double encode any text that is destined for meta fields.

10 years ago · 1ff37ca4c1
3 changed files with 6177 additions and 3790 deletions
--- a/boot.php
+++ b/boot.php
@ -12,7 +12,7 @@ require_once('library/Mobile_Detect/Mobile_Detect.php');
 require_once('include/features.php');

 define ( 'FRIENDICA_PLATFORM',     'Friendica');
-define ( 'FRIENDICA_VERSION',      '3.1.1627' );
+define ( 'FRIENDICA_VERSION',      '3.1.1643' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.23'    );
 define ( 'DB_UPDATE_VERSION',      1163      );
 define ( 'EOL',                    "<br />\r\n"     );
--- a/mod/display.php
+++ b/mod/display.php
@ -172,6 +172,9 @@ function display_content(&$a, $update = 0) {
 		$description = trim(html2plain(bbcode($r[0]["body"], false, false), 0, true));
 		$title = trim(html2plain(bbcode($r[0]["title"], false, false), 0, true));

+		$description = htmlspecialchars($description, ENT_COMPAT, 'UTF-8', true); // allow double encoding here
+		$title = htmlspecialchars($title, ENT_COMPAT, 'UTF-8', true); // allow double encoding here
+
 		if ($title == "")
 			$title = $r[0]["author-name"];

--- a/util/messages.po
+++ b/util/messages.po