Rename escapeTags to escapeHtml
rename function and update calls.
This commit is contained in:
parent
b5a97c1abe
commit
063f0e9cb0
|
@ -2478,9 +2478,9 @@ function admin_page_viewlogs(App $a)
|
||||||
}
|
}
|
||||||
$seek = fseek($fp, 0 - $size, SEEK_END);
|
$seek = fseek($fp, 0 - $size, SEEK_END);
|
||||||
if ($seek === 0) {
|
if ($seek === 0) {
|
||||||
$data = Strings::escapeTags(fread($fp, $size));
|
$data = Strings::escapeHtml(fread($fp, $size));
|
||||||
while (!feof($fp)) {
|
while (!feof($fp)) {
|
||||||
$data .= Strings::escapeTags(fread($fp, 4096));
|
$data .= Strings::escapeHtml(fread($fp, 4096));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -126,8 +126,8 @@ function dirfind_content(App $a, $prefix = "") {
|
||||||
(`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR
|
(`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR
|
||||||
`addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql",
|
`addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql",
|
||||||
DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
|
DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
|
||||||
DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)),
|
DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
|
||||||
DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)));
|
DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)));
|
||||||
|
|
||||||
$results = q("SELECT `nurl`
|
$results = q("SELECT `nurl`
|
||||||
FROM `gcontact`
|
FROM `gcontact`
|
||||||
|
@ -138,8 +138,8 @@ function dirfind_content(App $a, $prefix = "") {
|
||||||
GROUP BY `nurl`
|
GROUP BY `nurl`
|
||||||
ORDER BY `updated` DESC LIMIT %d, %d",
|
ORDER BY `updated` DESC LIMIT %d, %d",
|
||||||
DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
|
DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
|
||||||
DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)),
|
DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
|
||||||
DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)),
|
DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
|
||||||
$pager->getStart(), $pager->getItemsPerPage());
|
$pager->getStart(), $pager->getItemsPerPage());
|
||||||
$j = new stdClass();
|
$j = new stdClass();
|
||||||
$j->total = $count[0]["total"];
|
$j->total = $count[0]["total"];
|
||||||
|
|
|
@ -60,8 +60,8 @@ function events_post(App $a)
|
||||||
$cid = !empty($_POST['cid']) ? intval($_POST['cid']) : 0;
|
$cid = !empty($_POST['cid']) ? intval($_POST['cid']) : 0;
|
||||||
$uid = local_user();
|
$uid = local_user();
|
||||||
|
|
||||||
$start_text = Strings::escapeTags(defaults($_REQUEST, 'start_text', ''));
|
$start_text = Strings::escapeHtml(defaults($_REQUEST, 'start_text', ''));
|
||||||
$finish_text = Strings::escapeTags(defaults($_REQUEST, 'finish_text', ''));
|
$finish_text = Strings::escapeHtml(defaults($_REQUEST, 'finish_text', ''));
|
||||||
|
|
||||||
$adjust = intval(defaults($_POST, 'adjust', 0));
|
$adjust = intval(defaults($_POST, 'adjust', 0));
|
||||||
$nofinish = intval(defaults($_POST, 'nofinish', 0));
|
$nofinish = intval(defaults($_POST, 'nofinish', 0));
|
||||||
|
@ -97,9 +97,9 @@ function events_post(App $a)
|
||||||
// and we'll waste a bunch of time responding to it. Time that
|
// and we'll waste a bunch of time responding to it. Time that
|
||||||
// could've been spent doing something else.
|
// could've been spent doing something else.
