aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Lib/Activity.php10
-rw-r--r--Zotlabs/Module/Item.php5
-rw-r--r--include/text.php7
3 files changed, 14 insertions, 8 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
index ab96423d7..4db116b5e 100644
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
@@ -517,7 +517,7 @@ class Activity {
}
if ($i['title'])
- $ret['name'] = $i['title'];
+ $ret['name'] = unescape_tags($i['title']);
$ret['published'] = datetime_convert('UTC', 'UTC', $i['created'], ATOM_TIME);
if ($i['created'] !== $i['edited'])
@@ -564,11 +564,11 @@ class Activity {
if ($i['mimetype'] === 'text/bbcode') {
if ($i['title'])
- $ret['name'] = bbcode($i['title'], ['cache' => true]);
+ $ret['name'] = unescape_tags($i['title']);
if ($i['summary'])
- $ret['summary'] = bbcode($i['summary'], ['cache' => true]);
- $ret['content'] = bbcode($i['body'], ['cache' => true]);
- $ret['source'] = ['content' => $i['body'], 'mediaType' => 'text/bbcode'];
+ $ret['summary'] = unescape_tags($i['summary']);
+ $ret['content'] = bbcode(unescape_tags($i['body']), ['cache' => true]);
+ $ret['source'] = ['content' => unescape_tags($i['body']), 'mediaType' => 'text/bbcode'];
}
$actor = self::encode_person($i['author'], false);
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 09e4904c1..574dffc69 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -679,7 +679,7 @@ class Item extends Controller {
$verb = $orig_post['verb'];
$app = $orig_post['app'];
$title = escape_tags(trim($_REQUEST['title']));
- $summary = trim($_REQUEST['summary']);
+ $summary = escape_tags(trim($_REQUEST['summary']));
$body = trim($_REQUEST['body']);
$item_flags = $orig_post['item_flags'];
$item_origin = $orig_post['item_origin'];
@@ -740,7 +740,7 @@ class Item extends Controller {
$coord = ((isset($_REQUEST['coord'])) ? notags(trim($_REQUEST['coord'])) : '');
$verb = ((isset($_REQUEST['verb'])) ? notags(trim($_REQUEST['verb'])) : '');
$title = ((isset($_REQUEST['title'])) ? escape_tags(trim($_REQUEST['title'])) : '');
- $summary = ((isset($_REQUEST['summary'])) ? trim($_REQUEST['summary']) : '');
+ $summary = ((isset($_REQUEST['summary'])) ? escape_tags(trim($_REQUEST['summary'])) : '');
$body = ((isset($_REQUEST['body'])) ? trim($_REQUEST['body']) : '');
$body .= ((isset($_REQUEST['attachment'])) ? trim($_REQUEST['attachment']) : '');
$postopts = '';
@@ -793,7 +793,6 @@ class Item extends Controller {
&& ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
if ($preview) {
- $summary = z_input_filter($summary, $mimetype, $execflag);
$body = z_input_filter($body, $mimetype, $execflag);
}
diff --git a/include/text.php b/include/text.php
index 9d276642a..052c26594 100644
--- a/include/text.php
+++ b/include/text.php
@@ -114,6 +114,13 @@ function escape_tags($string) {
return (htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false));
}
+function unescape_tags($string) {
+ if (!$string) {
+ return EMPTY_STR;
+ }
+ return (htmlspecialchars_decode($string, ENT_COMPAT));
+}
+
/**
* Escape URL's so they're safe for use in HTML and in HTML element attributes.
*/