From 9879cf3c6ca0652e9dc5c69824f6ab655c484c28 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 22 Jun 2015 16:09:02 -0700 Subject: ensure we always sign a trimmed item body. --- mod/item.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod/item.php') diff --git a/mod/item.php b/mod/item.php index 3ff286268..94e203788 100644 --- a/mod/item.php +++ b/mod/item.php @@ -798,7 +798,7 @@ function item_post(&$a) { if(array_key_exists('item_private',$datarray) && $datarray['item_private']) { - $datarray['body'] = z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype']); + $datarray['body'] = trim(z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype'])); if($uid) { if($channel['channel_hash'] === $datarray['author_xchan']) { -- cgit v1.2.3 From a189fc0872867e6692e02453fb2ea1ec95c0979c Mon Sep 17 00:00:00 2001 From: Alexandre Hannud Abdo Date: Tue, 23 Jun 2015 01:08:02 -0300 Subject: properly trims edited posts before signing so signature verification works --- mod/item.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'mod/item.php') diff --git a/mod/item.php b/mod/item.php index 3ff286268..9287081ef 100644 --- a/mod/item.php +++ b/mod/item.php @@ -343,8 +343,8 @@ function item_post(&$a) { $coord = $orig_post['coord']; $verb = $orig_post['verb']; $app = $orig_post['app']; - $title = $_REQUEST['title']; - $body = $_REQUEST['body']; + $title = escape_tags(trim($_REQUEST['title'])); + $body = trim($_REQUEST['body']); $item_flags = $orig_post['item_flags']; // force us to recalculate if we need to obscure this post -- cgit v1.2.3