aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-12-12 02:15:02 -0800
committerfriendica <info@friendica.com>2013-12-12 02:15:02 -0800
commit303324cdff3f7c8bc83fae89256a2133939944b2 (patch)
treef6065af47bd6eaf35a8c220f5c082fec0fd49517
parent941f81eb300074b203dd480924f9cf8b9d41a08d (diff)
downloadvolse-hubzilla-303324cdff3f7c8bc83fae89256a2133939944b2.tar.gz
volse-hubzilla-303324cdff3f7c8bc83fae89256a2133939944b2.tar.bz2
volse-hubzilla-303324cdff3f7c8bc83fae89256a2133939944b2.zip
more htmlspecialchars sanitisation
-rw-r--r--include/conversation.php4
-rw-r--r--include/network.php2
-rw-r--r--include/taxonomy.php4
-rw-r--r--include/widgets.php4
4 files changed, 7 insertions, 7 deletions
diff --git a/include/conversation.php b/include/conversation.php
index f5fc9da93..29fb8a163 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -1108,7 +1108,7 @@ function status_editor($a,$x,$popup=false) {
'$shortsetloc' => t('set location'),
'$noloc' => t('Clear browser location'),
'$shortnoloc' => t('clear location'),
- '$title' => ((x($x,'title')) ? htmlspecialchars($x['title']) : ''),
+ '$title' => ((x($x,'title')) ? htmlspecialchars($x['title'], ENT_COMPAT,'UTF-8') : ''),
'$placeholdertitle' => t('Set title'),
'$catsenabled' => ((feature_enabled($x['profile_uid'],'categories') && (! $webpage)) ? 'categories' : ''),
'$category' => "",
@@ -1117,7 +1117,7 @@ function status_editor($a,$x,$popup=false) {
'$permset' => t('Permission settings'),
'$shortpermset' => t('permissions'),
'$ptyp' => (($notes_cid) ? 'note' : 'wall'),
- '$content' => ((x($x,'body')) ? htmlspecialchars($x['body']) : ''),
+ '$content' => ((x($x,'body')) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8') : ''),
'$post_id' => '',
'$baseurl' => $a->get_baseurl(true),
'$defloc' => $x['default_location'],
diff --git a/include/network.php b/include/network.php
index 50f853ca0..225b215fe 100644
--- a/include/network.php
+++ b/include/network.php
@@ -582,7 +582,7 @@ function scale_external_images($s, $include_link = true, $scale_replace = false)
$a = get_app();
// Picture addresses can contain special characters
- $s = htmlspecialchars_decode($s);
+ $s = htmlspecialchars_decode($s, ENT_COMPAT,'UTF-8');
$matches = null;
$c = preg_match_all('/\[img(.*?)\](.*?)\[\/img\]/ism',$s,$matches,PREG_SET_ORDER);
diff --git a/include/taxonomy.php b/include/taxonomy.php
index 5159dad02..65d082bb0 100644
--- a/include/taxonomy.php
+++ b/include/taxonomy.php
@@ -87,9 +87,9 @@ function format_term_for_display($term) {
return $s;
if($term['url'])
- $s .= '<a href="' . $term['url'] . '">' . htmlspecialchars($term['term']) . '</a>';
+ $s .= '<a href="' . $term['url'] . '">' . htmlspecialchars($term['term'], ENT_COMPAT,'UTF-8') . '</a>';
else
- $s .= htmlspecialchars($term['term']);
+ $s .= htmlspecialchars($term['term'], ENT_COMPAT,'UTF-8');
return $s;
}
diff --git a/include/widgets.php b/include/widgets.php
index 495ce74aa..f53998b23 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -219,7 +219,7 @@ function widget_savedsearch($arr) {
'term' => $rr['term'],
'dellink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&amp;searchremove=1&amp;search=' . urlencode($rr['term']),
'srchlink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&amp;search=' . urlencode($rr['term']),
- 'displayterm' => htmlspecialchars($rr['term']),
+ 'displayterm' => htmlspecialchars($rr['term'], ENT_COMPAT,'UTF-8'),
'encodedterm' => urlencode($rr['term']),
'delete' => t('Remove term'),
'selected' => ($search==$rr['term']),
@@ -317,7 +317,7 @@ function widget_fullprofile($arr) {
function widget_categories($arr) {
$a = get_app();
- $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat']) : '');
+ $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : '');
$srchurl = $a->query_string;
$srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&');
$srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl);