aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xinclude/contact_widgets.php2
-rw-r--r--include/text.php11
-rwxr-xr-xmod/filer.php4
-rw-r--r--mod/filerm.php4
-rwxr-xr-xmod/network.php2
5 files changed, 10 insertions, 13 deletions
diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index 1f70e536f..7346b95af 100755
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -87,7 +87,7 @@ function fileas_widget($baseurl,$selected = '') {
$cnt = preg_match_all('/\[(.*?)\]/',$saved,$matches,PREG_SET_ORDER);
if($cnt) {
foreach($matches as $mtch) {
- $unescaped = file_tag_decode($mtch[1]);
+ $unescaped = xmlify(file_tag_decode($mtch[1]));
$terms[] = array('name' => $unescaped,'selected' => (($selected == $unescaped) ? 'selected' : ''));
}
}
diff --git a/include/text.php b/include/text.php
index 64f6f72a8..191f4fca8 100644
--- a/include/text.php
+++ b/include/text.php
@@ -920,7 +920,7 @@ function prepare_body($item,$attach = false) {
foreach($matches as $mtch) {
if(strlen($x))
$x .= ',';
- $x .= file_tag_decode($mtch[1]);
+ $x .= xmlify(file_tag_decode($mtch[1]));
}
if(strlen($x))
$s .= '<div class="categorytags"><span>' . t('Categories:') . ' </span>' . $x . '</div>';
@@ -935,7 +935,7 @@ function prepare_body($item,$attach = false) {
foreach($matches as $mtch) {
if(strlen($x))
$x .= '&nbsp;&nbsp;&nbsp;';
- $x .= file_tag_decode($mtch[1]). ' <a href="' . $a->get_baseurl() . '/filerm/' . $item['id'] . '?f=&term=' . file_tag_decode($mtch[1]) . '" title="' . t('remove') . '" >' . t('[remove]') . '</a>';
+ $x .= xmlify(file_tag_decode($mtch[1])) . ' <a href="' . $a->get_baseurl() . '/filerm/' . $item['id'] . '?f=&term=' . xmlify(file_tag_decode($mtch[1])) . '" title="' . t('remove') . '" >' . t('[remove]') . '</a>';
}
if(strlen($x) && (local_user() == $item['uid']))
$s .= '<div class="filesavetags"><span>' . t('Filed under:') . ' </span>' . $x . '</div>';
@@ -1307,13 +1307,10 @@ function file_tag_decode($s) {
function file_tag_file_query($table,$s,$type = 'file') {
- // this is ultimately going into a vsprintf
- $s = str_replace('%','%%',$s);
-
if($type == 'file')
- $str = preg_quote( '[' . file_tag_encode($s) . ']' );
+ $str = preg_quote( '[' . str_replace('%','%%',file_tag_encode($s)) . ']' );
else
- $str = preg_quote( '<' . file_tag_encode($s) . '>' );
+ $str = preg_quote( '<' . str_replace('%','%%',file_tag_encode($s)) . '>' );
return " AND " . (($table) ? dbesc($table) . '.' : '') . "file regexp '" . dbesc($str) . "' ";
}
diff --git a/mod/filer.php b/mod/filer.php
index 3b3a37931..3cd1bfe22 100755
--- a/mod/filer.php
+++ b/mod/filer.php
@@ -11,8 +11,8 @@ function filer_content(&$a) {
killme();
}
- $term = notags(trim($_GET['term']));
- $item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0);
+ $term = unxmlify(trim($_GET['term']));
+ $item_id = (($a->argc > 1) ? intval($a->argv[1]) : 0);
logger('filer: tag ' . $term . ' item ' . $item_id);
diff --git a/mod/filerm.php b/mod/filerm.php
index 66b684dc9..c520fec7a 100644
--- a/mod/filerm.php
+++ b/mod/filerm.php
@@ -6,8 +6,8 @@ function filerm_content(&$a) {
killme();
}
- $term = notags(trim($_GET['term']));
- $item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0);
+ $term = unxmlify(trim($_GET['term']));
+ $item_id = (($a->argc > 1) ? intval($a->argv[1]) : 0);
logger('filerm: tag ' . $term . ' item ' . $item_id);
diff --git a/mod/network.php b/mod/network.php
index 5ca0a8c7d..d27945a86 100755
--- a/mod/network.php
+++ b/mod/network.php
@@ -393,7 +393,7 @@ function network_content(&$a, $update = 0) {
);
}
if(strlen($file)) {
- $sql_extra .= file_tag_file_query('item',$file);
+ $sql_extra .= file_tag_file_query('item',unxmlify($file));
}
if($conv) {