aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-01-07 13:58:25 -0800
committerfriendica <info@friendica.com>2013-01-07 13:58:25 -0800
commit31ce6a3876fc0a3c37be1474a627ec0cea0e3622 (patch)
tree252755bfacdbee7b929d39a274eb566d9cf046ec
parentf04ce3b093c03fc343fce5b93e6ec6c7fd1ab214 (diff)
downloadvolse-hubzilla-31ce6a3876fc0a3c37be1474a627ec0cea0e3622.tar.gz
volse-hubzilla-31ce6a3876fc0a3c37be1474a627ec0cea0e3622.tar.bz2
volse-hubzilla-31ce6a3876fc0a3c37be1474a627ec0cea0e3622.zip
input cleansing
-rwxr-xr-xinclude/items.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/include/items.php b/include/items.php
index de441c6b7..66450b6fa 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1203,8 +1203,6 @@ function encode_rel_links($links) {
return xmlify($o);
}
-
-
function item_store($arr,$force_parent = false) {
if(! $arr['uid']) {
@@ -1231,6 +1229,16 @@ function item_store($arr,$force_parent = false) {
if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false))
$arr['body'] = escape_tags($arr['body']);
+ if((x($arr,'object')) && is_array($arr['object'])) {
+ activity_sanitise($arr['object']);
+ $arr['object'] = json_encode($arr['object']);
+ }
+
+ if((x($arr,'target')) && is_array($arr['target'])) {
+ activity_sanitise($arr['target']);
+ $arr['target'] = json_encode($arr['target']);
+ }
+
$arr['aid'] = ((x($arr,'aid')) ? intval($arr['aid']) : 0);
$arr['uri'] = ((x($arr,'uri')) ? notags(trim($arr['uri'])) : random_string());
$arr['author_xchan'] = ((x($arr,'author_xchan')) ? notags(trim($arr['author_xchan'])) : '');