friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Escape user name in introduction fields help text 

- HTML help text aren't escaped in the template
This commit is contained in:
Hypolite Petovan 2020-11-16 18:18:11 -05:00
parent a8d1c7288e
commit 0e3051bfed
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Module/Notifications/Introductions.php
View File

@ -23,6 +23,7 @@ namespace Friendica\Module\Notifications;
use Friendica\Content\ContactSelector;
use Friendica\Content\Nav;
use Friendica\Content\Text\BBCode;
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Database\DBA;
@ -122,9 +123,11 @@ class Introductions extends BaseNotifications
$knowyou = '';
}
$convertedName = BBCode::convert($notification->getName());
$helptext = DI::l10n()->t('Shall your connection be bidirectional or not?');
$helptext2 = DI::l10n()->t('Accepting %s as a friend allows %s to subscribe to your posts, and you will also receive updates from them in your news feed.', $notification->getName(), $notification->getName());
$helptext3 = DI::l10n()->t('Accepting %s as a subscriber allows them to subscribe to your posts, but you will not receive updates from them in your news feed.', $notification->getName());
$helptext2 = DI::l10n()->t('Accepting %s as a friend allows %s to subscribe to your posts, and you will also receive updates from them in your news feed.', $convertedName, $convertedName);
$helptext3 = DI::l10n()->t('Accepting %s as a subscriber allows them to subscribe to your posts, but you will not receive updates from them in your news feed.', $convertedName);
$friend = ['duplex', DI::l10n()->t('Friend'), '1', $helptext2, true];
$follower = ['duplex', DI::l10n()->t('Subscriber'), '0', $helptext3, false];