harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'patch-20181113a' into 'dev'

Browse Source 
Patch 20181113a

See merge request hubzilla/core!1394
This commit is contained in:
M. Dent 2018-11-14 03:21:32 +01:00
commit 1260887fa7
3 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Zotlabs/Lib/Enotify.php
View File

@ -825,7 +825,7 @@ class Enotify {
// convert this logic into a json array just like the system notifications // convert this logic into a json array just like the system notifications
return array( $x = array(
'notify_link' => $item['llink'], 'notify_link' => $item['llink'],
'name' => $item['author']['xchan_name'], 'name' => $item['author']['xchan_name'],
'url' => $item['author']['xchan_url'], 'url' => $item['author']['xchan_url'],
@ -835,9 +835,19 @@ class Enotify {
'b64mid' => ((in_array($item['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) ? 'b64.' . base64url_encode($item['thr_parent']) : 'b64.' . base64url_encode($item['mid'])), 'b64mid' => ((in_array($item['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) ? 'b64.' . base64url_encode($item['thr_parent']) : 'b64.' . base64url_encode($item['mid'])),
'notify_id' => 'undefined', 'notify_id' => 'undefined',
'thread_top' => (($item['item_thread_top']) ? true : false), 'thread_top' => (($item['item_thread_top']) ? true : false),
'message' => strip_tags(bbcode($itemem_text)) 'message' => strip_tags(bbcode($itemem_text)),
// these are for the superblock addon
'hash' => $item['author']['xchan_hash'],
'uid' => local_channel(),
'display' => true
); );
call_hooks('enotify_format',$x);
if(! $x['display']) {
return [];
}
return $x;
} }
} }

6
Zotlabs/Module/Search.php
View File

@ -6,7 +6,7 @@ class Search extends \Zotlabs\Web\Controller {
function init() { function init() {
if(x($_REQUEST,'search')) if(x($_REQUEST,'search'))
\App::$data['search'] = $_REQUEST['search']; \App::$data['search'] = escape_tags($_REQUEST['search']);
} }
@ -46,12 +46,12 @@ class Search extends \Zotlabs\Web\Controller {
if(x(\App::$data,'search')) if(x(\App::$data,'search'))
$search = trim(\App::$data['search']); $search = trim(\App::$data['search']);
else else
$search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : ''); $search = ((x($_GET,'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : '');
$tag = false; $tag = false;
if(x($_GET,'tag')) { if(x($_GET,'tag')) {
$tag = true; $tag = true;
$search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : ''); $search = ((x($_GET,'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : '');
} }
$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0); $static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);

2
include/text.php
View File

@ -1075,7 +1075,7 @@ function micropro($contact, $redirect = false, $class = '', $mode = false) {
function search($s,$id='search-box',$url='/search',$save = false) { function search($s,$id='search-box',$url='/search',$save = false) {
return replace_macros(get_markup_template('searchbox.tpl'),array( return replace_macros(get_markup_template('searchbox.tpl'),array(
'$s' => $s, '$s' => htmlspecialchars($s),
'$id' => $id, '$id' => $id,
'$action_url' => z_root() . $url, '$action_url' => z_root() . $url,
'$search_label' => t('Search'), '$search_label' => t('Search'),