ensure z_input_filter is called exactly once, since we now depend on the number of htmlspecialchars operations for
markdown content. Also ensure that the content is escaped the correct number of times on imported items.
This commit is contained in:
		| @@ -333,12 +333,15 @@ function photo_upload($channel, $observer, $args) { | ||||
| 			if($item['mid'] === $item['parent_mid']) { | ||||
|  | ||||
| 				$item['body'] = $summary; | ||||
| 				$item['mimetype'] = 'text/bbcode'; | ||||
| 				$item['obj_type'] = ACTIVITY_OBJ_PHOTO; | ||||
| 				$item['obj']	= json_encode($object); | ||||
|  | ||||
| 				$item['tgt_type'] = ACTIVITY_OBJ_ALBUM; | ||||
| 				$item['target']	= json_encode($target); | ||||
|  | ||||
| 				$item['body'] = trim(z_input_filter($item['body'],$item['mimetype'],false)); | ||||
|  | ||||
| 				if($item['author_xchan'] === $channel['channel_hash']) { | ||||
| 					$item['sig'] = base64url_encode(rsa_sign($item['body'],$channel['channel_prvkey'])); | ||||
| 					$item['item_verified']  = 1; | ||||
| @@ -346,6 +349,12 @@ function photo_upload($channel, $observer, $args) { | ||||
| 				else { | ||||
| 					$item['sig'] = ''; | ||||
| 				} | ||||
|  | ||||
| 				// notify item_store or item_store_update that the input has been filtered and signed already. | ||||
| 				// The signing procedure in those functions uses local_channel() which may not apply here. | ||||
|  | ||||
| 				$item['input_filtered_signed'] = true; | ||||
|  | ||||
| 				$force = true; | ||||
|  | ||||
| 			} | ||||
|   | ||||
		Reference in New Issue
	
	Block a user