|
||||||
|
|
||||||
$summary = Strings::escapeTags(trim(defaults($_POST, 'summary', '')));
|
$summary = Strings::escapeHtml(trim(defaults($_POST, 'summary', '')));
|
||||||
$desc = Strings::escapeTags(trim(defaults($_POST, 'desc', '')));
|
$desc = Strings::escapeHtml(trim(defaults($_POST, 'desc', '')));
|
||||||
$location = Strings::escapeTags(trim(defaults($_POST, 'location', '')));
|
$location = Strings::escapeHtml(trim(defaults($_POST, 'location', '')));
|
||||||
$type = 'event';
|
$type = 'event';
|
||||||
|
|
||||||
$action = ($event_id == '') ? 'new' : "event/" . $event_id;
|
$action = ($event_id == '') ? 'new' : "event/" . $event_id;
|
||||||
|
|
|
@ -37,7 +37,7 @@ function fsuggest_post(App $a)
|
||||||
|
|
||||||
$hash = Strings::getRandomHex();
|
$hash = Strings::getRandomHex();
|
||||||
|
|
||||||
$note = Strings::escapeTags(trim(defaults($_POST, 'note', '')));
|
$note = Strings::escapeHtml(trim(defaults($_POST, 'note', '')));
|
||||||
|
|
||||||
if ($new_contact) {
|
if ($new_contact) {
|
||||||
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
|
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
|
||||||
|
|
|
@ -205,7 +205,7 @@ function item_post(App $a) {
|
||||||
$app = $orig_post['app'];
|
$app = $orig_post['app'];
|
||||||
$categories = $orig_post['file'];
|
$categories = $orig_post['file'];
|
||||||
$title = Strings::removeTags(trim($_REQUEST['title']));
|
$title = Strings::removeTags(trim($_REQUEST['title']));
|
||||||
$body = Strings::escapeTags(trim($_REQUEST['body']));
|
$body = Strings::escapeHtml(trim($_REQUEST['body']));
|
||||||
$private = $orig_post['private'];
|
$private = $orig_post['private'];
|
||||||
$pubmail_enabled = $orig_post['pubmail'];
|
$pubmail_enabled = $orig_post['pubmail'];
|
||||||
$network = $orig_post['network'];
|
$network = $orig_post['network'];
|
||||||
|
@ -241,7 +241,7 @@ function item_post(App $a) {
|
||||||
$coord = Strings::removeTags(trim(defaults($_REQUEST, 'coord' , '')));
|
$coord = Strings::removeTags(trim(defaults($_REQUEST, 'coord' , '')));
|
||||||
$verb = Strings::removeTags(trim(defaults($_REQUEST, 'verb' , '')));
|
$verb = Strings::removeTags(trim(defaults($_REQUEST, 'verb' , '')));
|
||||||
$emailcc = Strings::removeTags(trim(defaults($_REQUEST, 'emailcc' , '')));
|
$emailcc = Strings::removeTags(trim(defaults($_REQUEST, 'emailcc' , '')));
|
||||||
$body = Strings::escapeTags(trim(defaults($_REQUEST, 'body' , '')));
|
$body = Strings::escapeHtml(trim(defaults($_REQUEST, 'body' , '')));
|
||||||
$network = Strings::removeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN)));
|
$network = Strings::removeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN)));
|
||||||
$guid = System::createUUID();
|
$guid = System::createUUID();
|
||||||
|
|
||||||
|
|
|
@ -61,7 +61,7 @@ function message_post(App $a)
|
||||||
|
|
||||||
$replyto = x($_REQUEST, 'replyto') ? Strings::removeTags(trim($_REQUEST['replyto'])) : '';
|
$replyto = x($_REQUEST, 'replyto') ? Strings::removeTags(trim($_REQUEST['replyto'])) : '';
|
||||||
$subject = x($_REQUEST, 'subject') ? Strings::removeTags(trim($_REQUEST['subject'])) : '';
|
$subject = x($_REQUEST, 'subject') ? Strings::removeTags(trim($_REQUEST['subject'])) : '';
|
||||||
$body = x($_REQUEST, 'body') ? Strings::escapeTags(trim($_REQUEST['body'])) : '';
|
$body = x($_REQUEST, 'body') ? Strings::escapeHtml(trim($_REQUEST['body'])) : '';
|
||||||
$recipient = x($_REQUEST, 'messageto') ? intval($_REQUEST['messageto']) : 0;
|
$recipient = x($_REQUEST, 'messageto') ? intval($_REQUEST['messageto']) : 0;
|
||||||
|
|
||||||
