diff options
author | friendica <info@friendica.com> | 2013-01-07 13:58:25 -0800 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-01-07 13:58:25 -0800 |
commit | 31ce6a3876fc0a3c37be1474a627ec0cea0e3622 (patch) | |
tree | 252755bfacdbee7b929d39a274eb566d9cf046ec /include | |
parent | f04ce3b093c03fc343fce5b93e6ec6c7fd1ab214 (diff) | |
download | volse-hubzilla-31ce6a3876fc0a3c37be1474a627ec0cea0e3622.tar.gz volse-hubzilla-31ce6a3876fc0a3c37be1474a627ec0cea0e3622.tar.bz2 volse-hubzilla-31ce6a3876fc0a3c37be1474a627ec0cea0e3622.zip |
input cleansing
Diffstat (limited to 'include')
-rwxr-xr-x | include/items.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/include/items.php b/include/items.php index de441c6b7..66450b6fa 100755 --- a/include/items.php +++ b/include/items.php @@ -1203,8 +1203,6 @@ function encode_rel_links($links) { return xmlify($o); } - - function item_store($arr,$force_parent = false) { if(! $arr['uid']) { @@ -1231,6 +1229,16 @@ function item_store($arr,$force_parent = false) { if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) $arr['body'] = escape_tags($arr['body']); + if((x($arr,'object')) && is_array($arr['object'])) { + activity_sanitise($arr['object']); + $arr['object'] = json_encode($arr['object']); + } + + if((x($arr,'target')) && is_array($arr['target'])) { + activity_sanitise($arr['target']); + $arr['target'] = json_encode($arr['target']); + } + $arr['aid'] = ((x($arr,'aid')) ? intval($arr['aid']) : 0); $arr['uri'] = ((x($arr,'uri')) ? notags(trim($arr['uri'])) : random_string()); $arr['author_xchan'] = ((x($arr,'author_xchan')) ? notags(trim($arr['author_xchan'])) : ''); |