aboutsummaryrefslogtreecommitdiffstats
path: root/include/zot.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-12-11 23:13:36 -0800
committerfriendica <info@friendica.com>2013-12-11 23:13:36 -0800
commitb3fe221b7fe9c6ecc151d9c00f36d3913526f6a3 (patch)
tree2f074601c98f8403ba5b6db2a4b76b552ddfa8aa /include/zot.php
parent18f0ab2605790f616ffd9b7a988e8dbdb10a0157 (diff)
downloadvolse-hubzilla-b3fe221b7fe9c6ecc151d9c00f36d3913526f6a3.tar.gz
volse-hubzilla-b3fe221b7fe9c6ecc151d9c00f36d3913526f6a3.tar.bz2
volse-hubzilla-b3fe221b7fe9c6ecc151d9c00f36d3913526f6a3.zip
issue #240 - we were using htmlentities instead of htmlspecialchars in several places, and this was a bit greedy in the set of characters which were converted from utf-8 to HTML entities. Also brought mail attachments up to date so they are rendered identically to item attachments.
Diffstat (limited to 'include/zot.php')
-rw-r--r--include/zot.php28
1 files changed, 14 insertions, 14 deletions
diff --git a/include/zot.php b/include/zot.php
index 77d82f110..b0d87cea9 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1633,22 +1633,22 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = 1, $suppress_
$arr = array();
$arr['xprof_hash'] = $hash;
- $arr['xprof_desc'] = (($profile['description']) ? htmlentities($profile['description'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_desc'] = (($profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : '');
$arr['xprof_dob'] = datetime_convert('','',$profile['birthday'],'Y-m-d'); // !!!! check this for 0000 year
$arr['xprof_age'] = (($profile['age']) ? intval($profile['age']) : 0);
- $arr['xprof_gender'] = (($profile['gender']) ? htmlentities($profile['gender'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['xprof_marital'] = (($profile['marital']) ? htmlentities($profile['marital'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['xprof_sexual'] = (($profile['sexual']) ? htmlentities($profile['sexual'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['xprof_locale'] = (($profile['locale']) ? htmlentities($profile['locale'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['xprof_region'] = (($profile['region']) ? htmlentities($profile['region'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['xprof_postcode'] = (($profile['postcode']) ? htmlentities($profile['postcode'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['xprof_country'] = (($profile['country']) ? htmlentities($profile['country'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_gender'] = (($profile['gender']) ? htmlspecialchars($profile['gender'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_marital'] = (($profile['marital']) ? htmlspecialchars($profile['marital'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_sexual'] = (($profile['sexual']) ? htmlspecialchars($profile['sexual'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_locale'] = (($profile['locale']) ? htmlspecialchars($profile['locale'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_region'] = (($profile['region']) ? htmlspecialchars($profile['region'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_postcode'] = (($profile['postcode']) ? htmlspecialchars($profile['postcode'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_country'] = (($profile['country']) ? htmlspecialchars($profile['country'], ENT_COMPAT,'UTF-8',false) : '');
$clean = array();
if(array_key_exists('keywords',$profile) and is_array($profile['keywords'])) {
import_directory_keywords($hash,$profile['keywords']);
foreach($profile['keywords'] as $kw) {
- $kw = trim(htmlentities($kw,ENT_COMPAT,'UTF-8',false));
+ $kw = trim(htmlspecialchars($kw,ENT_COMPAT,'UTF-8',false));
$kw = trim($kw,',');
$clean[] = $kw;
}
@@ -1750,7 +1750,7 @@ function import_directory_keywords($hash,$keywords) {
$clean = array();
foreach($keywords as $kw) {
- $kw = trim(htmlentities($kw,ENT_COMPAT,'UTF-8',false));
+ $kw = trim(htmlspecialchars($kw,ENT_COMPAT,'UTF-8',false));
$kw = trim($kw,',');
$clean[] = $kw;
}
@@ -1849,10 +1849,10 @@ function import_site($arr,$pubkey) {
$access_policy = ACCESS_TIERED;
}
- $directory_url = htmlentities($arr['directory_url'],ENT_COMPAT,'UTF-8',false);
- $url = htmlentities($arr['url'],ENT_COMPAT,'UTF-8',false);
- $sellpage = htmlentities($arr['sellpage'],ENT_COMPAT,'UTF-8',false);
- $site_location = htmlentities($arr['location'],ENT_COMPAT,'UTF-8',false);
+ $directory_url = htmlspecialchars($arr['directory_url'],ENT_COMPAT,'UTF-8',false);
+ $url = htmlspecialchars($arr['url'],ENT_COMPAT,'UTF-8',false);
+ $sellpage = htmlspecialchars($arr['sellpage'],ENT_COMPAT,'UTF-8',false);
+ $site_location = htmlspecialchars($arr['location'],ENT_COMPAT,'UTF-8',false);
if($exists) {
if(($siterecord['site_flags'] != $site_directory)