From 302f49baf2acc23e6ea5da9778eeb18ad97c444c Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 8 Nov 2018 10:12:33 +0100 Subject: provide a function to log to syslog --- include/text.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'include') diff --git a/include/text.php b/include/text.php index 15cc0ca8a..076c98407 100644 --- a/include/text.php +++ b/include/text.php @@ -633,6 +633,19 @@ function attribute_contains($attr, $s) { return false; } +/** + * @brief Log to syslog + * + * @param string $msg Message to log + * @param int $priority - compatible with syslog + */ +function hz_syslog($msg, $priority = LOG_INFO) { + openlog("hz-log", LOG_PID | LOG_PERROR, LOG_LOCAL0); + syslog($priority, $msg); + closelog(); +} + + /** * @brief Logging function for Hubzilla. * -- cgit v1.2.3 From 17cf824545a4e059183f0a43af9692a90100c55a Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Thu, 8 Nov 2018 18:00:18 +0100 Subject: Return image modification date using HTTP 'Last-Modified' and '304 Not Modified' on remote fetch for caching --- include/photo/photo_driver.php | 274 ++++++++++++++++++++++++----------------- 1 file changed, 159 insertions(+), 115 deletions(-) (limited to 'include') diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 2e2f5a758..911b97ade 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -570,122 +570,166 @@ function delete_thing_photo($url,$ob_hash) { -function import_xchan_photo($photo,$xchan,$thing = false) { - - $flags = (($thing) ? PHOTO_THING : PHOTO_XCHAN); - $album = (($thing) ? 'Things' : 'Contact Photos'); - - logger('import_xchan_photo: updating channel photo from ' . $photo . ' for ' . $xchan, LOGGER_DEBUG); - - if($thing) - $hash = photo_new_resource(); - else { - $r = q("select resource_id from photo where xchan = '%s' and photo_usage = %d and imgscale = 4 limit 1", - dbesc($xchan), - intval(PHOTO_XCHAN) - ); - if($r) { - $hash = $r[0]['resource_id']; - } - else { - $hash = photo_new_resource(); - } - } - - $photo_failure = false; - $img_str = ''; - - if($photo) { - $filename = basename($photo); - - $result = z_fetch_url($photo,true); - - if($result['success']) { - $img_str = $result['body']; - $type = guess_image_type($photo, $result['header']); - - $h = explode("\n",$result['header']); - if($h) { - foreach($h as $hl) { - if(stristr($hl,'content-type:')) { - if(! stristr($hl,'image/')) { - $photo_failure = true; - } - } - } - } - } - } - else { - $photo_failure = true; - } - - if(! $photo_failure) { - $img = photo_factory($img_str, $type); - if($img->is_valid()) { - $width = $img->getWidth(); - $height = $img->getHeight(); - - if($width && $height) { - if(($width / $height) > 1.2) { - // crop out the sides - $margin = $width - $height; - $img->cropImage(300,($margin / 2),0,$height,$height); - } - elseif(($height / $width) > 1.2) { - // crop out the bottom - $margin = $height - $width; - $img->cropImage(300,0,0,$width,$width); - - } - else { - $img->scaleImageSquare(300); - } - - } - else - $photo_failure = true; - - $p = array('xchan' => $xchan,'resource_id' => $hash, 'filename' => basename($photo), 'album' => $album, 'photo_usage' => $flags, 'imgscale' => 4); - - $r = $img->save($p); - - if($r === false) - $photo_failure = true; - - $img->scaleImage(80); - $p['imgscale'] = 5; - - $r = $img->save($p); - - if($r === false) - $photo_failure = true; - - $img->scaleImage(48); - $p['imgscale'] = 6; - - $r = $img->save($p); - - if($r === false) - $photo_failure = true; - - $photo = z_root() . '/photo/' . $hash . '-4'; - $thumb = z_root() . '/photo/' . $hash . '-5'; - $micro = z_root() . '/photo/' . $hash . '-6'; - } - else { - logger('import_xchan_photo: invalid image from ' . $photo); - $photo_failure = true; - } - } - if($photo_failure) { - $photo = z_root() . '/' . get_default_profile_photo(); - $thumb = z_root() . '/' . get_default_profile_photo(80); - $micro = z_root() . '/' . get_default_profile_photo(48); - $type = 'image/png'; - } +/** + * @brief fetches an photo from external site and prepares its miniatures. + * + * @param string $photo + * external URL to fetch base image + * @param string $xchan + * channel unique hash + * @param boolean $thing + * TRUE if this is a thing URL + * @param boolean $force + * TRUE if ignore image modification date check (force fetch) + * + * @return array of results + * * \e string \b 0 => local URL to full image + * * \e string \b 1 => local URL to standard thumbnail + * * \e string \b 2 => local URL to micro thumbnail + * * \e string \b 3 => image type + * * \e boolean \b 4 => TRUE if fetch failure + * * \e string \b 5 => modification date + */ - return(array($photo,$thumb,$micro,$type,$photo_failure)); +function import_xchan_photo($photo,$xchan,$thing = false,$force = false) { + + $modified = ''; + + $flags = (($thing) ? PHOTO_THING : PHOTO_XCHAN); + $album = (($thing) ? 'Things' : 'Contact Photos'); + + logger('import_xchan_photo: updating channel photo from ' . $photo . ' for ' . $xchan, LOGGER_DEBUG); + + if($thing) { + $hash = photo_new_resource(); + } + else { + $r = q("select resource_id, edited, mimetype from photo where xchan = '%s' and photo_usage = %d and imgscale = 4 limit 1", + dbesc($xchan), + intval(PHOTO_XCHAN) + ); + if($r) { + $hash = $r[0]['resource_id']; + $modified = $r[0]['edited']; + $type = $r[0]['mimetype']; + } + else { + $hash = photo_new_resource(); + } + } + + $photo_failure = false; + $img_str = ''; + + if($photo) { + $filename = basename($photo); + + if($force || $modified == '') { + $result = z_fetch_url($photo,true); + } + else { + $h = array('headers' => array("If-Modified-Since: " . gmdate("D, d M Y H:i:s", strtotime($modified . "Z")) . " GMT")); + $result = z_fetch_url($photo,true,0,$h); + } + + if($result['success']) { + $img_str = $result['body']; + $type = guess_image_type($photo, $result['header']); + $modified = gmdate('Y-m-d H:i:s', (preg_match('/last-modified: (.+) \S+/i', $result['header'], $o) ? strtotime($o[1] . 'Z') : time())); + + $h = explode("\n",$result['header']); + if($h) { + foreach($h as $hl) { + if(stristr($hl,'content-type:')) { + if(! stristr($hl,'image/')) { + $photo_failure = true; + } + } + } + } + } + elseif($result['return_code'] = 304) { + $photo = z_root() . '/photo/' . $hash . '-4'; + $thumb = z_root() . '/photo/' . $hash . '-5'; + $micro = z_root() . '/photo/' . $hash . '-6'; + } + else { + $photo_failure = true; + } + + } + else { + $photo_failure = true; + } + + if(! $photo_failure && $result['return_code'] != 304) { + $img = photo_factory($img_str, $type); + if($img->is_valid()) { + $width = $img->getWidth(); + $height = $img->getHeight(); + + if($width && $height) { + if(($width / $height) > 1.2) { + // crop out the sides + $margin = $width - $height; + $img->cropImage(300,($margin / 2),0,$height,$height); + } + elseif(($height / $width) > 1.2) { + // crop out the bottom + $margin = $height - $width; + $img->cropImage(300,0,0,$width,$width); + + } + else { + $img->scaleImageSquare(300); + } + + } + else + $photo_failure = true; + + $p = array('xchan' => $xchan,'resource_id' => $hash, 'filename' => basename($photo), 'album' => $album, 'photo_usage' => $flags, 'imgscale' => 4); + + $r = $img->save($p); + + if($r === false) + $photo_failure = true; + + $img->scaleImage(80); + $p['imgscale'] = 5; + + $r = $img->save($p); + + if($r === false) + $photo_failure = true; + + $img->scaleImage(48); + $p['imgscale'] = 6; + + $r = $img->save($p); + + if($r === false) + $photo_failure = true; + + $photo = z_root() . '/photo/' . $hash . '-4'; + $thumb = z_root() . '/photo/' . $hash . '-5'; + $micro = z_root() . '/photo/' . $hash . '-6'; + } + else { + logger('import_xchan_photo: invalid image from ' . $photo); + $photo_failure = true; + } + } + if($photo_failure) { + $default = get_default_profile_photo(); + $photo = z_root() . '/' . $default; + $thumb = z_root() . '/' . get_default_profile_photo(80); + $micro = z_root() . '/' . get_default_profile_photo(48); + $type = 'image/png'; + $modified = gmdate('Y-m-d H:i:s', filemtime($default)); + } + + return(array($photo,$thumb,$micro,$type,$photo_failure,$modified)); } -- cgit v1.2.3 From 098ec1abb46c70774a6c239f59c77df4b6437335 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Thu, 8 Nov 2018 22:43:17 +0100 Subject: remove image type double guess by checking HTTP headers --- include/photo/photo_driver.php | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) (limited to 'include') diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 911b97ade..12465c794 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -485,11 +485,11 @@ function guess_image_type($filename, $headers = '') { $h = explode("\n",$headers); foreach ($h as $l) { list($k,$v) = array_map("trim", explode(":", trim($l), 2)); - $hdrs[$k] = $v; + $hdrs[strtolower($k)] = $v; } logger('Curl headers: '.var_export($hdrs, true), LOGGER_DEBUG); - if (array_key_exists('Content-Type', $hdrs)) - $type = $hdrs['Content-Type']; + if (array_key_exists('content-type', $hdrs)) + $type = $hdrs['content-type']; } if (is_null($type)){ @@ -637,16 +637,8 @@ function import_xchan_photo($photo,$xchan,$thing = false,$force = false) { $type = guess_image_type($photo, $result['header']); $modified = gmdate('Y-m-d H:i:s', (preg_match('/last-modified: (.+) \S+/i', $result['header'], $o) ? strtotime($o[1] . 'Z') : time())); - $h = explode("\n",$result['header']); - if($h) { - foreach($h as $hl) { - if(stristr($hl,'content-type:')) { - if(! stristr($hl,'image/')) { - $photo_failure = true; - } - } - } - } + if(is_null($type)) + $photo_failure = true; } elseif($result['return_code'] = 304) { $photo = z_root() . '/photo/' . $hash . '-4'; @@ -744,16 +736,8 @@ function import_channel_photo_from_url($photo,$aid,$uid) { $img_str = $result['body']; $type = guess_image_type($photo, $result['header']); - $h = explode("\n",$result['header']); - if($h) { - foreach($h as $hl) { - if(stristr($hl,'content-type:')) { - if(! stristr($hl,'image/')) { - $photo_failure = true; - } - } - } - } + if(is_null($type)) + $photo_failure = true; } } else { -- cgit v1.2.3 From 2c4bd9a3fe958ee2e4695f3971bf3bf3ccf6cddb Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Fri, 9 Nov 2018 10:03:58 +0100 Subject: Workaround for local resource path to photo from Diaspora --- include/network.php | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/network.php b/include/network.php index d37da05f7..baa8ec40d 100644 --- a/include/network.php +++ b/include/network.php @@ -1963,6 +1963,7 @@ function scrape_vcard($url) { } } + $ret['photo'] = (filter_var($ret['photo'], FILTER_VALIDATE_URL) ? $ret['photo'] : substr($ret['url'], 0, -1) . $ret['photo']); return $ret; } -- cgit v1.2.3 From 108a892a11d737a80c1736defd1b40ba81449812 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Fri, 9 Nov 2018 05:31:55 -0500 Subject: Remove DNS check for database connection during installation. Causes friction with Docker deployment. --- include/dba/dba_driver.