diff options
| author | zotlabs <mike@macgirvin.com> | 2017-03-15 15:53:03 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-03-15 15:53:03 -0700 |
| commit | bcd02edd8032ba3a3de40cbc35dda3529da00a7c (patch) | |
| tree | 80a49cc3d3064704a7152aecd37120c65394758e /include/photos.php | |
| parent | 6078d02c3ac8ead59dbbecab2eb5de88ad7a1efc (diff) | |
| download | volse-hubzilla-bcd02edd8032ba3a3de40cbc35dda3529da00a7c.tar.gz volse-hubzilla-bcd02edd8032ba3a3de40cbc35dda3529da00a7c.tar.bz2 volse-hubzilla-bcd02edd8032ba3a3de40cbc35dda3529da00a7c.zip | |
ensure z_input_filter is called exactly once, since we now depend on the number of htmlspecialchars operations for
markdown content. Also ensure that the content is escaped the correct number of times on imported items.
Diffstat (limited to 'include/photos.php')
| -rw-r--r-- | include/photos.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/include/photos.php b/include/photos.php index 46007fd42..c0f0ec8a9 100644 --- a/include/photos.php +++ b/include/photos.php @@ -333,12 +333,15 @@ function photo_upload($channel, $observer, $args) { if($item['mid'] === $item['parent_mid']) { $item['body'] = $summary; + $item['mimetype'] = 'text/bbcode'; $item['obj_type'] = ACTIVITY_OBJ_PHOTO; $item['obj'] = json_encode($object); $item['tgt_type'] = ACTIVITY_OBJ_ALBUM; $item['target'] = json_encode($target); + $item['body'] = trim(z_input_filter($item['body'],$item['mimetype'],false)); + if($item['author_xchan'] === $channel['channel_hash']) { $item['sig'] = base64url_encode(rsa_sign($item['body'],$channel['channel_prvkey'])); $item['item_verified'] = 1; @@ -346,6 +349,12 @@ function photo_upload($channel, $observer, $args) { else { $item['sig'] = ''; } + + // notify item_store or item_store_update that the input has been filtered and signed already. + // The signing procedure in those functions uses local_channel() which may not apply here. + + $item['input_filtered_signed'] = true; + $force = true; } |