harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

webpage content-type -- needs cleaning up and a security check once all the important bits are in place.

Browse Source
This commit is contained in:
friendica
2013-09-02 01:38:17 -07:00
parent a35d440ff1
commit 8b7757e033
8 changed files with 206 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
include/items.php
View File

@@ -1397,14 +1397,10 @@ function item_store($arr,$allow_exec = false) {
$arr['item_private'] = ((x($arr,'item_private')) ? intval($arr['item_private']) : 0 );
$arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 );
// this is a bit messy - we really need an input filter chain that temporarily undoes obscuring
if($arr['mimetype'] != 'text/html' && $arr['mimetype'] != 'application/x-php') {
if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false))
$arr['body'] = escape_tags($arr['body']);
if((strpos($arr['title'],'<') !== false) || (strpos($arr['title'],'>') !== false))
$arr['title'] = escape_tags($arr['title']);
}
$arr['body'] = z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']);
$arr['title'] = escape_tags($arr['title']);
// only detect language if we have text content, and if the post is private but not yet
// obscured, make it so.