diff options
-rw-r--r-- | Zotlabs/Module/Item.php | 11 | ||||
-rw-r--r-- | Zotlabs/Module/Vote.php | 6 |
2 files changed, 9 insertions, 8 deletions
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 8e6106e79..27fc62ee6 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -1518,8 +1518,9 @@ class Item extends Controller { if (preg_match_all('/\[answer\](.*?)\[\/answer\]/ism', $body, $matches, PREG_SET_ORDER)) { foreach ($matches as $match) { - $ptr[] = ['name' => $match[1], 'type' => 'Note', 'replies' => ['type' => 'Collection', 'totalItems' => 0]]; - $body = str_replace('[answer]' . $match[1] . '[/answer]', EMPTY_STR, $body); + $answer = escape_tags(trim($match[1])); + $ptr[] = ['name' => $answer, 'type' => 'Note', 'replies' => ['type' => 'Collection', 'totalItems' => 0]]; + $body = str_replace('[answer]' . $answer . '[/answer]', EMPTY_STR, $body); } } @@ -1573,8 +1574,10 @@ class Item extends Controller { $obj['content'] = bbcode($question); foreach ($answers as $answer) { - if (trim($answer)) - $ptr[] = ['name' => escape_tags($answer), 'type' => 'Note', 'replies' => ['type' => 'Collection', 'totalItems' => 0]]; + $answer = escape_tags(trim($answer)); + if ($answer) { + $ptr[] = ['name' => $answer, 'type' => 'Note', 'replies' => ['type' => 'Collection', 'totalItems' => 0]]; + } } if ($multiple) { diff --git a/Zotlabs/Module/Vote.php b/Zotlabs/Module/Vote.php index 4f909d33d..870fd760c 100644 --- a/Zotlabs/Module/Vote.php +++ b/Zotlabs/Module/Vote.php @@ -45,9 +45,7 @@ class Vote extends Controller { if ($obj['oneOf']) { foreach($obj['oneOf'] as $selection) { - // logger('selection: ' . $selection); - // logger('response: ' . $response); - if($selection['name'] && $selection['name'] === $response) { + if($selection['name'] && htmlspecialchars_decode($selection['name']) === $response) { $valid = true; } } @@ -56,7 +54,7 @@ class Vote extends Controller { $choices = []; if ($obj['anyOf']) { foreach ($obj['anyOf'] as $selection) { - $choices[] = $selection['name']; + $choices[] = htmlspecialchars_decode($selection['name']); } foreach ($response as $res) { if (! in_array($res,$choices)) { |