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'include') diff --git a/include/dba/dba_driver.php b/include/dba/dba_driver.php index 9533acc7f..ee0e06a91 100755 --- a/include/dba/dba_driver.php +++ b/include/dba/dba_driver.php @@ -173,14 +173,14 @@ abstract class dba_driver { return false; } - if(strlen($server) && ($server !== 'localhost') && ($server !== '127.0.0.1') && (! strpbrk($server,':;'))) { - if(! z_dns_check($server)) { - $this->error = sprintf( t('Cannot locate DNS info for database server \'%s\''), $server); - $this->connected = false; - $this->db = null; - return false; - } - } + // if(strlen($server) && ($server !== 'localhost') && ($server !== '127.0.0.1') && (! strpbrk($server,':;'))) { + // if(! z_dns_check($server)) { + // $this->error = sprintf( t('Cannot locate DNS info for database server \'%s\''), $server); + // $this->connected = false; + // $this->db = null; + // return false; + // } + // } return true; } @@ -468,7 +468,7 @@ function db_columns($table) { if(ACTIVE_DBTYPE === DBTYPE_POSTGRES) { $r = q("SELECT column_name as field FROM information_schema.columns WHERE table_schema = 'public' AND table_name = '%s'", dbesc($table) - ); + ); if($r) { return ids_to_array($r,'field'); } -- cgit v1.2.3 From 32873ce70d7ee22fd95afa66f2c70637aaeef642 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Fri, 9 Nov 2018 22:20:41 +0100 Subject: Preserve received image modification date on caching --- include/photo/photo_driver.php | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) (limited to 'include') diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 12465c794..a4866bb60 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -350,8 +350,7 @@ abstract class photo_driver { $p['allow_gid'] = (($arr['allow_gid']) ? $arr['allow_gid'] : ''); $p['deny_cid'] = (($arr['deny_cid']) ? $arr['deny_cid'] : ''); $p['deny_gid'] = (($arr['deny_gid']) ? $arr['deny_gid'] : ''); - $p['created'] = (($arr['created']) ? $arr['created'] : datetime_convert()); - $p['edited'] = (($arr['edited']) ? $arr['edited'] : $p['created']); + $p['edited'] = (($arr['edited']) ? $arr['edited'] : datetime_convert()); $p['title'] = (($arr['title']) ? $arr['title'] : ''); $p['description'] = (($arr['description']) ? $arr['description'] : ''); $p['photo_usage'] = intval($arr['photo_usage']); @@ -365,13 +364,15 @@ abstract class photo_driver { if(! intval($p['imgscale'])) logger('save: ' . print_r($arr,true), LOGGER_DATA); - $x = q("select id from photo where resource_id = '%s' and uid = %d and xchan = '%s' and imgscale = %d limit 1", + $x = q("select id, created from photo where resource_id = '%s' and uid = %d and xchan = '%s' and imgscale = %d limit 1", dbesc($p['resource_id']), intval($p['uid']), dbesc($p['xchan']), intval($p['imgscale']) ); + if($x) { + $p['created'] = (($x['created']) ? $x['created'] : $p['edited']); $r = q("UPDATE photo set aid = %d, uid = %d, @@ -427,6 +428,7 @@ abstract class photo_driver { ); } else { + $p['created'] = (($arr['created']) ? $arr['created'] : $p['edited']); $r = q("INSERT INTO photo ( aid, uid, xchan, resource_id, created, edited, filename, mimetype, album, height, width, content, os_storage, filesize, imgscale, photo_usage, title, description, os_path, display_path, allow_cid, allow_gid, deny_cid, deny_gid ) VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", @@ -464,11 +466,6 @@ abstract class photo_driver { - - - - - /** * Guess image mimetype from filename or from Content-Type header * @@ -650,9 +647,8 @@ function import_xchan_photo($photo,$xchan,$thing = false,$force = false) { } } - else { + else $photo_failure = true; - } if(! $photo_failure && $result['return_code'] != 304) { $img = photo_factory($img_str, $type); @@ -680,7 +676,15 @@ function import_xchan_photo($photo,$xchan,$thing = false,$force = false) { else $photo_failure = true; - $p = array('xchan' => $xchan,'resource_id' => $hash, 'filename' => basename($photo), 'album' => $album, 'photo_usage' => $flags, 'imgscale' => 4); + $p = array( + 'xchan' => $xchan, + 'resource_id' => $hash, + 'filename' => basename($photo), + 'album' => $album, + 'photo_usage' => $flags, + 'imgscale' => 4, + 'edited' => $modified + ); $r = $img->save($p); @@ -721,6 +725,7 @@ function import_xchan_photo($photo,$xchan,$thing = false,$force = false) { $modified = gmdate('Y-m-d H:i:s', filemtime($default)); } + logger('HTTP code: ' . $result['return_code'] . '; modified: ' . $modified . '; failure: ' . ($photo_failure ? 'yes' : 'no') . '; URL: ' . $photo, LOGGER_DEBUG); return(array($photo,$thumb,$micro,$type,$photo_failure,$modified)); } -- cgit v1.2.3 From d20759c1419ae905e70c7bc6b8acaf3e3918d210 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Sat, 10 Nov 2018 11:11:23 +0100 Subject: Do not return default images from vCard --- include/network.php | 1 - 1 file changed, 1 deletion(-) (limited to 'include') diff --git a/include/network.php b/include/network.php index baa8ec40d..d37da05f7 100644 --- a/include/network.php +++ b/include/network.php @@ -1963,7 +1963,6 @@ function scrape_vcard($url) { } } - $ret['photo'] = (filter_var($ret['photo'], FILTER_VALIDATE_URL) ? $ret['photo'] : substr($ret['url'], 0, -1) . $ret['photo']); return $ret; } -- cgit v1.2.3 From d34423fce9c581bab03b7fa42721b84805d7be24 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Sat, 10 Nov 2018 11:53:49 +0100 Subject: Fixed wrong value assign on compare with 0 --- include/photo/photo_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index a4866bb60..cced7bf03 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -637,7 +637,7 @@ function import_xchan_photo($photo,$xchan,$thing = false,$force = false) { if(is_null($type)) $photo_failure = true; } - elseif($result['return_code'] = 304) { + elseif($result['return_code'] === 304) { $photo = z_root() . '/photo/' . $hash . '-4'; $thumb = z_root() . '/photo/' . $hash . '-5'; $micro = z_root() . '/photo/' . $hash . '-6'; -- cgit v1.2.3 From c6e14a696e7942c26319b57f197826018b427002 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Sat, 10 Nov 2018 11:56:34 +0100 Subject: Fixed wrong value assign on compare with 0 --- include/photo/photo_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index a4866bb60..cced7bf03 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -637,7 +637,7 @@ function import_xchan_photo($photo,$xchan,$thing = false,$force = false) { if(is_null($type)) $photo_failure = true; } - elseif($result['return_code'] = 304) { + elseif($result['return_code'] === 304) { $photo = z_root() . '/photo/' . $hash . '-4'; $thumb = z_root() . '/photo/' . $hash . '-5'; $micro = z_root() . '/photo/' . $hash . '-6'; -- cgit v1.2.3 From a49cfa81425b24c4c2b52eec67dd82649cd1bf61 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Sat, 10 Nov 2018 20:45:20 +0100 Subject: Update photo_driver.php --- include/photo/photo_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index cced7bf03..4173d727e 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -637,7 +637,7 @@ function import_xchan_photo($photo,$xchan,$thing = false,$force = false) { if(is_null($type)) $photo_failure = true; } - elseif($result['return_code'] === 304) { + elseif($result['return_code'] == 304) { $photo = z_root() . '/photo/' . $hash . '-4'; $thumb = z_root() . '/photo/' . $hash . '-5'; $micro = z_root() . '/photo/' . $hash . '-6'; -- cgit v1.2.3 From 7bd60adfbed67999fcb84c11e2eda90bc707b25c Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 12 Nov 2018 09:35:12 +0100 Subject: fix css issues in bbcode conversion and focus-light schema --- include/bbcode.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/bbcode.php b/include/bbcode.php index 137e25a9c..c5d6ef998 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -1198,24 +1198,24 @@ function bbcode($Text, $options = []) { // Images // [img]pathtoimage[/img] if (strpos($Text,'[/img]') !== false) { - $Text = preg_replace("/\[img\](.*?)\[\/img\]/ism", '' . t('Image/photo') . '', $Text); + $Text = preg_replace("/\[img\](.*?)\[\/img\]/ism", '' . t('Image/photo') . '', $Text); } if (strpos($Text,'[/zmg]') !== false) { - $Text = preg_replace("/\[zmg\](.*?)\[\/zmg\]/ism", '' . t('Image/photo') . '', $Text); + $Text = preg_replace("/\[zmg\](.*?)\[\/zmg\]/ism", '' . t('Image/photo') . '', $Text); } // [img float={left, right}]pathtoimage[/img] if (strpos($Text,'[/img]') !== false) { - $Text = preg_replace("/\[img float=left\](.*?)\[\/img\]/ism", '' . t('Image/photo') . '', $Text); + $Text = preg_replace("/\[img float=left\](.*?)\[\/img\]/ism", '' . t('Image/photo') . '', $Text); } if (strpos($Text,'[/img]') !== false) { - $Text = preg_replace("/\[img float=right\](.*?)\[\/img\]/ism", '' . t('Image/photo') . '', $Text); + $Text = preg_replace("/\[img float=right\](.*?)\[\/img\]/ism", '' . t('Image/photo') . '', $Text); } if (strpos($Text,'[/zmg]') !== false) { - $Text = preg_replace("/\[zmg float=left\](.*?)\[\/zmg\]/ism", '' . t('Image/photo') . '', $Text); + $Text = preg_replace("/\[zmg float=left\](.*?)\[\/zmg\]/ism", '' . t('Image/photo') . '', $Text); } if (strpos($Text,'[/zmg]') !== false) { - $Text = preg_replace("/\[zmg float=right\](.*?)\[\/zmg\]/ism", '' . t('Image/photo') . '', $Text); + $Text = preg_replace("/\[zmg float=right\](.*?)\[\/zmg\]/ism", '' . t('Image/photo') . '', $Text); } // [img=widthxheight]pathtoimage[/img] -- cgit v1.2.3 From 35e66770be6ca93c9090cdab221e6c33a410a569 Mon Sep 17 00:00:00 2001 From: "DM42.Net (Matt Dent)" Date: Tue, 13 Nov 2018 17:20:21 -0500 Subject: Filter search box before display --- include/text.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 076c98407..da18080dd 100644 --- a/include/text.php +++ b/include/text.php @@ -1075,7 +1075,7 @@ function micropro($contact, $redirect = false, $class = '', $mode = false) { function search($s,$id='search-box',$url='/search',$save = false) { return replace_macros(get_markup_template('searchbox.tpl'),array( - '$s' => $s, + '$s' => htmlspecialchars($s), '$id' => $id, '$action_url' => z_root() . $url, '$search_label' => t('Search'), -- cgit v1.2.3