friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

make sure content is unaltered

This commit is contained in:
Friendika 2011-02-01 17:50:49 -08:00
parent 968e8bb9c4
commit bafae56b39
1 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
include/items.php
View File

@ -388,7 +388,8 @@ function get_atom_elements($feed,$item) {
$have_real_body = true; $have_real_body = true;
$res['body'] = $rawenv[0]['data']; $res['body'] = $rawenv[0]['data'];
$res['body'] = str_replace(array(' ',"\t","\r","\n"), array('','','',''),$res['body']); $res['body'] = str_replace(array(' ',"\t","\r","\n"), array('','','',''),$res['body']);
$res['body'] = base64url_decode($res['body']); // make sure nobody is trying to sneak some html tags by us
$res['body'] = notags(base64url_decode($res['body']));
$res['realbody'] = true; $res['realbody'] = true;
} }
@ -407,7 +408,8 @@ function get_atom_elements($feed,$item) {
// html. // html.
if((! $have_real_body) || (strpos($res['body'],'<')) || (strpos($res['body'],'>'))) { if(! $have_real_body) {
if((strpos($res['body'],'<')) || (strpos($res['body'],'>'))) {
$res['body'] = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', $res['body'] = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
'[youtube]$1[/youtube]', $res['body']); '[youtube]$1[/youtube]', $res['body']);
@ -428,6 +430,7 @@ function get_atom_elements($feed,$item) {
} }
else else
$res['body'] = escape_tags($res['body']); $res['body'] = escape_tags($res['body']);
}
$allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow'); $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow');