diff options
author | zotlabs <mike@macgirvin.com> | 2017-02-25 13:54:39 -0800 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-02-25 13:54:39 -0800 |
commit | 232862ae08661ecca4d0688001904648b7894a8a (patch) | |
tree | 9ad5d43ec2ce227881e549a5876cdd9817ae098a /Zotlabs/Module/Viewsrc.php | |
parent | 70f8840fbdba7f7bd83ae19f3d2c4625aee2f2a4 (diff) | |
download | volse-hubzilla-232862ae08661ecca4d0688001904648b7894a8a.tar.gz volse-hubzilla-232862ae08661ecca4d0688001904648b7894a8a.tar.bz2 volse-hubzilla-232862ae08661ecca4d0688001904648b7894a8a.zip |
escape tags on viewsrc output in case it is not text/bbcode.
Diffstat (limited to 'Zotlabs/Module/Viewsrc.php')
-rw-r--r-- | Zotlabs/Module/Viewsrc.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Zotlabs/Module/Viewsrc.php b/Zotlabs/Module/Viewsrc.php index fa755a3ec..cb305efc6 100644 --- a/Zotlabs/Module/Viewsrc.php +++ b/Zotlabs/Module/Viewsrc.php @@ -36,7 +36,9 @@ class Viewsrc extends \Zotlabs\Web\Controller { if($r) { if(intval($r[0]['item_obscured'])) $r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'],true),get_config('system','prvkey')); - $o = (($json) ? json_encode($r[0]['body']) : str_replace("\n",'<br />',$r[0]['body'])); + + $content = escape_tags($r[0]['body']); + $o = (($json) ? json_encode($content) : str_replace("\n",'<br />',$content)); } } |