aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/deliver.php1
-rwxr-xr-xinclude/items.php71
-rwxr-xr-xinclude/text.php2
-rw-r--r--include/zot.php28
-rw-r--r--mod/admin.php4
-rw-r--r--mod/message.php34
-rwxr-xr-xmod/setup.php2
7 files changed, 55 insertions, 87 deletions
diff --git a/include/deliver.php b/include/deliver.php
index b1314ce39..b0d15e1ef 100644
--- a/include/deliver.php
+++ b/include/deliver.php
@@ -26,6 +26,7 @@ function deliver_run($argv, $argc) {
// If there is no outq_msg, this is a refresh_all message which does not require local handling
if($r[0]['outq_msg']) {
$msg = array('body' => json_encode(array('pickup' => array(array('notify' => json_decode($r[0]['outq_notify'],true),'message' => json_decode($r[0]['outq_msg'],true))))));
+
zot_import($msg,z_root());
$r = q("delete from outq where outq_hash = '%s' limit 1",
dbesc($argv[$x])
diff --git a/include/items.php b/include/items.php
index dd3cf7644..2cec6bc36 100755
--- a/include/items.php
+++ b/include/items.php
@@ -564,9 +564,9 @@ function title_is_body($title, $body) {
function get_item_elements($x) {
-// logger('get_item_elements');
+
$arr = array();
- $arr['body'] = (($x['body']) ? htmlentities($x['body'],ENT_COMPAT,'UTF-8',false) : '');
+ $arr['body'] = (($x['body']) ? htmlspecialchars($x['body'],ENT_COMPAT,'UTF-8',false) : '');
$arr['created'] = datetime_convert('UTC','UTC',$x['created']);
$arr['edited'] = datetime_convert('UTC','UTC',$x['edited']);
@@ -584,27 +584,27 @@ function get_item_elements($x) {
? datetime_convert('UTC','UTC',$x['commented'])
: $arr['created']);
- $arr['title'] = (($x['title']) ? htmlentities($x['title'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['title'] = (($x['title']) ? htmlspecialchars($x['title'], ENT_COMPAT,'UTF-8',false) : '');
if(mb_strlen($arr['title']) > 255)
$arr['title'] = mb_substr($arr['title'],0,255);
- $arr['app'] = (($x['app']) ? htmlentities($x['app'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['parent_mid'] = (($x['message_top']) ? htmlentities($x['message_top'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['thr_parent'] = (($x['message_parent']) ? htmlentities($x['message_parent'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['app'] = (($x['app']) ? htmlspecialchars($x['app'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['mid'] = (($x['message_id']) ? htmlspecialchars($x['message_id'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['parent_mid'] = (($x['message_top']) ? htmlspecialchars($x['message_top'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['thr_parent'] = (($x['message_parent']) ? htmlspecialchars($x['message_parent'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['plink'] = (($x['permalink']) ? htmlentities($x['permalink'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['location'] = (($x['location']) ? htmlentities($x['location'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['coord'] = (($x['longlat']) ? htmlentities($x['longlat'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['verb'] = (($x['verb']) ? htmlentities($x['verb'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['mimetype'] = (($x['mimetype']) ? htmlentities($x['mimetype'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['obj_type'] = (($x['object_type']) ? htmlentities($x['object_type'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['tgt_type'] = (($x['target_type']) ? htmlentities($x['target_type'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['comment_policy'] = (($x['comment_scope']) ? htmlentities($x['comment_scope'], ENT_COMPAT,'UTF-8',false) : 'contacts');
+ $arr['plink'] = (($x['permalink']) ? htmlspecialchars($x['permalink'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['location'] = (($x['location']) ? htmlspecialchars($x['location'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['coord'] = (($x['longlat']) ? htmlspecialchars($x['longlat'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['verb'] = (($x['verb']) ? htmlspecialchars($x['verb'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['mimetype'] = (($x['mimetype']) ? htmlspecialchars($x['mimetype'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['obj_type'] = (($x['object_type']) ? htmlspecialchars($x['object_type'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['tgt_type'] = (($x['target_type']) ? htmlspecialchars($x['target_type'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['comment_policy'] = (($x['comment_scope']) ? htmlspecialchars($x['comment_scope'], ENT_COMPAT,'UTF-8',false) : 'contacts');
- $arr['sig'] = (($x['signature']) ? htmlentities($x['signature'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['sig'] = (($x['signature']) ? htmlspecialchars($x['signature'], ENT_COMPAT,'UTF-8',false) : '');
