diff options
| author | zotlabs <mike@macgirvin.com> | 2017-03-15 15:53:03 -0700 |
|---|---|---|
| committer | Mario Vavti <mario@mariovavti.com> | 2017-03-29 13:45:42 +0200 |
| commit | 4387fb715b59be1ead2db8b12fa008160cd14ce7 (patch) | |
| tree | f6947fa67997cbd43b826b80ce1e73d04770164e /include/photos.php | |
| parent | d7aaca69475fed4c161b46821946227b4b826deb (diff) | |
| download | volse-hubzilla-4387fb715b59be1ead2db8b12fa008160cd14ce7.tar.gz volse-hubzilla-4387fb715b59be1ead2db8b12fa008160cd14ce7.tar.bz2 volse-hubzilla-4387fb715b59be1ead2db8b12fa008160cd14ce7.zip | |
ensure z_input_filter is called exactly once, since we now depend on the number of htmlspecialchars operations for
markdown content. Also ensure that the content is escaped the correct number of times on imported items.
Diffstat (limited to 'include/photos.php')
| -rw-r--r-- | include/photos.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/include/photos.php b/include/photos.php index 22b3e0c88..dff45a0bc 100644 --- a/include/photos.php +++ b/include/photos.php @@ -337,12 +337,15 @@ function photo_upload($channel, $observer, $args) { if($item['mid'] === $item['parent_mid']) { $item['body'] = $summary; + $item['mimetype'] = 'text/bbcode'; $item['obj_type'] = ACTIVITY_OBJ_PHOTO; $item['obj'] = json_encode($object); $item['tgt_type'] = ACTIVITY_OBJ_ALBUM; $item['target'] = json_encode($target); + $item['body'] = trim(z_input_filter($item['body'],$item['mimetype'],false)); + if($item['author_xchan'] === $channel['channel_hash']) { $item['sig'] = base64url_encode(rsa_sign($item['body'],$channel['channel_prvkey'])); $item['item_verified'] = 1; @@ -350,6 +353,12 @@ function photo_upload($channel, $observer, $args) { else { $item['sig'] = ''; } + + // notify item_store or item_store_update that the input has been filtered and signed already. + // The signing procedure in those functions uses local_channel() which may not apply here. + + $item['input_filtered_signed'] = true; + $force = true; } |