From 359dad4244ce4349f7e56f17046f765637fd6eb2 Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 6 Nov 2021 20:25:21 +0000 Subject: [PATCH] Some more "escapeTags" removed --- mod/message.php | 8 ++-- mod/photos.php | 10 ++--- mod/settings.php | 15 ++++--- mod/wallmessage.php | 6 +-- src/Module/Admin/Site.php | 44 ++++++++++----------- src/Module/Contact.php | 10 ++--- src/Module/Directory.php | 5 +-- src/Module/Group.php | 5 +-- src/Module/Help.php | 3 +- src/Module/Install.php | 7 +--- src/Module/Search/Acl.php | 3 +- src/Module/Security/Login.php | 11 +++--- src/Module/Settings/Display.php | 7 ++-- src/Module/Settings/Profile/Index.php | 25 ++++++------ view/theme/frio/templates/photo_view.tpl | 2 +- view/theme/quattro/templates/photo_view.tpl | 2 +- view/theme/vier/templates/photo_view.tpl | 2 +- 17 files changed, 76 insertions(+), 89 deletions(-) diff --git a/mod/message.php b/mod/message.php index 1c6502ee15..d431668b94 100644 --- a/mod/message.php +++ b/mod/message.php @@ -70,10 +70,10 @@ function message_post(App $a) return; } - $replyto = !empty($_REQUEST['replyto']) ? Strings::escapeTags(trim($_REQUEST['replyto'])) : ''; - $subject = !empty($_REQUEST['subject']) ? Strings::escapeTags(trim($_REQUEST['subject'])) : ''; - $body = !empty($_REQUEST['body']) ? Strings::escapeHtml(trim($_REQUEST['body'])) : ''; - $recipient = !empty($_REQUEST['recipient']) ? intval($_REQUEST['recipient']) : 0; + $replyto = !empty($_REQUEST['replyto']) ? trim($_REQUEST['replyto']) : ''; + $subject = !empty($_REQUEST['subject']) ? trim($_REQUEST['subject']) : ''; + $body = !empty($_REQUEST['body']) ? Strings::escapeHtml(trim($_REQUEST['body'])) : ''; + $recipient = !empty($_REQUEST['recipient']) ? intval($_REQUEST['recipient']) : 0; $ret = Mail::send($recipient, $body, $subject, $replyto); $norecip = false; diff --git a/mod/photos.php b/mod/photos.php index 5ca9aa600a..1b8d5069f8 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -291,11 +291,11 @@ function photos_post(App $a) } if (DI::args()->getArgc() > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) { - $desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : ''; - $rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : ''; - $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0; - $albname = !empty($_POST['albname']) ? trim($_POST['albname']) : ''; - $origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : ''; + $desc = !empty($_POST['desc']) ? trim($_POST['desc']) : ''; + $rawtags = !empty($_POST['newtag']) ? trim($_POST['newtag']) : ''; + $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0; + $albname = !empty($_POST['albname']) ? trim($_POST['albname']) : ''; + $origaname = !empty($_POST['origaname']) ? trim($_POST['origaname']) : ''; $resource_id = DI::args()->getArgv()[3]; diff --git a/mod/settings.php b/mod/settings.php index d3fbd81db8..b1b8abd94e 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -37,7 +37,6 @@ use Friendica\Model\User; use Friendica\Module\BaseSettings; use Friendica\Module\Security\Login; use Friendica\Protocol\Email; -use Friendica\Util\Strings; use Friendica\Util\Temporal; use Friendica\Worker\Delivery; @@ -216,14 +215,14 @@ function settings_post(App $a) } } - $username = (!empty($_POST['username']) ? Strings::escapeTags(trim($_POST['username'])) : ''); - $email = (!empty($_POST['email']) ? Strings::escapeTags(trim($_POST['email'])) : ''); - $timezone = (!empty($_POST['timezone']) ? Strings::escapeTags(trim($_POST['timezone'])) : ''); - $language = (!empty($_POST['language']) ? Strings::escapeTags(trim($_POST['language'])) : ''); + $username = (!empty($_POST['username']) ? trim($_POST['username']) : ''); + $email = (!empty($_POST['email']) ? trim($_POST['email']) : ''); + $timezone = (!empty($_POST['timezone']) ? trim($_POST['timezone']) : ''); + $language = (!empty($_POST['language']) ? trim($_POST['language']) : ''); - $defloc = (!empty($_POST['defloc']) ? Strings::escapeTags(trim($_POST['defloc'])) : ''); - $maxreq = (!empty($_POST['maxreq']) ? intval($_POST['maxreq']) : 0); - $expire = (!empty($_POST['expire']) ? intval($_POST['expire']) : 0); + $defloc = (!empty($_POST['defloc']) ? trim($_POST['defloc']) : ''); + $maxreq = (!empty($_POST['maxreq']) ? intval($_POST['maxreq']) : 0); + $expire = (!empty($_POST['expire']) ? intval($_POST['expire']) : 0); $def_gid = (!empty($_POST['group-selection']) ? intval($_POST['group-selection']) : 0); diff --git a/mod/wallmessage.php b/mod/wallmessage.php index 6e0ea0caf2..3f9d24ac35 100644 --- a/mod/wallmessage.php +++ b/mod/wallmessage.php @@ -37,10 +37,10 @@ function wallmessage_post(App $a) { return; } - $subject = (!empty($_REQUEST['subject']) ? Strings::escapeTags(trim($_REQUEST['subject'])) : ''); - $body = (!empty($_REQUEST['body']) ? Strings::escapeHtml(trim($_REQUEST['body'])) : ''); + $subject = trim($_REQUEST['subject'] ?? ''); + $body = Strings::escapeHtml(trim($_REQUEST['body'] ?? '')); - $recipient = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(DI::args()->getArgv()[1]) : ''); + $recipient = ((DI::args()->getArgc() > 1) ? DI::args()->getArgv()[1] : ''); if ((! $recipient) || (! $body)) { return; } diff --git a/src/Module/Admin/Site.php b/src/Module/Admin/Site.php index 9d769cba79..0edc713ae6 100644 --- a/src/Module/Admin/Site.php +++ b/src/Module/Admin/Site.php @@ -128,16 +128,16 @@ class Site extends BaseAdmin } // end relocate - $sitename = (!empty($_POST['sitename']) ? Strings::escapeTags(trim($_POST['sitename'])) : ''); - $sender_email = (!empty($_POST['sender_email']) ? Strings::escapeTags(trim($_POST['sender_email'])) : ''); + $sitename = (!empty($_POST['sitename']) ? trim($_POST['sitename']) : ''); + $sender_email = (!empty($_POST['sender_email']) ? trim($_POST['sender_email']) : ''); $banner = (!empty($_POST['banner']) ? trim($_POST['banner']) : false); $email_banner = (!empty($_POST['email_banner']) ? trim($_POST['email_banner']) : false); - $shortcut_icon = (!empty($_POST['shortcut_icon']) ? Strings::escapeTags(trim($_POST['shortcut_icon'])) : ''); - $touch_icon = (!empty($_POST['touch_icon']) ? Strings::escapeTags(trim($_POST['touch_icon'])) : ''); + $shortcut_icon = (!empty($_POST['shortcut_icon']) ? trim($_POST['shortcut_icon']) : ''); + $touch_icon = (!empty($_POST['touch_icon']) ? trim($_POST['touch_icon']) : ''); $additional_info = (!empty($_POST['additional_info']) ? trim($_POST['additional_info']) : ''); - $language = (!empty($_POST['language']) ? Strings::escapeTags(trim($_POST['language'])) : ''); - $theme = (!empty($_POST['theme']) ? Strings::escapeTags(trim($_POST['theme'])) : ''); - $theme_mobile = (!empty($_POST['theme_mobile']) ? Strings::escapeTags(trim($_POST['theme_mobile'])) : ''); + $language = (!empty($_POST['language']) ? trim($_POST['language']) : ''); + $theme = (!empty($_POST['theme']) ? trim($_POST['theme']) : ''); + $theme_mobile = (!empty($_POST['theme_mobile']) ? trim($_POST['theme_mobile']) : ''); $maximagesize = (!empty($_POST['maximagesize']) ? intval(trim($_POST['maximagesize'])) : 0); $maximagelength = (!empty($_POST['maximagelength']) ? intval(trim($_POST['maximagelength'])) : -1); $jpegimagequality = (!empty($_POST['jpegimagequality']) ? intval(trim($_POST['jpegimagequality'])) : 100); @@ -148,15 +148,15 @@ class Site extends BaseAdmin $register_text = (!empty($_POST['register_text']) ? strip_tags(trim($_POST['register_text'])) : ''); - $allowed_sites = (!empty($_POST['allowed_sites']) ? Strings::escapeTags(trim($_POST['allowed_sites'])) : ''); - $allowed_email = (!empty($_POST['allowed_email']) ? Strings::escapeTags(trim($_POST['allowed_email'])) : ''); - $forbidden_nicknames = (!empty($_POST['forbidden_nicknames']) ? strtolower(Strings::escapeTags(trim($_POST['forbidden_nicknames']))) : ''); - $system_actor_name = (!empty($_POST['system_actor_name']) ? Strings::escapeTags(trim($_POST['system_actor_name'])) : ''); + $allowed_sites = (!empty($_POST['allowed_sites']) ? trim($_POST['allowed_sites']) : ''); + $allowed_email = (!empty($_POST['allowed_email']) ? trim($_POST['allowed_email']) : ''); + $forbidden_nicknames = (!empty($_POST['forbidden_nicknames']) ? strtolower(trim($_POST['forbidden_nicknames'])) : ''); + $system_actor_name = (!empty($_POST['system_actor_name']) ? trim($_POST['system_actor_name']) : ''); $no_oembed_rich_content = !empty($_POST['no_oembed_rich_content']); - $allowed_oembed = (!empty($_POST['allowed_oembed']) ? Strings::escapeTags(trim($_POST['allowed_oembed'])) : ''); + $allowed_oembed = (!empty($_POST['allowed_oembed']) ? trim($_POST['allowed_oembed']) : ''); $block_public = !empty($_POST['block_public']); $force_publish = !empty($_POST['publish_all']); - $global_directory = (!empty($_POST['directory']) ? Strings::escapeTags(trim($_POST['directory'])) : ''); + $global_directory = (!empty($_POST['directory']) ? trim($_POST['directory']) : ''); $newuser_private = !empty($_POST['newuser_private']); $enotify_no_content = !empty($_POST['enotify_no_content']); $private_addons = !empty($_POST['private_addons']); @@ -173,8 +173,8 @@ class Site extends BaseAdmin $max_author_posts_community_page = (!empty($_POST['max_author_posts_community_page']) ? intval(trim($_POST['max_author_posts_community_page'])) : 0); $verifyssl = !empty($_POST['verifyssl']); - $proxyuser = (!empty($_POST['proxyuser']) ? Strings::escapeTags(trim($_POST['proxyuser'])) : ''); - $proxy = (!empty($_POST['proxy']) ? Strings::escapeTags(trim($_POST['proxy'])) : ''); + $proxyuser = (!empty($_POST['proxyuser']) ? trim($_POST['proxyuser']) : ''); + $proxy = (!empty($_POST['proxy']) ? trim($_POST['proxy']) : ''); $timeout = (!empty($_POST['timeout']) ? intval(trim($_POST['timeout'])) : 60); $maxloadavg = (!empty($_POST['maxloadavg']) ? intval(trim($_POST['maxloadavg'])) : 20); $min_memory = (!empty($_POST['min_memory']) ? intval(trim($_POST['min_memory'])) : 