nupplaPhil/friendica
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

don't allow tags in app source

Browse source
This commit is contained in:
Friendika 2011-06-23 15:58:43 -07:00
parent 0e809b9301
commit 5633430a19
3 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
addon/facebook/facebook.php
View file

@ -821,7 +821,7 @@ function fb_consume_stream($uid,$j,$wall = false) {
$datarray['owner-avatar'] = $self[0]['thumb']; $datarray['owner-avatar'] = $self[0]['thumb'];
} }
if(isset($entry->application) && isset($entry->application->name) && strlen($entry->application->name)) if(isset($entry->application) && isset($entry->application->name) && strlen($entry->application->name))
$datarray['app'] = $entry->application->name; $datarray['app'] = strip_tags($entry->application->name);
else else
$datarray['app'] = 'facebook'; $datarray['app'] = 'facebook';
$datarray['author-name'] = $from->name; $datarray['author-name'] = $from->name;

2
include/items.php
View file

@ -338,7 +338,7 @@ function get_atom_elements($feed,$item) {
$apps = $item->get_item_tags(NAMESPACE_STATUSNET,'notice_info'); $apps = $item->get_item_tags(NAMESPACE_STATUSNET,'notice_info');
if($apps && $apps[0]['attribs']['']['source']) { if($apps && $apps[0]['attribs']['']['source']) {
$res['app'] = $apps[0]['attribs']['']['source']; $res['app'] = strip_tags(unxmlify($apps[0]['attribs']['']['source']));
if($res['app'] === 'web') if($res['app'] === 'web')
$res['app'] = 'OStatus'; $res['app'] = 'OStatus';
} }

2
mod/item.php
View file

@ -61,7 +61,7 @@ function item_post(&$a) {
$profile_uid = ((x($_POST,'profile_uid')) ? intval($_POST['profile_uid']) : 0); $profile_uid = ((x($_POST,'profile_uid')) ? intval($_POST['profile_uid']) : 0);
$post_id = ((x($_POST['post_id'])) ? intval($_POST['post_id']) : 0); $post_id = ((x($_POST['post_id'])) ? intval($_POST['post_id']) : 0);
$app = ((x($_POST['source'])) ? notags($_POST['source']) : ''); $app = ((x($_POST['source'])) ? strip_tags($_POST['source']) : '');
if(! can_write_wall($a,$profile_uid)) { if(! can_write_wall($a,$profile_uid)) {
notice( t('Permission denied.') . EOL) ; notice( t('Permission denied.') . EOL) ;