$arr['object'] = activity_sanitise($x['object']);
@@ -667,7 +667,6 @@ function get_item_elements($x) {
$arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key));
}
-
return $arr;
}
@@ -832,8 +831,8 @@ function decode_tags($t) {
$ret = array();
foreach($t as $x) {
$tag = array();
- $tag['term'] = htmlentities($x['tag'], ENT_COMPAT,'UTF-8',false);
- $tag['url'] = htmlentities($x['url'], ENT_COMPAT,'UTF-8',false);
+ $tag['term'] = htmlspecialchars($x['tag'], ENT_COMPAT,'UTF-8',false);
+ $tag['url'] = htmlspecialchars($x['url'], ENT_COMPAT,'UTF-8',false);
switch($x['type']) {
case 'hashtag':
$tag['type'] = TERM_HASHTAG;
@@ -876,12 +875,12 @@ function activity_sanitise($arr) {
if(is_array($x))
$ret[$k] = activity_sanitise($x);
else
- $ret[$k] = htmlentities($x, ENT_COMPAT,'UTF-8',false);
+ $ret[$k] = htmlspecialchars($x, ENT_COMPAT,'UTF-8',false);
}
return $ret;
}
else {
- return htmlentities($arr, ENT_COMPAT,'UTF-8', false);
+ return htmlspecialchars($arr, ENT_COMPAT,'UTF-8', false);
}
}
return '';
@@ -893,7 +892,7 @@ function array_sanitise($arr) {
if($arr) {
$ret = array();
foreach($arr as $x) {
- $ret[] = htmlentities($x, ENT_COMPAT,'UTF-8',false);
+ $ret[] = htmlspecialchars($x, ENT_COMPAT,'UTF-8',false);
}
return $ret;
}
@@ -958,8 +957,8 @@ function get_mail_elements($x) {
$arr = array();
- $arr['body'] = (($x['body']) ? htmlentities($x['body'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['title'] = (($x['title'])? htmlentities($x['title'],ENT_COMPAT,'UTF-8',false) : '');
+ $arr['body'] = (($x['body']) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['title'] = (($x['title'])? htmlspecialchars($x['title'],ENT_COMPAT,'UTF-8',false) : '');
$arr['created'] = datetime_convert('UTC','UTC',$x['created']);
if((! array_key_exists('expires',$x)) || ($x['expires'] === '0000-00-00 00:00:00'))
@@ -977,18 +976,18 @@ function get_mail_elements($x) {
$key = get_config('system','pubkey');
$arr['mail_flags'] |= MAIL_OBSCURED;
- $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false);
+ $arr['body'] = htmlspecialchars($arr['body'],ENT_COMPAT,'UTF-8',false);
if($arr['body'])
$arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key));
- $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false);
+ $arr['title'] = htmlspecialchars($arr['title'],ENT_COMPAT,'UTF-8',false);
if($arr['title'])
$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
if($arr['created'] > datetime_convert())
$arr['created'] = datetime_convert();
- $arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['parent_mid'] = (($x['message_parent']) ? htmlentities($x['message_parent'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['mid'] = (($x['message_id']) ? htmlspecialchars($x['message_id'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['parent_mid'] = (($x['message_parent']) ? htmlspecialchars($x['message_parent'], ENT_COMPAT,'UTF-8',false) : '');
if($x['attach'])
$arr['attach'] = activity_sanitise($x['attach']);
@@ -1017,18 +1016,18 @@ function get_profile_elements($x) {
else
return array();
- $arr['desc'] = (($x['title']) ? htmlentities($x['title'],ENT_COMPAT,'UTF-8',false) : '');
+ $arr['desc'] = (($x['title']) ? htmlspecialchars($x['title'],ENT_COMPAT,'UTF-8',false) : '');
$arr['dob'] = datetime_convert('UTC','UTC',$x['birthday'],'Y-m-d');
$arr['age'] = (($x['age']) ? intval($x['age']) : 0);
- $arr['gender'] = (($x['gender']) ? htmlentities($x['gender'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['marital'] = (($x['marital']) ? htmlentities($x['marital'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['sexual'] = (($x['sexual']) ? htmlentities($x['sexual'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['locale'] = (($x['locale']) ? htmlentities($x['locale'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['region'] = (($x['region']) ? htmlentities($x['region'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['postcode'] = (($x['postcode']) ? htmlentities($x['postcode'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['country'] = (($x['country']) ? htmlentities($x['country'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['gender'] = (($x['gender']) ? htmlspecialchars($x['gender'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['marital'] = (($x['marital']) ? htmlspecialchars($x['marital'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['sexual'] = (($x['sexual']) ? htmlspecialchars($x['sexual'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['locale'] = (($x['locale']) ? htmlspecialchars($x['locale'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['region'] = (($x['region']) ? htmlspecialchars($x['region'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['postcode'] = (($x['postcode']) ? htmlspecialchars($x['postcode'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['country'] = (($x['country']) ? htmlspecialchars($x['country'], ENT_COMPAT,'UTF-8',false) : '');