0); @@ -198,20 +198,20 @@ class Site extends BaseAdmin $suppress_tags = !empty($_POST['suppress_tags']); $max_comments = (!empty($_POST['max_comments']) ? intval($_POST['max_comments']) : 0); $max_display_comments = (!empty($_POST['max_display_comments']) ? intval($_POST['max_display_comments']) : 0); - $temppath = (!empty($_POST['temppath']) ? Strings::escapeTags(trim($_POST['temppath'])) : ''); - $singleuser = (!empty($_POST['singleuser']) ? Strings::escapeTags(trim($_POST['singleuser'])) : ''); + $temppath = (!empty($_POST['temppath']) ? trim($_POST['temppath']) : ''); + $singleuser = (!empty($_POST['singleuser']) ? trim($_POST['singleuser']) : ''); $only_tag_search = !empty($_POST['only_tag_search']); - $check_new_version_url = (!empty($_POST['check_new_version_url']) ? Strings::escapeTags(trim($_POST['check_new_version_url'])) : 'none'); + $check_new_version_url = (!empty($_POST['check_new_version_url']) ? trim($_POST['check_new_version_url']) : 'none'); $worker_queues = (!empty($_POST['worker_queues']) ? intval($_POST['worker_queues']) : 10); $worker_fastlane = !empty($_POST['worker_fastlane']); $relay_directly = !empty($_POST['relay_directly']); - $relay_scope = (!empty($_POST['relay_scope']) ? Strings::escapeTags(trim($_POST['relay_scope'])) : ''); - $relay_server_tags = (!empty($_POST['relay_server_tags']) ? Strings::escapeTags(trim($_POST['relay_server_tags'])) : ''); - $relay_deny_tags = (!empty($_POST['relay_deny_tags']) ? Strings::escapeTags(trim($_POST['relay_deny_tags'])) : ''); + $relay_scope = (!empty($_POST['relay_scope']) ? trim($_POST['relay_scope']) : ''); + $relay_server_tags = (!empty($_POST['relay_server_tags']) ? trim($_POST['relay_server_tags']) : ''); + $relay_deny_tags = (!empty($_POST['relay_deny_tags']) ? trim($_POST['relay_deny_tags']) : ''); $relay_user_tags = !empty($_POST['relay_user_tags']); - $active_panel = (!empty($_POST['active_panel']) ? "#" . Strings::escapeTags(trim($_POST['active_panel'])) : ''); + $active_panel = (!empty($_POST['active_panel']) ? "#" . trim($_POST['active_panel']) : ''); // Has the directory url changed? If yes, then resubmit the existing profiles there if ($global_directory != DI::config()->get('system', 'directory') && ($global_directory != '')) { diff --git a/src/Module/Contact.php b/src/Module/Contact.php index 2cd575df90..4f13b28433 100644 --- a/src/Module/Contact.php +++ b/src/Module/Contact.php @@ -234,10 +234,10 @@ class Contact extends BaseModule $a = DI::app(); - $search = Strings::escapeTags(trim($_GET['search'] ?? '')); - $nets = Strings::escapeTags(trim($_GET['nets'] ?? '')); - $rel = Strings::escapeTags(trim($_GET['rel'] ?? '')); - $group = Strings::escapeTags(trim($_GET['group'] ?? '')); + $search = trim($_GET['search'] ?? ''); + $nets = trim($_GET['nets'] ?? ''); + $rel = trim($_GET['rel'] ?? ''); + $group = trim($_GET['group'] ?? ''); $accounttype = $_GET['accounttype'] ?? ''; $accounttypeid = User::getAccountTypeByString($accounttype); @@ -523,7 +523,7 @@ class Contact extends BaseModule '$submit' => DI::l10n()->t('Submit'), '$lbl_info1' => $lbl_info1, '$lbl_info2' => DI::l10n()->t('Their personal note'), - '$reason' => trim(Strings::escapeTags($contact['reason'])), + '$reason' => trim($contact['reason']), '$infedit' => DI::l10n()->t('Edit