harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more htmlspecialchars sanitisation

Browse Source
This commit is contained in:
friendica 2013-12-12 02:15:02 -08:00
parent 941f81eb30
commit 303324cdff
4 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/conversation.php
View File

@ -1108,7 +1108,7 @@ function status_editor($a,$x,$popup=false) {
'$shortsetloc' => t('set location'), '$shortsetloc' => t('set location'),
'$noloc' => t('Clear browser location'), '$noloc' => t('Clear browser location'),
'$shortnoloc' => t('clear location'), '$shortnoloc' => t('clear location'),
'$title' => ((x($x,'title')) ? htmlspecialchars($x['title']) : ''), '$title' => ((x($x,'title')) ? htmlspecialchars($x['title'], ENT_COMPAT,'UTF-8') : ''),
'$placeholdertitle' => t('Set title'), '$placeholdertitle' => t('Set title'),
'$catsenabled' => ((feature_enabled($x['profile_uid'],'categories') && (! $webpage)) ? 'categories' : ''), '$catsenabled' => ((feature_enabled($x['profile_uid'],'categories') && (! $webpage)) ? 'categories' : ''),
'$category' => "", '$category' => "",
@ -1117,7 +1117,7 @@ function status_editor($a,$x,$popup=false) {
'$permset' => t('Permission settings'), '$permset' => t('Permission settings'),
'$shortpermset' => t('permissions'), '$shortpermset' => t('permissions'),
'$ptyp' => (($notes_cid) ? 'note' : 'wall'), '$ptyp' => (($notes_cid) ? 'note' : 'wall'),
'$content' => ((x($x,'body')) ? htmlspecialchars($x['body']) : ''), '$content' => ((x($x,'body')) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8') : ''),
'$post_id' => '', '$post_id' => '',
'$baseurl' => $a->get_baseurl(true), '$baseurl' => $a->get_baseurl(true),
'$defloc' => $x['default_location'], '$defloc' => $x['default_location'],

2
include/network.php
View File

@ -582,7 +582,7 @@ function scale_external_images($s, $include_link = true, $scale_replace = false)
$a = get_app(); $a = get_app();
// Picture addresses can contain special characters // Picture addresses can contain special characters
$s = htmlspecialchars_decode($s); $s = htmlspecialchars_decode($s, ENT_COMPAT,'UTF-8');
$matches = null; $matches = null;
$c = preg_match_all('/\[img(.*?)\](.*?)\[\/img\]/ism',$s,$matches,PREG_SET_ORDER); $c = preg_match_all('/\[img(.*?)\](.*?)\[\/img\]/ism',$s,$matches,PREG_SET_ORDER);

4
include/taxonomy.php
View File

@ -87,9 +87,9 @@ function format_term_for_display($term) {
return $s; return $s;
if($term['url']) if($term['url'])
$s .= '<a href="' . $term['url'] . '">' . htmlspecialchars($term['term']) . '</a>'; $s .= '<a href="' . $term['url'] . '">' . htmlspecialchars($term['term'], ENT_COMPAT,'UTF-8') . '</a>';
else else
$s .= htmlspecialchars($term['term']); $s .= htmlspecialchars($term['term'], ENT_COMPAT,'UTF-8');
return $s; return $s;
} }

4
include/widgets.php
View File

@ -219,7 +219,7 @@ function widget_savedsearch($arr) {
'term' => $rr['term'], 'term' => $rr['term'],
'dellink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&amp;searchremove=1&amp;search=' . urlencode($rr['term']), 'dellink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&amp;searchremove=1&amp;search=' . urlencode($rr['term']),
'srchlink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&amp;search=' . urlencode($rr['term']), 'srchlink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&amp;search=' . urlencode($rr['term']),
'displayterm' => htmlspecialchars($rr['term']), 'displayterm' => htmlspecialchars($rr['term'], ENT_COMPAT,'UTF-8'),
'encodedterm' => urlencode($rr['term']), 'encodedterm' => urlencode($rr['term']),
'delete' => t('Remove term'), 'delete' => t('Remove term'),
'selected' => ($search==$rr['term']), 'selected' => ($search==$rr['term']),
@ -317,7 +317,7 @@ function widget_fullprofile($arr) {
function widget_categories($arr) { function widget_categories($arr) {
$a = get_app(); $a = get_app();
$cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat']) : ''); $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : '');
$srchurl = $a->query_string; $srchurl = $a->query_string;
$srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&'); $srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&');
$srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl); $srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl);