From 31ce6a3876fc0a3c37be1474a627ec0cea0e3622 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 7 Jan 2013 13:58:25 -0800
Subject: input cleansing

---
 include/items.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/include/items.php b/include/items.php
index de441c6b7..66450b6fa 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1203,8 +1203,6 @@ function encode_rel_links($links) {
 	return xmlify($o);
 }
 
-
-
 function item_store($arr,$force_parent = false) {
 
 	if(! $arr['uid']) {
@@ -1231,6 +1229,16 @@ function item_store($arr,$force_parent = false) {
 	if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) 
 		$arr['body'] = escape_tags($arr['body']);
 
+	if((x($arr,'object')) && is_array($arr['object'])) {
+		activity_sanitise($arr['object']);
+		$arr['object'] = json_encode($arr['object']);
+	}
+
+	if((x($arr,'target')) && is_array($arr['target'])) {
+		activity_sanitise($arr['target']);
+		$arr['target'] = json_encode($arr['target']);
+	}
+
 	$arr['aid']           = ((x($arr,'aid'))           ? intval($arr['aid'])                 : 0);
 	$arr['uri']           = ((x($arr,'uri'))           ? notags(trim($arr['uri']))           : random_string());
 	$arr['author_xchan']  = ((x($arr,'author_xchan'))  ? notags(trim($arr['author_xchan']))  : '');
-- 
cgit v1.2.3