contact notes'), '$common_link' => 'contact/' . $contact['id'] . '/contacts/common', '$relation_text' => $relation_text, diff --git a/src/Module/Directory.php b/src/Module/Directory.php index 3c2f66ec11..0172612d51 100644 --- a/src/Module/Directory.php +++ b/src/Module/Directory.php @@ -32,7 +32,6 @@ use Friendica\DI; use Friendica\Model; use Friendica\Model\Profile; use Friendica\Network\HTTPException; -use Friendica\Util\Strings; /** * Shows the local directory of this node @@ -59,9 +58,7 @@ class Directory extends BaseModule Nav::setSelected('directory'); - $search = (!empty($_REQUEST['search']) ? - Strings::escapeTags(trim(rawurldecode($_REQUEST['search']))) : - ''); + $search = trim(rawurldecode($_REQUEST['search'] ?? '')); $gDirPath = ''; $dirURL = $config->get('system', 'directory'); diff --git a/src/Module/Group.php b/src/Module/Group.php index 063e41589f..ee6c7b8c27 100644 --- a/src/Module/Group.php +++ b/src/Module/Group.php @@ -27,7 +27,6 @@ use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\DI; use Friendica\Model; -use Friendica\Util\Strings; require_once 'boot.php'; @@ -50,7 +49,7 @@ class Group extends BaseModule if ((DI::args()->getArgc() == 2) && (DI::args()->getArgv()[1] === 'new')) { BaseModule::checkFormSecurityTokenRedirectOnError('/group/new', 'group_edit'); - $name = Strings::escapeTags(trim($_POST['groupname'])); + $name = trim($_POST['groupname']); $r = Model\Group::create(local_user(), $name); if ($r) { $r = Model\Group::getIdByName(local_user(), $name); @@ -72,7 +71,7 @@ class Group extends BaseModule notice(DI::l10n()->t('Group not found.')); DI::baseUrl()->redirect('contact'); } - $groupname = Strings::escapeTags(trim($_POST['groupname'])); + $groupname = trim($_POST['groupname']); if (strlen($groupname) && ($groupname != $group['name'])) { if (!Model\Group::update($group['id'], $groupname)) { notice(DI::l10n()->t('Group name was not changed.')); diff --git a/src/Module/Help.php b/src/Module/Help.php index a29e895579..219adc7973 100644 --- a/src/Module/Help.php +++ b/src/Module/Help.php @@ -26,7 +26,6 @@ use Friendica\Content\Nav; use Friendica\Content\Text\Markdown; use Friendica\DI; use Friendica\Network\HTTPException; -use Friendica\Util\Strings; /** * Shows the friendica help based on the /doc/ directory @@ -59,7 +58,7 @@ class Help extends BaseModule $title = basename($path); $filename = $path; $text = self::loadDocFile('doc/' . $path . '.md', $lang); - DI::page()['title'] = DI::l10n()->t('Help:') . ' ' . str_replace('-', ' ', Strings::escapeTags($title)); + DI::page()['title'] = DI::l10n()->t('Help:') . ' ' . str_replace('-', ' ', $title); } $home = self::loadDocFile('doc/Home.md', $lang); diff --git a/src/Module/Install.php b/src/Module/Install.php index bcd029246e..8b6f97f984 100644 --- a/src/Module/Install.php +++ b/src/Module/Install.php @@ -30,7 +30,6 @@ use Friendica\Core\Theme; use Friendica\DI; use Friendica\Network\HTTPException; use Friendica\Util\BasePath; -use Friendica\Util\Strings; use Friendica\Util\Temporal; class Install extends BaseModule @@ -380,10 +379,8 @@ class Install extends BaseModule private static function checkSetting(Cache $configCache, array $post, $cat, $key, $default = null) { $configCache->set($cat, $key, - Strings::escapeTags( - trim(($post[sprintf('%s-%s', $cat, $key)] ?? '') ?: - ($default ?? $configCache->get($cat, $key)) - ) + trim(($post[sprintf('%s-%s', $cat, $key)] ?? '') ?: + ($default ?? $configCache->get($cat, $key)) ) ); } diff --git a/src/Module/Search/Acl.php b/src/Module/Search/Acl.php index d0a1d86e99..636e09539f 100644 --- a/src/Module/Search/Acl.php +++ b/src/Module/Search/Acl.php @@ -32,7 +32,6 @@ use Friendica\DI; use Friendica\Model\Contact; use Friendica\Model\Post; use Friendica\Network\HTTPException; -use Friendica\Util\Strings; /** * ACL selector json backend @@ -69,7 +68,7 @@ class Acl extends BaseModule private static function globalContactSearch() { // autocomplete for global contact search (e.g. navbar search) - $search = Strings::escapeTags(trim($_REQUEST['search'])); + $search = trim($_REQUEST['search']); $mode = $_REQUEST['smode']; $page = $_REQUEST['page'] ?? 1; diff --git a/src/Module/Security/Login.php b/src/Module/Security/Login.php index 1d45b6c9dd..0e49234809 100644 --- a/src/Module/Security/Login.php +++ b/src/Module/Security/Login.php @@ -27,7 +27,6 @@ use Friendica\Core\Renderer; use Friendica\Core\Session; use Friendica\DI; use Friendica\Module\Register; -use Friendica\Util\Strings; /** * Login module @@ -187,16 +186,16 @@ class Login extends BaseModule if (is_array($attr) && count($attr)) { foreach ($attr as $k => $v) { if ($k === 'namePerson/friendly') { - $nick = Strings::escapeTags(trim($v)); + $nick = trim($v); } if ($k === 'namePerson/first') { - $first = Strings::escapeTags(trim($v)); + $first = trim($v); } if ($k === 'namePerson') { - $args['username'] = Strings::escapeTags(trim($v)); + $args['username'] = trim($v); } if ($k === 'contact/email') { - $args['email'] = Strings::escapeTags(trim($v)); + $args['email'] = trim($v); } if ($k === 'media/image/aspect11') { $photosq = bin2hex(trim($v)); @@ -219,7 +218,7 @@ class Login extends BaseModule $args['photo'] = $photo; } - $args['openid_url'] = Strings::escapeTags(trim(Session::get('openid_identity'))); + $args['openid_url'] = trim(Session::get('openid_identity')); return 'register?' . http_build_query($args); } diff --git a/src/Module/Settings/Display.php b/src/Module/Settings/Display.php index cb7a520df6..5429a11e23 100644 --- a/src/Module/Settings/Display.php +++ b/src/Module/Settings/Display.php @@ -30,7 +30,6 @@ use Friendica\DI; use Friendica\Model\User; use Friendica\Module\BaseSettings; use Friendica\Network\HTTPException; -use Friendica\Util\Strings; /** * Module to update user settings @@ -47,9 +46,9 @@ class Display extends BaseSettings $user = User::getById(local_user()); - $theme = !empty($_POST['theme']) ? Strings::escapeTags(trim($_POST['theme'])) : $user['theme']; - $mobile_theme = !empty($_POST['mobile_theme']) ? Strings::escapeTags(trim($_POST['mobile_theme'])) : ''; - $enable_smile = !empty($_POST['enable_smile']) ? intval($_POST['enable_smile']) : 0; + $theme = !empty($_POST['theme']) ? trim($_POST['theme']) : $user['theme']; + $mobile_theme = !empty($_POST['mobile_theme']) ? trim($_POST['mobile_theme']) : ''; + $enable_smile = !empty($_POST['enable_smile']) ? intval($_POST['enable_smile']) : 0; $first_day_of_week = !empty($_POST['first_day_of_week']) ? intval($_POST['first_day_of_week']) : 0; $infinite_scroll = !empty($_POST['infinite_scroll']) ? intval($_POST['infinite_scroll']) : 0; $no_auto_update = !empty($_POST['no_auto_update']) ? intval($_POST['no_auto_update']) : 0; diff --git a/src/Module/Settings/Profile/Index.php b/src/Module/Settings/Profile/Index.php index 240399aa05..28e8430eaa 100644 --- a/src/Module/Settings/Profile/Index.php +++ b/src/Module/Settings/Profile/Index.php @@ -37,7 +37,6 @@ use Friendica\Module\BaseSettings; use Friendica\Module\Security\Login; use Friendica\Network\HTTPException; use Friendica\Util\DateTimeFormat; -use Friendica\Util\Strings; use Friendica\Util\Temporal; class Index extends BaseSettings @@ -79,23 +78,23 @@ class Index extends BaseSettings } } - $name = Strings::escapeTags(trim($_POST['name'] ?? '')); + $name = trim($_POST['name'] ?? ''); if (!strlen($name)) { notice(DI::l10n()->t('Profile Name is required.')); return; } - $about = Strings::escapeTags(trim($_POST['about'])); - $address = Strings::escapeTags(trim($_POST['address'])); - $locality = Strings::escapeTags(trim($_POST['locality'])); - $region = Strings::escapeTags(trim($_POST['region'])); - $postal_code = Strings::escapeTags(trim($_POST['postal_code'])); - $country_name = Strings::escapeTags(trim($_POST['country_name'])); - $pub_keywords = self::cleanKeywords(Strings::escapeTags(trim($_POST['pub_keywords']))); - $prv_keywords = self::cleanKeywords(Strings::escapeTags(trim($_POST['prv_keywords']))); - $xmpp = Strings::escapeTags(trim($_POST['xmpp'])); - $matrix = Strings::escapeTags(trim($_POST['matrix'])); - $homepage = Strings::escapeTags(trim($_POST['homepage'])); + $about = trim($_POST['about']); + $address = trim($_POST['address']); + $locality = trim($_POST['locality']); + $region = trim($_POST['region']); + $postal_code = trim($_POST['postal_code']); + $country_name = trim($_POST['country_name']); + $pub_keywords = self::cleanKeywords(trim($_POST['pub_keywords'])); + $prv_keywords = self::cleanKeywords(trim($_POST['prv_keywords'])); + $xmpp = trim($_POST['xmpp']); + $matrix = trim($_POST['matrix']); + $homepage = trim($_POST['homepage']); if ((strpos($homepage, 'http') !== 0) && (strlen($homepage))) { // neither http nor https in URL, add them $homepage = 'http://' . $homepage; diff --git a/view/theme/frio/templates/photo_view.tpl b/view/theme/frio/templates/photo_view.tpl index de45eecff0..76fa33a3a3 100644 --- a/view/theme/frio/templates/photo_view.tpl +++ b/view/theme/frio/templates/photo_view.tpl @@ -63,7 +63,7 @@
{{* The photo description *}} -
{{$desc nofilter}}
+
{{$desc}}
{{* Tags and mentions *}} {{if $tags}} diff --git a/view/theme/quattro/templates/photo_view.tpl b/view/theme/quattro/templates/photo_view.tpl index 11947643c6..d218f039f8 100644 --- a/view/theme/quattro/templates/photo_view.tpl +++ b/view/theme/quattro/templates/photo_view.tpl @@ -24,7 +24,7 @@
{{if $prevlink}}{{/if}} {{if $nextlink}}{{/if}} -
{{$desc nofilter}}
+
{{$desc}}
{{if $tags}}
{{$tags.0}}
{{$tags.1}}
diff --git a/view/theme/vier/templates/photo_view.tpl b/view/theme/vier/templates/photo_view.tpl index 87501c031a..c597c05cf4 100644 --- a/view/theme/vier/templates/photo_view.tpl +++ b/view/theme/vier/templates/photo_view.tpl @@ -26,7 +26,7 @@
{{if $nextlink}}{{/if}}
-
{{$desc nofilter}}
+
{{$desc}}
{{if $tags}}
{{$tags.0}}
{{$tags.1}}