$ret = Mail::send($recipient, $body, $subject, $replyto);
|
$ret = Mail::send($recipient, $body, $subject, $replyto);
|
||||||
|
@ -254,7 +254,7 @@ function message_content(App $a)
|
||||||
'$preid' => $preid,
|
'$preid' => $preid,
|
||||||
'$subject' => L10n::t('Subject:'),
|
'$subject' => L10n::t('Subject:'),
|
||||||
'$subjtxt' => x($_REQUEST, 'subject') ? strip_tags($_REQUEST['subject']) : '',
|
'$subjtxt' => x($_REQUEST, 'subject') ? strip_tags($_REQUEST['subject']) : '',
|
||||||
'$text' => x($_REQUEST, 'body') ? Strings::escapeTags(htmlspecialchars($_REQUEST['body'])) : '',
|
'$text' => x($_REQUEST, 'body') ? Strings::escapeHtml(htmlspecialchars($_REQUEST['body'])) : '',
|
||||||
'$readonly' => '',
|
'$readonly' => '',
|
||||||
'$yourmessage' => L10n::t('Your message:'),
|
'$yourmessage' => L10n::t('Your message:'),
|
||||||
'$select' => $select,
|
'$select' => $select,
|
||||||
|
|
|
@ -42,7 +42,7 @@ function network_init(App $a)
|
||||||
|
|
||||||
Hook::add('head', __FILE__, 'network_infinite_scroll_head');
|
Hook::add('head', __FILE__, 'network_infinite_scroll_head');
|
||||||
|
|
||||||
$search = (x($_GET, 'search') ? Strings::escapeTags($_GET['search']) : '');
|
$search = (x($_GET, 'search') ? Strings::escapeHtml($_GET['search']) : '');
|
||||||
|
|
||||||
if (($search != '') && !empty($_GET['submit'])) {
|
if (($search != '') && !empty($_GET['submit'])) {
|
||||||
$a->internalRedirect('search?search=' . urlencode($search));
|
$a->internalRedirect('search?search=' . urlencode($search));
|
||||||
|
@ -519,9 +519,9 @@ function networkThreadedView(App $a, $update, $parent)
|
||||||
for ($x = 1; $x < $a->argc; $x ++) {
|
for ($x = 1; $x < $a->argc; $x ++) {
|
||||||
if (is_a_date_arg($a->argv[$x])) {
|
if (is_a_date_arg($a->argv[$x])) {
|
||||||
if ($datequery) {
|
if ($datequery) {
|
||||||
$datequery2 = Strings::escapeTags($a->argv[$x]);
|
$datequery2 = Strings::escapeHtml($a->argv[$x]);
|
||||||
} else {
|
} else {
|
||||||
$datequery = Strings::escapeTags($a->argv[$x]);
|
$datequery = Strings::escapeHtml($a->argv[$x]);
|
||||||
$_GET['order'] = 'post';
|
$_GET['order'] = 'post';
|
||||||
}
|
}
|
||||||
} elseif (intval($a->argv[$x])) {
|
} elseif (intval($a->argv[$x])) {
|
||||||
|
|
|
@ -115,9 +115,9 @@ function profile_content(App $a, $update = 0)
|
||||||
for ($x = 2; $x < $a->argc; $x ++) {
|
for ($x = 2; $x < $a->argc; $x ++) {
|
||||||
if (is_a_date_arg($a->argv[$x])) {
|
if (is_a_date_arg($a->argv[$x])) {
|
||||||
if ($datequery) {
|
if ($datequery) {
|
||||||
$datequery2 = Strings::escapeTags($a->argv[$x]);
|
$datequery2 = Strings::escapeHtml($a->argv[$x]);
|
||||||
} else {
|
} else {
|
||||||
$datequery = Strings::escapeTags($a->argv[$x]);
|
$datequery = Strings::escapeHtml($a->argv[$x]);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$category = $a->argv[$x];
|
$category = $a->argv[$x];
|
||||||
|
|
|
@ -208,7 +208,7 @@ function profiles_post(App $a) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$dob = $_POST['dob'] ? Strings::escapeTags(trim($_POST['dob'])) : '0000-00-00';
|
$dob = $_POST['dob'] ? Strings::escapeHtml(trim($_POST['dob'])) : '0000-00-00';
|
||||||
|
|
||||||
$y = substr($dob, 0, 4);
|
$y = substr($dob, 0, 4);
|
||||||
if ((! ctype_digit($y)) || ($y < 1900)) {
|
if ((! ctype_digit($y)) || ($y < 1900)) {
|
||||||
|
@ -323,19 +323,19 @@ function profiles_post(App $a) {
|
||||||
$politic = Strings::removeTags(trim($_POST['politic']));
|
$politic = Strings::removeTags(trim($_POST['politic']));
|
||||||
$religion = Strings::removeTags(trim($_POST['religion']));
|
$religion = Strings::removeTags(trim($_POST['religion']));
|
||||||
|
|
||||||
$likes = Strings::escapeTags(trim($_POST['likes']));
|
$likes = Strings::escapeHtml(trim($_POST['likes']));
|
||||||
$dislikes = Strings::escapeTags(trim($_POST['dislikes']));
|
$dislikes = Strings::escapeHtml(trim($_POST['dislikes']));
|
||||||
|
|
||||||
$about = Strings::escapeTags(trim($_POST['about']));
|
$about = Strings::escapeHtml(trim($_POST['about']));
|
||||||
$interest = Strings::escapeTags(trim($_POST['interest']));
|
$interest = Strings::escapeHtml(trim($_POST['interest']));
|
||||||
$contact = Strings::escapeTags(trim($_POST['contact']));
|
$contact = Strings::escapeHtml(trim($_POST['contact']));
|
||||||
$music = Strings::escapeTags(trim($_POST['music']));
|
$music = Strings::escapeHtml(trim($_POST['music']));
|
||||||
$book = Strings::escapeTags(trim($_POST['book']));
|
$book = Strings::escapeHtml(trim($_POST['book']));
|
||||||
$tv = Strings::escapeTags(trim($_POST['tv']));
|
$tv = Strings::escapeHtml(trim($_POST['tv']));
|
||||||
$film = Strings::escapeTags(trim($_POST['film']));
|
$film = Strings::escapeHtml(trim($_POST['film']));
|
||||||
$romance = Strings::escapeTags(trim($_POST['romance']));
|
$romance = Strings::escapeHtml(trim($_POST['romance']));
|
||||||
$work = Strings::escapeTags(trim($_POST['work']));
|
$work = Strings::escapeHtml(trim($_POST['work']));
|
||||||
$education = Strings::escapeTags(trim($_POST['education']));
|
$education = Strings::escapeHtml(trim($_POST['education']));
|
||||||
|
|
||||||
$hide_friends = (($_POST['hide-friends'] == 1) ? 1: 0);
|
$hide_friends = (($_POST['hide-friends'] == 1) ? 1: 0);
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,7 @@ function wallmessage_post(App $a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
$subject = ((x($_REQUEST,'subject')) ? Strings::removeTags(trim($_REQUEST['subject'])) : '');
|
$subject = ((x($_REQUEST,'subject')) ? Strings::removeTags(trim($_REQUEST['subject'])) : '');
|
||||||
$body = ((x($_REQUEST,'body')) ? Strings::escapeTags(trim($_REQUEST['body'])) : '');
|
$body = ((x($_REQUEST,'body')) ? Strings::escapeHtml(trim($_REQUEST['body'])) : '');
|
||||||
|
|
||||||
$recipient = (($a->argc > 1) ? Strings::removeTags($a->argv[1]) : '');
|
$recipient = (($a->argc > 1) ? Strings::removeTags($a->argv[1]) : '');
|
||||||
if ((! $recipient) || (! $body)) {
|
if ((! $recipient) || (! $body)) {
|
||||||
|
@ -132,7 +132,7 @@ function wallmessage_content(App $a) {
|
||||||
'$recipname' => $user['username'],
|
'$recipname' => $user['username'],
|
||||||
'$nickname' => $user['nickname'],
|
'$nickname' => $user['nickname'],
|
||||||
'$subjtxt' => ((x($_REQUEST, 'subject')) ? strip_tags($_REQUEST['subject']) : ''),
|
'$subjtxt' => ((x($_REQUEST, 'subject')) ? strip_tags($_REQUEST['subject']) : ''),
|
||||||
'$text' => ((x($_REQUEST, 'body')) ? Strings::escapeTags(htmlspecialchars($_REQUEST['body'])) : ''),
|
'$text' => ((x($_REQUEST, 'body')) ? Strings::escapeHtml(htmlspecialchars($_REQUEST['body'])) : ''),
|
||||||
'$readonly' => '',
|
'$readonly' => '',
|
||||||
'$yourmessage' => L10n::t('Your message:'),
|
'$yourmessage' => L10n::t('Your message:'),
|
||||||
'$parent' => '',
|
'$parent' => '',
|
||||||
|
|
|
@ -3447,7 +3447,7 @@ class Item extends BaseObject
|
||||||
$filesubtype = 'unkn';
|
$filesubtype = 'unkn';
|
||||||
}
|
}
|
||||||
|
|
||||||
$title = Strings::escapeTags(trim(!empty($mtch[4]) ? $mtch[4] : $mtch[1]));
|
$title = Strings::escapeHtml(trim(!empty($mtch[4]) ? $mtch[4] : $mtch[1]));
|
||||||
$title .= ' ' . $mtch[2] . ' ' . L10n::t('bytes');
|
