From 7c7d3fe5de3461867609031d7cdb16ff4ec4e1c3 Mon Sep 17 00:00:00 2001
From: Michael Vogel <icarus@dabo.de>
Date: Fri, 21 Dec 2012 02:10:26 +0100
Subject: [PATCH] "share" - now the attribut value for the "author" is escaped

---
 include/bbcode.php        | 2 +-
 include/diaspora.php      | 2 +-
 include/items.php         | 2 +-
 mod/share.php             | 2 +-
 view/theme/vier/style.css | 3 +--
 5 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/include/bbcode.php b/include/bbcode.php
index f3c4e360d5..384fd5ebd9 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -221,7 +221,7 @@ function bb_ShareAttributes($match) {
         $author = "";
         preg_match("/author='(.*?)'/ism", $attributes, $matches);
         if ($matches[1] != "")
-                $author = $matches[1];
+                $author = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8');
 
         preg_match('/author="(.*?)"/ism', $attributes, $matches);
         if ($matches[1] != "")
diff --git a/include/diaspora.php b/include/diaspora.php
index 5fd4a4d3fd..dcbe0fadaa 100755
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -1025,7 +1025,7 @@ function diaspora_reshare($importer,$xml,$msg) {
 	$datarray['owner-link'] = $contact['url'];
 	$datarray['owner-avatar'] = ((x($contact,'thumb')) ? $contact['thumb'] : $contact['photo']);
 	if (intval(get_config('system','new_share'))) {
-		$prefix = "[share author='".$person['name'].
+		$prefix = "[share author='".str_replace("'", "&#039;",$person['name']).
 				"' profile='".$person['url'].
 				"' avatar='".((x($person,'thumb')) ? $person['thumb'] : $person['photo']).
 				"' link='".$orig_url."']";
diff --git a/include/items.php b/include/items.php
index 65c04f0a2f..cd25b5665e 100755
--- a/include/items.php
+++ b/include/items.php
@@ -809,7 +809,7 @@ function get_atom_elements($feed,$item) {
 			logger('get_atom_elements: fixing sender of repeated message.');
 
 			if (intval(get_config('system','new_share'))) {
-				$prefix = "[share author='".$name.
+				$prefix = "[share author='".str_replace("'", "&#039;",$name).
 						"' profile='".$uri.
 						"' avatar='".$avatar.
 						"' link='".$orig_uri."']";
diff --git a/mod/share.php b/mod/share.php
index e372031bbf..e307294a6d 100644
--- a/mod/share.php
+++ b/mod/share.php
@@ -23,7 +23,7 @@ function share_init(&$a) {
 			$pos = strpos($r[0]['body'], "[share");
 			$o = substr($r[0]['body'], $pos);
 		} else {
-			$o = "[share author='".$r[0]['author-name'].
+			$o = "[share author='".str_replace("'", "&#039;",$r[0]['author-name']).
 				"' profile='".$r[0]['author-link'].
 				"' avatar='".$r[0]['author-avatar'].
 				"' link='".$r[0]['plink']."']\n";
diff --git a/view/theme/vier/style.css b/view/theme/vier/style.css
index 425beb2bfb..44e01a2b27 100644
--- a/view/theme/vier/style.css
+++ b/view/theme/vier/style.css
@@ -1689,8 +1689,7 @@ ul.tabs a, #jot-preview-link, .comment-edit-submit-wrapper .fakelink {
     background: linear-gradient(top, #ffffff 0%,#ececf2 100%);
 }
 
-ul.tabs li .active, ul.tabs a:hover, #jot-preview-link:hover, .comment-edit-submit-wrapper .fakelink:hover, {
-
+ul.tabs li .active, ul.tabs a:hover, #jot-preview-link:hover, .comment-edit-submit-wrapper .fakelink:hover {
     color: #fff;
     text-shadow: 0px 1px 0px rgba(0, 0, 0, 0.5);
     border: 1px solid #ececf2;