'])) : '');
+ $body = ((x($_REQUEST,'body')) ? Strings::escapeHtml(trim($_REQUEST['body'])) : '');
$recipient = (($a->argc > 1) ? Strings::removeTags($a->argv[1]) : '');
if ((! $recipient) || (! $body)) {
@@ -132,7 +132,7 @@ function wallmessage_content(App $a) {
'$recipname' => $user['username'],
'$nickname' => $user['nickname'],
'$subjtxt' => ((x($_REQUEST, 'subject')) ? strip_tags($_REQUEST['subject']) : ''),
- '$text' => ((x($_REQUEST, 'body')) ? Strings::escapeTags(htmlspecialchars($_REQUEST['body'])) : ''),
+ '$text' => ((x($_REQUEST, 'body')) ? Strings::escapeHtml(htmlspecialchars($_REQUEST['body'])) : ''),
'$readonly' => '',
'$yourmessage' => L10n::t('Your message:'),
'$parent' => '',
diff --git a/src/Model/Item.php b/src/Model/Item.php
index e12f6b6eed..c088685e8d 100644
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -3447,7 +3447,7 @@ class Item extends BaseObject
$filesubtype = 'unkn';
}
- $title = Strings::escapeTags(trim(!empty($mtch[4]) ? $mtch[4] : $mtch[1]));
+ $title = Strings::escapeHtml(trim(!empty($mtch[4]) ? $mtch[4] : $mtch[1]));
$title .= ' ' . $mtch[2] . ' ' . L10n::t('bytes');
$icon = '';
diff --git a/src/Module/Contact.php b/src/Module/Contact.php
index 30c05c889a..9987871880 100644
--- a/src/Module/Contact.php
+++ b/src/Module/Contact.php
@@ -214,14 +214,14 @@ class Contact extends BaseModule
$fetch_further_information = intval(defaults($_POST, 'fetch_further_information', 0));
- $ffi_keyword_blacklist = Strings::escapeTags(trim(defaults($_POST, 'ffi_keyword_blacklist', '')));
+ $ffi_keyword_blacklist = Strings::escapeHtml(trim(defaults($_POST, 'ffi_keyword_blacklist', '')));
$priority = intval(defaults($_POST, 'poll', 0));
if ($priority > 5 || $priority < 0) {
$priority = 0;
}
- $info = Strings::escapeTags(trim($_POST['info']));
+ $info = Strings::escapeHtml(trim($_POST['info']));
$r = DBA::update('contact', [
'profile-id' => $profile_id,
diff --git a/src/Module/Hashtag.php b/src/Module/Hashtag.php
index b016b4da40..4d09183529 100644
--- a/src/Module/Hashtag.php
+++ b/src/Module/Hashtag.php
@@ -22,7 +22,7 @@ class Hashtag extends BaseModule
{
$result = [];
- $t = Strings::escapeTags($_REQUEST['t']);
+ $t = Strings::escapeHtml($_REQUEST['t']);
if (empty($t)) {
System::jsonExit($result);
}
diff --git a/src/Util/Strings.php b/src/Util/Strings.php
index 5cb1fd6b3a..7acf1c9ef2 100644
--- a/src/Util/Strings.php
+++ b/src/Util/Strings.php
@@ -59,7 +59,7 @@ class Strings
*
* @return string
*/
- public static function escapeTags($string)
+ public static function escapeHtml($string)
{
return htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false);
}
diff --git a/src/Worker/OnePoll.php b/src/Worker/OnePoll.php
index f9ff0b1a6a..fcbcabd709 100644
--- a/src/Worker/OnePoll.php
+++ b/src/Worker/OnePoll.php
@@ -507,7 +507,7 @@ class OnePoll
Logger::log("Mail: can't fetch msg ".$msg_uid." for ".$mailconf['user']);
continue;
}
- $datarray['body'] = Strings::escapeTags($r['body']);
+ $datarray['body'] = Strings::escapeHtml($r['body']);
$datarray['body'] = BBCode::limitBodySize($datarray['body']);
Logger::log("Mail: Importing ".$msg_uid." for ".$mailconf['user']);
diff --git a/tests/src/Util/StringsTest.php b/tests/src/Util/StringsTest.php
index 54a4bdd727..352fe3089b 100644
--- a/tests/src/Util/StringsTest.php
+++ b/tests/src/Util/StringsTest.php
@@ -69,12 +69,12 @@ class StringsTest extends TestCase
/**
* test, that tags are escaped
*/
- public function testEscapeTags()
+ public function testEscapeHtml()
{
$invalidstring='';
$validstring = Strings::removeTags($invalidstring);
- $escapedString = Strings::escapeTags($invalidstring);
+ $escapedString = Strings::escapeHtml($invalidstring);
$this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
$this->assertEquals(