$title .= ' ' . $mtch[2] . ' ' . L10n::t('bytes');
|
||||||
|
|
||||||
$icon = '<div class="attachtype icon s22 type-' . $filetype . ' subtype-' . $filesubtype . '"></div>';
|
$icon = '<div class="attachtype icon s22 type-' . $filetype . ' subtype-' . $filesubtype . '"></div>';
|
||||||
|
|
|
@ -214,14 +214,14 @@ class Contact extends BaseModule
|
||||||
|
|
||||||
$fetch_further_information = intval(defaults($_POST, 'fetch_further_information', 0));
|
$fetch_further_information = intval(defaults($_POST, 'fetch_further_information', 0));
|
||||||
|
|
||||||
$ffi_keyword_blacklist = Strings::escapeTags(trim(defaults($_POST, 'ffi_keyword_blacklist', '')));
|
$ffi_keyword_blacklist = Strings::escapeHtml(trim(defaults($_POST, 'ffi_keyword_blacklist', '')));
|
||||||
|
|
||||||
$priority = intval(defaults($_POST, 'poll', 0));
|
$priority = intval(defaults($_POST, 'poll', 0));
|
||||||
if ($priority > 5 || $priority < 0) {
|
if ($priority > 5 || $priority < 0) {
|
||||||
$priority = 0;
|
$priority = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
$info = Strings::escapeTags(trim($_POST['info']));
|
$info = Strings::escapeHtml(trim($_POST['info']));
|
||||||
|
|
||||||
$r = DBA::update('contact', [
|
$r = DBA::update('contact', [
|
||||||
'profile-id' => $profile_id,
|
'profile-id' => $profile_id,
|
||||||
|
|
|
@ -22,7 +22,7 @@ class Hashtag extends BaseModule
|
||||||
{
|
{
|
||||||
$result = [];
|
$result = [];
|
||||||
|
|
||||||
$t = Strings::escapeTags($_REQUEST['t']);
|
$t = Strings::escapeHtml($_REQUEST['t']);
|
||||||
if (empty($t)) {
|
if (empty($t)) {
|
||||||
System::jsonExit($result);
|
System::jsonExit($result);
|
||||||
}
|
}
|
||||||
|
|
|
@ -59,7 +59,7 @@ class Strings
|
||||||
*
|
*
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
public static function escapeTags($string)
|
public static function escapeHtml($string)
|
||||||
{
|
{
|
||||||
return htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false);
|
return htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false);
|
||||||
}
|
}
|
||||||
|
|
|
@ -507,7 +507,7 @@ class OnePoll
|
||||||
Logger::log("Mail: can't fetch msg ".$msg_uid." for ".$mailconf['user']);
|
Logger::log("Mail: can't fetch msg ".$msg_uid." for ".$mailconf['user']);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
$datarray['body'] = Strings::escapeTags($r['body']);
|
$datarray['body'] = Strings::escapeHtml($r['body']);
|
||||||
$datarray['body'] = BBCode::limitBodySize($datarray['body']);
|
$datarray['body'] = BBCode::limitBodySize($datarray['body']);
|
||||||
|
|
||||||
Logger::log("Mail: Importing ".$msg_uid." for ".$mailconf['user']);
|
Logger::log("Mail: Importing ".$msg_uid." for ".$mailconf['user']);
|
||||||
|
|
|
@ -69,12 +69,12 @@ class StringsTest extends TestCase
|
||||||
/**
|
/**
|
||||||
* test, that tags are escaped
|
* test, that tags are escaped
|
||||||
*/
|
*/
|
||||||
public function testEscapeTags()
|
public function testEscapeHtml()
|
||||||
{
|
{
|
||||||
$invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
|
$invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
|
||||||
|
|
||||||
$validstring = Strings::removeTags($invalidstring);
|
$validstring = Strings::removeTags($invalidstring);
|
||||||
$escapedString = Strings::escapeTags($invalidstring);
|
$escapedString = Strings::escapeHtml($invalidstring);
|
||||||
|
|
||||||
$this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
|
$this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
|
||||||
$this->assertEquals(
|
$this->assertEquals(
|
||||||
|
|
Loading…
Reference in a new issue