diff --git a/src/Content/PageInfo.php b/src/Content/PageInfo.php
index b80a551cb9..d59cf5f320 100644
--- a/src/Content/PageInfo.php
+++ b/src/Content/PageInfo.php
@@ -170,7 +170,7 @@ class PageInfo
foreach ($data['keywords'] as $keyword) {
/// @TODO make a positive list of allowed characters
$hashtag = str_replace([' ', '+', '/', '.', '#', '@', "'", '"', '’', '`', '(', ')', '„', '“'], '', $keyword);
- $hashtags .= '#[url=' . DI::baseUrl() . '/search?tag=' . $hashtag . ']' . $hashtag . '[/url] ';
+ $hashtags .= '#[url=' . DI::baseUrl() . '/search?tag=' . urlencode($hashtag) . ']' . $hashtag . '[/url] ';
}
}
diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php
index 0d9e6aaf27..80c3bb2299 100644
--- a/src/Content/Text/BBCode.php
+++ b/src/Content/Text/BBCode.php
@@ -1496,7 +1496,7 @@ class BBCode
// Replace non graphical smilies for external posts
if (!$nosmile) {
- $text = self::performWithEscapedTags($text, ['img'], function ($text) use ($simple_html, $for_plaintext) {
+ $text = self::performWithEscapedTags($text, ['url', 'img', 'audio', 'video', 'youtube', 'vimeo', 'share', 'attachment', 'iframe', 'bookmark'], function ($text) use ($simple_html, $for_plaintext) {
return Smilies::replace($text, ($simple_html != self::INTERNAL) || $for_plaintext);
});
}
@@ -1961,11 +1961,11 @@ class BBCode
self::performWithEscapedTags($text, ['url', 'share'], function ($text) use ($simple_html) {
$text = preg_replace_callback("/(?:#\[url\=[^\[\]]*\]|\[url\=[^\[\]]*\]#)(.*?)\[\/url\]/ism", function ($matches) use ($simple_html) {
if ($simple_html == self::ACTIVITYPUB) {
- return '#'
. XML::escape($matches[1]) . '';
} else {
- return '#'
. XML::escape($matches[1]) . '';
}
@@ -2353,7 +2353,7 @@ class BBCode
case '#':
default:
- return $match[1] . '[url=' . DI::baseUrl() . '/search?tag=' . rawurlencode($match[2]) . ']' . $match[2] . '[/url]';
+ return $match[1] . '[url=' . DI::baseUrl() . '/search?tag=' . urlencode($match[2]) . ']' . $match[2] . '[/url]';
}
},
$body
diff --git a/src/Model/Item.php b/src/Model/Item.php
index aa3a8bc08b..8b43df849b 100644
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -2491,7 +2491,7 @@ class Item
}
$basetag = str_replace('_', ' ', substr($tag, 1));
- $newtag = '#[url=' . DI::baseUrl() . '/search?tag=' . $basetag . ']' . $basetag . '[/url]';
+ $newtag = '#[url=' . DI::baseUrl() . '/search?tag=' . urlencode($basetag) . ']' . $basetag . '[/url]';
$body = str_replace($tag, $newtag, $body);
}
diff --git a/src/Model/Tag.php b/src/Model/Tag.php
index e63a272a75..dd9ca079e3 100644
--- a/src/Model/Tag.php
+++ b/src/Model/Tag.php
@@ -558,7 +558,7 @@ class Tag
);
while ($tag = DBA::fetch($taglist)) {
if ($tag['url'] == '') {
- $tag['url'] = $searchpath . rawurlencode($tag['name']);
+ $tag['url'] = $searchpath . urlencode($tag['name']);
}
$orig_tag = $tag['url'];
diff --git a/src/Module/Profile/Profile.php b/src/Module/Profile/Profile.php
index aeab1eb758..03ed3e3acf 100644
--- a/src/Module/Profile/Profile.php
+++ b/src/Module/Profile/Profile.php
@@ -226,7 +226,7 @@ class Profile extends BaseProfile
// Separator is defined in Module\Settings\Profile\Index::cleanKeywords
foreach (explode(', ', $profile['pub_keywords']) as $tag_label) {
$tags[] = [
- 'url' => '/search?tag=' . $tag_label,
+ 'url' => '/search?tag=' . urlencode($tag_label),
'label' => Tag::TAG_CHARACTER[Tag::HASHTAG] . $tag_label,
];
}