$arr['keywords'] = (($x['keywords'] && is_array($x['keywords'])) ? array_sanitise($x['keywords']) : array());
diff --git a/include/text.php b/include/text.php
index aa23f96b0..042a972d1 100755
--- a/include/text.php
+++ b/include/text.php
@@ -1065,7 +1065,7 @@ function theme_attachments(&$item) {
break;
}
- $title = htmlentities($r['title'], ENT_COMPAT,'UTF-8');
+ $title = htmlspecialchars($r['title'], ENT_COMPAT,'UTF-8');
if(! $title)
$title = t('unknown.???');
$title .= ' ' . $r['length'] . ' ' . t('bytes');
diff --git a/include/zot.php b/include/zot.php
index 77d82f110..b0d87cea9 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1633,22 +1633,22 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = 1, $suppress_
$arr = array();
$arr['xprof_hash'] = $hash;
- $arr['xprof_desc'] = (($profile['description']) ? htmlentities($profile['description'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_desc'] = (($profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : '');
$arr['xprof_dob'] = datetime_convert('','',$profile['birthday'],'Y-m-d'); // !!!! check this for 0000 year
$arr['xprof_age'] = (($profile['age']) ? intval($profile['age']) : 0);
- $arr['xprof_gender'] = (($profile['gender']) ? htmlentities($profile['gender'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['xprof_marital'] = (($profile['marital']) ? htmlentities($profile['marital'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['xprof_sexual'] = (($profile['sexual']) ? htmlentities($profile['sexual'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['xprof_locale'] = (($profile['locale']) ? htmlentities($profile['locale'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['xprof_region'] = (($profile['region']) ? htmlentities($profile['region'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['xprof_postcode'] = (($profile['postcode']) ? htmlentities($profile['postcode'], ENT_COMPAT,'UTF-8',false) : '');
- $arr['xprof_country'] = (($profile['country']) ? htmlentities($profile['country'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_gender'] = (($profile['gender']) ? htmlspecialchars($profile['gender'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_marital'] = (($profile['marital']) ? htmlspecialchars($profile['marital'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_sexual'] = (($profile['sexual']) ? htmlspecialchars($profile['sexual'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_locale'] = (($profile['locale']) ? htmlspecialchars($profile['locale'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_region'] = (($profile['region']) ? htmlspecialchars($profile['region'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_postcode'] = (($profile['postcode']) ? htmlspecialchars($profile['postcode'], ENT_COMPAT,'UTF-8',false) : '');
+ $arr['xprof_country'] = (($profile['country']) ? htmlspecialchars($profile['country'], ENT_COMPAT,'UTF-8',false) : '');
$clean = array();
if(array_key_exists('keywords',$profile) and is_array($profile['keywords'])) {
import_directory_keywords($hash,$profile['keywords']);
foreach($profile['keywords'] as $kw) {
- $kw = trim(htmlentities($kw,ENT_COMPAT,'UTF-8',false));
+ $kw = trim(htmlspecialchars($kw,ENT_COMPAT,'UTF-8',false));
$kw = trim($kw,',');
$clean[] = $kw;
}
@@ -1750,7 +1750,7 @@ function import_directory_keywords($hash,$keywords) {
$clean = array();
foreach($keywords as $kw) {
- $kw = trim(htmlentities($kw,ENT_COMPAT,'UTF-8',false));
+ $kw = trim(htmlspecialchars($kw,ENT_COMPAT,'UTF-8',false));
$kw = trim($kw,',');
$clean[] = $kw;
}
@@ -1849,10 +1849,10 @@ function import_site($arr,$pubkey) {
$access_policy = ACCESS_TIERED;
}
- $directory_url = htmlentities($arr['directory_url'],ENT_COMPAT,'UTF-8',false);
- $url = htmlentities($arr['url'],ENT_COMPAT,'UTF-8',false);
- $sellpage = htmlentities($arr['sellpage'],ENT_COMPAT,'UTF-8',false);
- $site_location = htmlentities($arr['location'],ENT_COMPAT,'UTF-8',false);
+ $directory_url = htmlspecialchars($arr['directory_url'],ENT_COMPAT,'UTF-8',false);
+ $url = htmlspecialchars($arr['url'],ENT_COMPAT,'UTF-8',false);
+ $sellpage = htmlspecialchars($arr['sellpage'],ENT_COMPAT,'UTF-8',false);
+ $site_location = htmlspecialchars($arr['location'],ENT_COMPAT,'UTF-8',false);
if($exists) {
if(($siterecord['site_flags'] != $site_directory)
diff --git a/mod/admin.php b/mod/admin.php
index 9a6aea35a..91dd0b56e 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -425,7 +425,7 @@ function admin_page_site(&$a) {
'$baseurl' => $a->get_baseurl(true),
// name, label, value, help string, extra data...
