From d0dab3fcae591788f703550baaea59a576affd6a Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 20 Apr 2014 18:48:21 -0700
Subject: fix vcard truncation and escaping

---
 mod/profiles.php                  | 36 ++++++++++++++++++------------------
 view/theme/redbasic/css/style.css |  2 --
 2 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/mod/profiles.php b/mod/profiles.php
index c71ad9733..720721e92 100644
--- a/mod/profiles.php
+++ b/mod/profiles.php
@@ -198,27 +198,27 @@ function profiles_post(&$a) {
 		$dob = sprintf('%04d-%02d-%02d',$year,$month,$day);
 
 			
-		$name = notags(trim($_POST['name']));
+		$name = escape_tags(trim($_POST['name']));
 
 		if($orig[0]['name'] != $name)
 			$namechanged = true;
 
 
-		$pdesc        = notags(trim($_POST['pdesc']));
-		$gender       = notags(trim($_POST['gender']));
-		$address      = notags(trim($_POST['address']));
-		$locality     = notags(trim($_POST['locality']));
-		$region       = notags(trim($_POST['region']));
-		$postal_code  = notags(trim($_POST['postal_code']));
-		$country_name = notags(trim($_POST['country_name']));
-		$keywords     = notags(trim($_POST['keywords']));
-		$marital      = notags(trim($_POST['marital']));
-		$howlong      = notags(trim($_POST['howlong']));
-		$sexual       = notags(trim($_POST['sexual']));
-		$homepage     = notags(trim($_POST['homepage']));
-		$hometown     = notags(trim($_POST['hometown']));
-		$politic      = notags(trim($_POST['politic']));
-		$religion     = notags(trim($_POST['religion']));
+		$pdesc        = escape_tags(trim($_POST['pdesc']));
+		$gender       = escape_tags(trim($_POST['gender']));
+		$address      = escape_tags(trim($_POST['address']));
+		$locality     = escape_tags(trim($_POST['locality']));
+		$region       = escape_tags(trim($_POST['region']));
+		$postal_code  = escape_tags(trim($_POST['postal_code']));
+		$country_name = escape_tags(trim($_POST['country_name']));
+		$keywords     = escape_tags(trim($_POST['keywords']));
+		$marital      = escape_tags(trim($_POST['marital']));
+		$howlong      = escape_tags(trim($_POST['howlong']));
+		$sexual       = escape_tags(trim($_POST['sexual']));
+		$homepage     = escape_tags(trim($_POST['homepage']));
+		$hometown     = escape_tags(trim($_POST['hometown']));
+		$politic      = escape_tags(trim($_POST['politic']));
+		$religion     = escape_tags(trim($_POST['religion']));
 
 		$likes        = fix_mce_lf(escape_tags(trim($_POST['likes'])));
 		$dislikes     = fix_mce_lf(escape_tags(trim($_POST['dislikes'])));
@@ -237,7 +237,7 @@ function profiles_post(&$a) {
 
 		$hide_friends = (($_POST['hide_friends'] == 1) ? 1: 0);
 
-		$with         = ((x($_POST,'with')) ? notags(trim($_POST['with'])) : '');
+		$with         = ((x($_POST,'with')) ? escape_tags(trim($_POST['with'])) : '');
 
 		if(! strlen($howlong))
 			$howlong = '0000-00-00 00:00:00';
@@ -561,7 +561,7 @@ function profiles_content(&$a) {
 			'$age'          => ((intval($r[0]['dob'])) ? '(' . t('Age: ') . age($r[0]['dob'],$a->user['timezone'],$a->user['timezone']) . ')' : ''),
 			'$gender'       => gender_selector($r[0]['gender']),
 			'$marital'      => marital_selector($r[0]['marital']),
-			'$with'         => strip_tags($r[0]['with']),
+			'$with'         => $r[0]['with'],
 			'$howlong'      => ($r[0]['howlong'] === '0000-00-00 00:00:00' ? '' : datetime_convert('UTC',date_default_timezone_get(),$r[0]['howlong'])),
 			'$sexual'       => sexpref_selector($r[0]['sexual']),
 			'$about'        => $r[0]['about'],
diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css
index ff3cec38c..046f4de66 100644
--- a/view/theme/redbasic/css/style.css
+++ b/view/theme/redbasic/css/style.css
@@ -836,8 +836,6 @@ aside li {
 	float: left;
 	display: block;
 	width: 130px;
-	height: 18px;
-	overflow: hidden;
 }
 
 .profile-clear {
-- 
cgit v1.2.3