diff options
| author | friendica <info@friendica.com> | 2013-09-02 01:38:17 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-09-02 01:38:17 -0700 |
| commit | 8b7757e033c4483da24700722c186057bb431164 (patch) | |
| tree | c331db3262084b08b47970c20f2d8657d6ebef81 /include/items.php | |
| parent | a35d440ff1fee806a8aa17a0297e1163db6a3ba5 (diff) | |
| download | volse-hubzilla-8b7757e033c4483da24700722c186057bb431164.tar.gz volse-hubzilla-8b7757e033c4483da24700722c186057bb431164.tar.bz2 volse-hubzilla-8b7757e033c4483da24700722c186057bb431164.zip | |
webpage content-type -- needs cleaning up and a security check once all the important bits are in place.
Diffstat (limited to 'include/items.php')
| -rwxr-xr-x | include/items.php | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/include/items.php b/include/items.php index 712c416de..66172ade3 100755 --- a/include/items.php +++ b/include/items.php @@ -1397,14 +1397,10 @@ function item_store($arr,$allow_exec = false) { $arr['item_private'] = ((x($arr,'item_private')) ? intval($arr['item_private']) : 0 ); $arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 ); - // this is a bit messy - we really need an input filter chain that temporarily undoes obscuring - if($arr['mimetype'] != 'text/html' && $arr['mimetype'] != 'application/x-php') { - if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) - $arr['body'] = escape_tags($arr['body']); - if((strpos($arr['title'],'<') !== false) || (strpos($arr['title'],'>') !== false)) - $arr['title'] = escape_tags($arr['title']); - } + $arr['body'] = z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']); + $arr['title'] = escape_tags($arr['title']); + // only detect language if we have text content, and if the post is private but not yet // obscured, make it so. |