aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Module/Item.php11
-rw-r--r--Zotlabs/Module/Vote.php6
2 files changed, 9 insertions, 8 deletions
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 8e6106e79..27fc62ee6 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -1518,8 +1518,9 @@ class Item extends Controller {
if (preg_match_all('/\[answer\](.*?)\[\/answer\]/ism', $body, $matches, PREG_SET_ORDER)) {
foreach ($matches as $match) {
- $ptr[] = ['name' => $match[1], 'type' => 'Note', 'replies' => ['type' => 'Collection', 'totalItems' => 0]];
- $body = str_replace('[answer]' . $match[1] . '[/answer]', EMPTY_STR, $body);
+ $answer = escape_tags(trim($match[1]));
+ $ptr[] = ['name' => $answer, 'type' => 'Note', 'replies' => ['type' => 'Collection', 'totalItems' => 0]];
+ $body = str_replace('[answer]' . $answer . '[/answer]', EMPTY_STR, $body);
}
}
@@ -1573,8 +1574,10 @@ class Item extends Controller {
$obj['content'] = bbcode($question);
foreach ($answers as $answer) {
- if (trim($answer))
- $ptr[] = ['name' => escape_tags($answer), 'type' => 'Note', 'replies' => ['type' => 'Collection', 'totalItems' => 0]];
+ $answer = escape_tags(trim($answer));
+ if ($answer) {
+ $ptr[] = ['name' => $answer, 'type' => 'Note', 'replies' => ['type' => 'Collection', 'totalItems' => 0]];
+ }
}
if ($multiple) {
diff --git a/Zotlabs/Module/Vote.php b/Zotlabs/Module/Vote.php
index 4f909d33d..870fd760c 100644
--- a/Zotlabs/Module/Vote.php
+++ b/Zotlabs/Module/Vote.php
@@ -45,9 +45,7 @@ class Vote extends Controller {
if ($obj['oneOf']) {
foreach($obj['oneOf'] as $selection) {
- // logger('selection: ' . $selection);
- // logger('response: ' . $response);
- if($selection['name'] && $selection['name'] === $response) {
+ if($selection['name'] && htmlspecialchars_decode($selection['name']) === $response) {
$valid = true;
}
}
@@ -56,7 +54,7 @@ class Vote extends Controller {
$choices = [];
if ($obj['anyOf']) {
foreach ($obj['anyOf'] as $selection) {
- $choices[] = $selection['name'];
+ $choices[] = htmlspecialchars_decode($selection['name']);
}
foreach ($response as $res) {
if (! in_array($res,$choices)) {