issue #240 - we were using htmlentities instead of htmlspecialchars in several places, and this was a bit greedy in the set of characters which were converted from utf-8 to HTML entities. Also brought mail attachments up to date so they are rendered identically to item attachments.
This commit is contained in:
friendica
@@ -564,9 +564,9 @@ function title_is_body($title, $body) {
|
||||
|
||||
function get_item_elements($x) {
|
||||
|
||||
// logger('get_item_elements');
|
||||
|
||||
$arr = array();
|
||||
$arr['body'] = (($x['body']) ? htmlentities($x['body'],ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['body'] = (($x['body']) ? htmlspecialchars($x['body'],ENT_COMPAT,'UTF-8',false) : '');
|
||||
|
||||
$arr['created'] = datetime_convert('UTC','UTC',$x['created']);
|
||||
$arr['edited'] = datetime_convert('UTC','UTC',$x['edited']);
|
||||
@@ -584,27 +584,27 @@ function get_item_elements($x) {
|
||||
? datetime_convert('UTC','UTC',$x['commented'])
|
||||
: $arr['created']);
|
||||
|
||||
$arr['title'] = (($x['title']) ? htmlentities($x['title'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['title'] = (($x['title']) ? htmlspecialchars($x['title'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
|
||||
if(mb_strlen($arr['title']) > 255)
|
||||
$arr['title'] = mb_substr($arr['title'],0,255);
|
||||
|
||||
|
||||
$arr['app'] = (($x['app']) ? htmlentities($x['app'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['parent_mid'] = (($x['message_top']) ? htmlentities($x['message_top'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['thr_parent'] = (($x['message_parent']) ? htmlentities($x['message_parent'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['app'] = (($x['app']) ? htmlspecialchars($x['app'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['mid'] = (($x['message_id']) ? htmlspecialchars($x['message_id'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['parent_mid'] = (($x['message_top']) ? htmlspecialchars($x['message_top'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['thr_parent'] = (($x['message_parent']) ? htmlspecialchars($x['message_parent'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
|
||||
$arr['plink'] = (($x['permalink']) ? htmlentities($x['permalink'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['location'] = (($x['location']) ? htmlentities($x['location'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['coord'] = (($x['longlat']) ? htmlentities($x['longlat'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['verb'] = (($x['verb']) ? htmlentities($x['verb'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['mimetype'] = (($x['mimetype']) ? htmlentities($x['mimetype'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['obj_type'] = (($x['object_type']) ? htmlentities($x['object_type'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['tgt_type'] = (($x['target_type']) ? htmlentities($x['target_type'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['comment_policy'] = (($x['comment_scope']) ? htmlentities($x['comment_scope'], ENT_COMPAT,'UTF-8',false) : 'contacts');
|
||||
$arr['plink'] = (($x['permalink']) ? htmlspecialchars($x['permalink'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['location'] = (($x['location']) ? htmlspecialchars($x['location'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['coord'] = (($x['longlat']) ? htmlspecialchars($x['longlat'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['verb'] = (($x['verb']) ? htmlspecialchars($x['verb'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['mimetype'] = (($x['mimetype']) ? htmlspecialchars($x['mimetype'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['obj_type'] = (($x['object_type']) ? htmlspecialchars($x['object_type'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['tgt_type'] = (($x['target_type']) ? htmlspecialchars($x['target_type'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['comment_policy'] = (($x['comment_scope']) ? htmlspecialchars($x['comment_scope'], ENT_COMPAT,'UTF-8',false) : 'contacts');
|
||||
|
||||
$arr['sig'] = (($x['signature']) ? htmlentities($x['signature'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['sig'] = (($x['signature']) ? htmlspecialchars($x['signature'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
|
||||
|
||||
$arr['object'] = activity_sanitise($x['object']);
|
||||
@@ -667,7 +667,6 @@ function get_item_elements($x) {
|
||||
$arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key));
|
||||
}
|
||||
|
||||
|
||||
return $arr;
|
||||
|
||||
}
|
||||
@@ -832,8 +831,8 @@ function decode_tags($t) {
|
||||
$ret = array();
|
||||
foreach($t as $x) {
|
||||
$tag = array();
|
||||
$tag['term'] = htmlentities($x['tag'], ENT_COMPAT,'UTF-8',false);
|
||||
$tag['url'] = htmlentities($x['url'], ENT_COMPAT,'UTF-8',false);
|
||||
$tag['term'] = htmlspecialchars($x['tag'], ENT_COMPAT,'UTF-8',false);
|
||||
$tag['url'] = htmlspecialchars($x['url'], ENT_COMPAT,'UTF-8',false);
|
||||
