friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

parse url: Characters like < and > has to be escaped when showing the parsed output.

This commit is contained in:
Michael Vogel 2014-02-16 17:35:01 +01:00
parent 046096e705
commit 7cba752f8a
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
mod/parse_url.php
View File

@ -327,12 +327,14 @@ function parse_url_content(&$a) {
if($url && $title && $text) { if($url && $title && $text) {
$title = str_replace(array("\r","\n"),array('',''),$title);
if($textmode) if($textmode)
$text = '[quote]' . trim($text) . '[/quote]' . $br; $text = '[quote]' . trim($text) . '[/quote]' . $br;
else else {
$text = '<blockquote>' . trim($text) . '</blockquote><br />'; $text = '<blockquote>' . htmlspecialchars(trim($text)) . '</blockquote><br />';
$title = htmlspecialchars($title);
$title = str_replace(array("\r","\n"),array('',''),$title); }
$result = sprintf($template,$url,($title) ? $title : $url,$text) . $str_tags; $result = sprintf($template,$url,($title) ? $title : $url,$text) . $str_tags;
@ -381,7 +383,7 @@ function parse_url_content(&$a) {
if($textmode) if($textmode)
$text = '[quote]'.trim($text).'[/quote]'; $text = '[quote]'.trim($text).'[/quote]';
else else
$text = '<blockquote>'.trim($text).'</blockquote>'; $text = '<blockquote>'.htmlspecialchars(trim($text)).'</blockquote>';
} }
if($image) { if($image) {