diff options
| author | Mike Macgirvin <mike@macgirvin.com> | 2010-10-10 20:02:29 -0700 |
|---|---|---|
| committer | Mike Macgirvin <mike@macgirvin.com> | 2010-10-10 20:02:29 -0700 |
| commit | 70bd7a6509f262a943912bbd904c92718f323f9c (patch) | |
| tree | 6d65f146fed62c7933903294928e26a3aef2a7d3 /include/items.php | |
| parent | d8283a35baceaf81d4895db945901de739d921a1 (diff) | |
| download | volse-hubzilla-70bd7a6509f262a943912bbd904c92718f323f9c.tar.gz volse-hubzilla-70bd7a6509f262a943912bbd904c92718f323f9c.tar.bz2 volse-hubzilla-70bd7a6509f262a943912bbd904c92718f323f9c.zip | |
activity objects weren't escaped properly
Diffstat (limited to 'include/items.php')
| -rw-r--r-- | include/items.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/include/items.php b/include/items.php index e4376fbee..ab2fd644a 100644 --- a/include/items.php +++ b/include/items.php @@ -234,15 +234,15 @@ function construct_activity($item) { $o = '<as:object>' . "\r\n"; $r = @simplexml_load_string($item['object']); if($r->type) - $o .= '<as:object-type>' . $r->type . '</as:object-type>' . "\r\n"; + $o .= '<as:object-type>' . xmlify($r->type) . '</as:object-type>' . "\r\n"; if($r->id) - $o .= '<id>' . $r->id . '</id>' . "\r\n"; + $o .= '<id>' . xmlify($r->id) . '</id>' . "\r\n"; if($r->link) - $o .= '<link rel="alternate" type="text/html" href="' . $r->link . '" />' . "\r\n"; + $o .= '<link rel="alternate" type="text/html" href="' . xmlify($r->link) . '" />' . "\r\n"; if($r->title) - $o .= '<title>' . $r->title . '</title>' . "\r\n"; + $o .= '<title>' . xmlify($r->title) . '</title>' . "\r\n"; if($r->content) - $o .= '<content type="html" >' . bbcode($r->content) . '</content>' . "\r\n"; + $o .= '<content type="html" >' . xmlify(bbcode($r->content)) . '</content>' . "\r\n"; $o .= '</as:object>' . "\r\n"; return $o; } |