aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Viewsrc.php
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-02-25 13:54:39 -0800
committerzotlabs <mike@macgirvin.com>2017-02-25 13:54:39 -0800
commit232862ae08661ecca4d0688001904648b7894a8a (patch)
tree9ad5d43ec2ce227881e549a5876cdd9817ae098a /Zotlabs/Module/Viewsrc.php
parent70f8840fbdba7f7bd83ae19f3d2c4625aee2f2a4 (diff)
downloadvolse-hubzilla-232862ae08661ecca4d0688001904648b7894a8a.tar.gz
volse-hubzilla-232862ae08661ecca4d0688001904648b7894a8a.tar.bz2
volse-hubzilla-232862ae08661ecca4d0688001904648b7894a8a.zip
escape tags on viewsrc output in case it is not text/bbcode.
Diffstat (limited to 'Zotlabs/Module/Viewsrc.php')
-rw-r--r--Zotlabs/Module/Viewsrc.php4
1 files changed, 3 insertions, 1 deletions
diff --git a/Zotlabs/Module/Viewsrc.php b/Zotlabs/Module/Viewsrc.php
index fa755a3ec..cb305efc6 100644
--- a/Zotlabs/Module/Viewsrc.php
+++ b/Zotlabs/Module/Viewsrc.php
@@ -36,7 +36,9 @@ class Viewsrc extends \Zotlabs\Web\Controller {
if($r) {
if(intval($r[0]['item_obscured']))
$r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'],true),get_config('system','prvkey'));
- $o = (($json) ? json_encode($r[0]['body']) : str_replace("\n",'<br />',$r[0]['body']));
+
+ $content = escape_tags($r[0]['body']);
+ $o = (($json) ? json_encode($content) : str_replace("\n",'<br />',$content));
}
}