- '$sitename' => array('sitename', t("Site name"), htmlentities(get_config('system','sitename'), ENT_QUOTES), ""),
+ '$sitename' => array('sitename', t("Site name"), htmlspecialchars(get_config('system','sitename'), ENT_QUOTES, 'UTF-8'),''),
'$banner' => array('banner', t("Banner/Logo"), $banner, ""),
'$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices),
'$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - <a href='#' id='cnftheme'>change theme settings</a>"), $theme_choices),
@@ -436,7 +436,7 @@ function admin_page_site(&$a) {
'$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
'$register_policy' => array('register_policy', t("Register policy"), get_config('system','register_policy'), "", $register_choices),
'$access_policy' => array('access_policy', t("Access policy"), get_config('system','access_policy'), "", $access_choices),
- '$register_text' => array('register_text', t("Register text"), htmlentities(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")),
+ '$register_text' => array('register_text', t("Register text"), htmlspecialchars(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")),
'$abandon_days' => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')),
'$allowed_sites' => array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")),
'$allowed_email' => array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")),
diff --git a/mod/message.php b/mod/message.php
index a0382f63d..bee3b68f3 100644
--- a/mod/message.php
+++ b/mod/message.php
@@ -425,39 +425,7 @@ function message_content(&$a) {
foreach($messages as $message) {
- $s = $arr = '';
-
- if($message['attach'])
- $arr = json_decode_plus($message['attach']);
- if($arr) {
- $s .= '<div class="body-attach">';
- foreach($arr as $r) {
- $matches = false;
- $icon = '';
- $icontype = substr($r['type'],0,strpos($r['type'],'/'));
-
- switch($icontype) {
- case 'video':
- case 'audio':
- case 'image':
- case 'text':
- $icon = '<div class="attachtype icon s22 type-' . $icontype . '"></div>';
- break;
- default:
- $icon = '<div class="attachtype icon s22 type-unkn"></div>';
- break;
- }
-
- $title = htmlentities($r['title'], ENT_COMPAT,'UTF-8');
- if(! $title)
- $title = t('unknown.???');
- $title .= ' ' . $r['length'] . ' ' . t('bytes');
-
- $url = $a->get_baseurl() . '/magic?f=&hash=' . $message['from_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision'];
- $s .= '<a href="' . $url . '" title="' . $title . '" class="attachlink" >' . $icon . '</a>';
- }
- $s .= '<div class="clear"></div></div>';
- }
+ $s = theme_attachments($message);
$mails[] = array(
'id' => $message['id'],
diff --git a/mod/setup.php b/mod/setup.php
index 429be43af..0198f1f09 100755
--- a/mod/setup.php
+++ b/mod/setup.php
@@ -543,7 +543,7 @@ function check_htaccess(&$checks) {
function manual_config(&$a) {
- $data = htmlentities($a->data['txt']);
+ $data = htmlspecialchars($a->data['txt'],ENT_COMPAT,'UTF-8');
$o = t('The database configuration file ".htconfig.php" could not be written. Please use the enclosed text to create a configuration file in your web server root.');
$o .= "<textarea rows=\"24\" cols=\"80\" >$data</textarea>";
return $o;