aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario Vavti <mario@mariovavti.com>2019-03-18 21:30:25 +0100
committerMario Vavti <mario@mariovavti.com>2019-03-18 21:30:25 +0100
commit968c6ed8be580c1098587738fefa27b31dc4f5ef (patch)
tree58bd02f3bffd7c9016246fd0ca7994a9b7386d86
parent2ec3e4a912777501f232d6255fe8ba5d0c147eee (diff)
downloadvolse-hubzilla-968c6ed8be580c1098587738fefa27b31dc4f5ef.tar.gz
volse-hubzilla-968c6ed8be580c1098587738fefa27b31dc4f5ef.tar.bz2
volse-hubzilla-968c6ed8be580c1098587738fefa27b31dc4f5ef.zip
some more xss prevention
-rw-r--r--Zotlabs/Module/Channel.php4
-rw-r--r--Zotlabs/Module/Display.php2
-rw-r--r--Zotlabs/Module/Hq.php2
-rw-r--r--Zotlabs/Module/Network.php18
-rw-r--r--Zotlabs/Module/Pubstream.php6
5 files changed, 16 insertions, 16 deletions
diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php
index 5fdefd805..65eaee408 100644
--- a/Zotlabs/Module/Channel.php
+++ b/Zotlabs/Module/Channel.php
@@ -414,12 +414,12 @@ class Channel extends Controller {
'$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1),
'$search' => $search,
'$xchan' => '',
- '$order' => $order,
+ '$order' => (($order) ? urlencode($order) : ''),,
'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
'$file' => '',
'$cats' => (($category) ? urlencode($category) : ''),
'$tags' => (($hashtags) ? urlencode($hashtags) : ''),
- '$mid' => $mid,
+ '$mid' => (($mid) ? urlencode($mid) : ''),,
'$verb' => '',
'$net' => '',
'$dend' => $datequery,
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index 04e5f9fce..258aac556 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -233,7 +233,7 @@ class Display extends \Zotlabs\Web\Controller {
'$dbegin' => '',
'$verb' => '',
'$net' => '',
- '$mid' => $mid
+ '$mid' => (($mid) ? urlencode($mid) : '')
));
head_add_link([
diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php
index 3535ac71a..848fe3e25 100644
--- a/Zotlabs/Module/Hq.php
+++ b/Zotlabs/Module/Hq.php
@@ -194,7 +194,7 @@ class Hq extends \Zotlabs\Web\Controller {
'$dbegin' => '',
'$verb' => '',
'$net' => '',
- '$mid' => $mid
+ '$mid' => (($mid) ? urlencode($mid) : '')
]);
}
diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php
index 2019082ed..1c16e34ef 100644
--- a/Zotlabs/Module/Network.php
+++ b/Zotlabs/Module/Network.php
@@ -368,19 +368,19 @@ class Network extends \Zotlabs\Web\Controller {
'$static' => $static,
'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
'$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1),
- '$search' => (($search) ? $search : ''),
- '$xchan' => $xchan,
+ '$search' => (($search) ? urlencode($search) : ''),
+ '$xchan' => (($xchan) ? urlencode($xchan) : ''),
'$order' => $order,
- '$file' => $file,
- '$cats' => urlencode($category),
- '$tags' => urlencode($hashtags),
+ '$file' => (($file) ? urlencode($file) : ''),
+ '$cats' => (($category) ? urlencode($category) : ''),
+ '$tags' => (($hashtags) ? urlencode($hashtags) : ''),
'$dend' => $datequery,
'$mid' => '',
- '$verb' => $verb,
- '$net' => $net,
+ '$verb' => (($verb) ? urlencode($verb) : ''),
+ '$net' => (($net) ? urlencode($net) : ''),
'$dbegin' => $datequery2,
- '$pf' => (($pf) ? $pf : '0'),
- '$unseen' => $unseen
+ '$pf' => (($pf) ? intval($pf) : 0),
+ '$unseen' => (($unseen) ? urlencode($unseen) : '')
));
}
diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php
index 94df29984..84ac42f72 100644
--- a/Zotlabs/Module/Pubstream.php
+++ b/Zotlabs/Module/Pubstream.php
@@ -149,11 +149,11 @@ class Pubstream extends \Zotlabs\Web\Controller {
'$order' => 'comment',
'$file' => '',
'$cats' => '',
- '$tags' => $hashtags,
+ '$tags' => (($hashtags) ? urlencode($hashtags) : ''),
'$dend' => '',
- '$mid' => $mid,
+ '$mid' => (($mid) ? urlencode($mid) : ''),
'$verb' => '',
- '$net' => $net,
+ '$net' => (($net) ? urlencode($net) : ''),
'$dbegin' => ''
));
}