From 303324cdff3f7c8bc83fae89256a2133939944b2 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 12 Dec 2013 02:15:02 -0800 Subject: more htmlspecialchars sanitisation --- include/conversation.php | 4 ++-- include/network.php | 2 +- include/taxonomy.php | 4 ++-- include/widgets.php | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/conversation.php b/include/conversation.php index f5fc9da93..29fb8a163 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1108,7 +1108,7 @@ function status_editor($a,$x,$popup=false) { '$shortsetloc' => t('set location'), '$noloc' => t('Clear browser location'), '$shortnoloc' => t('clear location'), - '$title' => ((x($x,'title')) ? htmlspecialchars($x['title']) : ''), + '$title' => ((x($x,'title')) ? htmlspecialchars($x['title'], ENT_COMPAT,'UTF-8') : ''), '$placeholdertitle' => t('Set title'), '$catsenabled' => ((feature_enabled($x['profile_uid'],'categories') && (! $webpage)) ? 'categories' : ''), '$category' => "", @@ -1117,7 +1117,7 @@ function status_editor($a,$x,$popup=false) { '$permset' => t('Permission settings'), '$shortpermset' => t('permissions'), '$ptyp' => (($notes_cid) ? 'note' : 'wall'), - '$content' => ((x($x,'body')) ? htmlspecialchars($x['body']) : ''), + '$content' => ((x($x,'body')) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8') : ''), '$post_id' => '', '$baseurl' => $a->get_baseurl(true), '$defloc' => $x['default_location'], diff --git a/include/network.php b/include/network.php index 50f853ca0..225b215fe 100644 --- a/include/network.php +++ b/include/network.php @@ -582,7 +582,7 @@ function scale_external_images($s, $include_link = true, $scale_replace = false) $a = get_app(); // Picture addresses can contain special characters - $s = htmlspecialchars_decode($s); + $s = htmlspecialchars_decode($s, ENT_COMPAT,'UTF-8'); $matches = null; $c = preg_match_all('/\[img(.*?)\](.*?)\[\/img\]/ism',$s,$matches,PREG_SET_ORDER); diff --git a/include/taxonomy.php b/include/taxonomy.php index 5159dad02..65d082bb0 100644 --- a/include/taxonomy.php +++ b/include/taxonomy.php @@ -87,9 +87,9 @@ function format_term_for_display($term) { return $s; if($term['url']) - $s .= '' . htmlspecialchars($term['term']) . ''; + $s .= '' . htmlspecialchars($term['term'], ENT_COMPAT,'UTF-8') . ''; else - $s .= htmlspecialchars($term['term']); + $s .= htmlspecialchars($term['term'], ENT_COMPAT,'UTF-8'); return $s; } diff --git a/include/widgets.php b/include/widgets.php index 495ce74aa..f53998b23 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -219,7 +219,7 @@ function widget_savedsearch($arr) { 'term' => $rr['term'], 'dellink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&searchremove=1&search=' . urlencode($rr['term']), 'srchlink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&search=' . urlencode($rr['term']), - 'displayterm' => htmlspecialchars($rr['term']), + 'displayterm' => htmlspecialchars($rr['term'], ENT_COMPAT,'UTF-8'), 'encodedterm' => urlencode($rr['term']), 'delete' => t('Remove term'), 'selected' => ($search==$rr['term']), @@ -317,7 +317,7 @@ function widget_fullprofile($arr) { function widget_categories($arr) { $a = get_app(); - $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat']) : ''); + $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : ''); $srchurl = $a->query_string; $srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&'); $srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl); -- cgit v1.2.3