Tags and mentions should be escaped

This commit is contained in:
Michael 2020-01-13 15:37:46 +00:00
parent c84a8ebe78
commit 43e3b14672

View file

@ -447,13 +447,13 @@ class Term
$item['body'] = str_replace($orig_tag, $tag['url'], $item['body']); $item['body'] = str_replace($orig_tag, $tag['url'], $item['body']);
} }
$return['hashtags'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . $tag['term'] . '</a>'; $return['hashtags'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . htmlspecialchars($tag['term']) . '</a>';
$return['tags'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . $tag['term'] . '</a>'; $return['tags'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . htmlspecialchars($tag['term']) . '</a>';
break; break;
case self::MENTION: case self::MENTION:
$tag['url'] = Contact::magicLink($tag['url']); $tag['url'] = Contact::magicLink($tag['url']);
$return['mentions'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . $tag['term'] . '</a>'; $return['mentions'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . htmlspecialchars($tag['term']) . '</a>';
$return['tags'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . $tag['term'] . '</a>'; $return['tags'][] = $prefix . '<a href="' . $tag['url'] . '" target="_blank">' . htmlspecialchars($tag['term']) . '</a>';
break; break;
case self::IMPLICIT_MENTION: case self::IMPLICIT_MENTION:
$return['implicit_mentions'][] = $prefix . $tag['term']; $return['implicit_mentions'][] = $prefix . $tag['term'];