diff options
| author | Mario <mario@mariovavti.com> | 2024-02-21 10:44:56 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2024-02-21 10:44:56 +0000 |
| commit | 17e2877c91dfc889ab5edb62fc6e00dd7dcbba01 (patch) | |
| tree | 27ec3a55fd853caec3877cadb1b80433b00a00b3 /Zotlabs/Module/Item.php | |
| parent | b7bc28c33356e95f4d45a7d5d2585e67ebd04648 (diff) | |
| download | volse-hubzilla-17e2877c91dfc889ab5edb62fc6e00dd7dcbba01.tar.gz volse-hubzilla-17e2877c91dfc889ab5edb62fc6e00dd7dcbba01.tar.bz2 volse-hubzilla-17e2877c91dfc889ab5edb62fc6e00dd7dcbba01.zip | |
make sure to decode html special chars before sending over the wire and
Diffstat (limited to 'Zotlabs/Module/Item.php')
| -rw-r--r-- | Zotlabs/Module/Item.php | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 09e4904c1..574dffc69 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -679,7 +679,7 @@ class Item extends Controller { $verb = $orig_post['verb']; $app = $orig_post['app']; $title = escape_tags(trim($_REQUEST['title'])); - $summary = trim($_REQUEST['summary']); + $summary = escape_tags(trim($_REQUEST['summary'])); $body = trim($_REQUEST['body']); $item_flags = $orig_post['item_flags']; $item_origin = $orig_post['item_origin']; @@ -740,7 +740,7 @@ class Item extends Controller { $coord = ((isset($_REQUEST['coord'])) ? notags(trim($_REQUEST['coord'])) : ''); $verb = ((isset($_REQUEST['verb'])) ? notags(trim($_REQUEST['verb'])) : ''); $title = ((isset($_REQUEST['title'])) ? escape_tags(trim($_REQUEST['title'])) : ''); - $summary = ((isset($_REQUEST['summary'])) ? trim($_REQUEST['summary']) : ''); + $summary = ((isset($_REQUEST['summary'])) ? escape_tags(trim($_REQUEST['summary'])) : ''); $body = ((isset($_REQUEST['body'])) ? trim($_REQUEST['body']) : ''); $body .= ((isset($_REQUEST['attachment'])) ? trim($_REQUEST['attachment']) : ''); $postopts = ''; @@ -793,7 +793,6 @@ class Item extends Controller { && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false); if ($preview) { - $summary = z_input_filter($summary, $mimetype, $execflag); $body = z_input_filter($body, $mimetype, $execflag); } |