Contact names with ">" and "<" are a problem ...

[friendica.git] / include / conversation.php

diff --git a/include/conversation.php b/include/conversation.php
index bbb0b921a344051b4668dfe1beac007a51a6a7f6..cdcc5601084818e74dd415ce5c305fc40f711a4a 100644 (file)
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -942,7 +942,7 @@ function like_puller($a,$item,&$arr,$mode) {
                        $arr[$item['thr-parent']] = 1;
                else
                        $arr[$item['thr-parent']] ++;
-               $arr[$item['thr-parent'] . '-l'][] = '<a href="'. $url . '"'. $sparkle .'>' . $item['author-name'] . '</a>';
+               $arr[$item['thr-parent'] . '-l'][] = '<a href="'. $url . '"'. $sparkle .'>' . htmlentities($item['author-name']) . '</a>';
        }
        return;
 }}
@@ -958,7 +958,7 @@ if(! function_exists('format_like')) {
 function format_like($cnt,$arr,$type,$id) {
        $o = '';
        if($cnt == 1)
-               $o .= (($type === 'like') ? sprintf( t('%s likes this.'), $arr[0]) : sprintf( t('%s doesn\'t like this.'), $arr[0])) . EOL ;
+               $o .= (($type === 'like') ? sprintf( t('%s likes this.'), $arr[0]) : sprintf( t('%s doesn\'t like this.'), $arr[0])) . EOL;
        else {
                $spanatts = "class=\"fakelink\" onclick=\"openClose('{$type}list-$id');\"";
                switch($type) {