switch($x['type']) {
|
||||
case 'hashtag':
|
||||
$tag['type'] = TERM_HASHTAG;
|
||||
@@ -876,12 +875,12 @@ function activity_sanitise($arr) {
|
||||
if(is_array($x))
|
||||
$ret[$k] = activity_sanitise($x);
|
||||
else
|
||||
$ret[$k] = htmlentities($x, ENT_COMPAT,'UTF-8',false);
|
||||
$ret[$k] = htmlspecialchars($x, ENT_COMPAT,'UTF-8',false);
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
else {
|
||||
return htmlentities($arr, ENT_COMPAT,'UTF-8', false);
|
||||
return htmlspecialchars($arr, ENT_COMPAT,'UTF-8', false);
|
||||
}
|
||||
}
|
||||
return '';
|
||||
@@ -893,7 +892,7 @@ function array_sanitise($arr) {
|
||||
if($arr) {
|
||||
$ret = array();
|
||||
foreach($arr as $x) {
|
||||
$ret[] = htmlentities($x, ENT_COMPAT,'UTF-8',false);
|
||||
$ret[] = htmlspecialchars($x, ENT_COMPAT,'UTF-8',false);
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
@@ -958,8 +957,8 @@ function get_mail_elements($x) {
|
||||
|
||||
$arr = array();
|
||||
|
||||
$arr['body'] = (($x['body']) ? htmlentities($x['body'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['title'] = (($x['title'])? htmlentities($x['title'],ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['body'] = (($x['body']) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['title'] = (($x['title'])? htmlspecialchars($x['title'],ENT_COMPAT,'UTF-8',false) : '');
|
||||
|
||||
$arr['created'] = datetime_convert('UTC','UTC',$x['created']);
|
||||
if((! array_key_exists('expires',$x)) || ($x['expires'] === '0000-00-00 00:00:00'))
|
||||
@@ -977,18 +976,18 @@ function get_mail_elements($x) {
|
||||
|
||||
$key = get_config('system','pubkey');
|
||||
$arr['mail_flags'] |= MAIL_OBSCURED;
|
||||
$arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false);
|
||||
$arr['body'] = htmlspecialchars($arr['body'],ENT_COMPAT,'UTF-8',false);
|
||||
if($arr['body'])
|
||||
$arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key));
|
||||
$arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false);
|
||||
$arr['title'] = htmlspecialchars($arr['title'],ENT_COMPAT,'UTF-8',false);
|
||||
if($arr['title'])
|
||||
$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
|
||||
|
||||
if($arr['created'] > datetime_convert())
|
||||
$arr['created'] = datetime_convert();
|
||||
|
||||
$arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['parent_mid'] = (($x['message_parent']) ? htmlentities($x['message_parent'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['mid'] = (($x['message_id']) ? htmlspecialchars($x['message_id'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['parent_mid'] = (($x['message_parent']) ? htmlspecialchars($x['message_parent'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
|
||||
if($x['attach'])
|
||||
$arr['attach'] = activity_sanitise($x['attach']);
|
||||
@@ -1017,18 +1016,18 @@ function get_profile_elements($x) {
|
||||
else
|
||||
return array();
|
||||
|
||||
$arr['desc'] = (($x['title']) ? htmlentities($x['title'],ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['desc'] = (($x['title']) ? htmlspecialchars($x['title'],ENT_COMPAT,'UTF-8',false) : '');
|
||||
|
||||
$arr['dob'] = datetime_convert('UTC','UTC',$x['birthday'],'Y-m-d');
|
||||
$arr['age'] = (($x['age']) ? intval($x['age']) : 0);
|
||||
|
||||
$arr['gender'] = (($x['gender']) ? htmlentities($x['gender'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['marital'] = (($x['marital']) ? htmlentities($x['marital'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['sexual'] = (($x['sexual']) ? htmlentities($x['sexual'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['locale'] = (($x['locale']) ? htmlentities($x['locale'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['region'] = (($x['region']) ? htmlentities($x['region'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['postcode'] = (($x['postcode']) ? htmlentities($x['postcode'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['country'] = (($x['country']) ? htmlentities($x['country'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['gender'] = (($x['gender']) ? htmlspecialchars($x['gender'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['marital'] = (($x['marital']) ? htmlspecialchars($x['marital'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['sexual'] = (($x['sexual']) ? htmlspecialchars($x['sexual'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['locale'] = (($x['locale']) ? htmlspecialchars($x['locale'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['region'] = (($x['region']) ? htmlspecialchars($x['region'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['postcode'] = (($x['postcode']) ? htmlspecialchars($x['postcode'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['country'] = (($x['country']) ? htmlspecialchars($x['country'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
|
||||
$arr['keywords'] = (($x['keywords'] && is_array($x['keywords'])) ? array_sanitise($x['keywords']) : array());
|
||||
|
||||
|
||||
Reference in New Issue
Block a user