Merge pull request #1947 from annando/1510-diaspora-follower

[friendica.git] / mod / allfriends.php

diff --git a/mod/allfriends.php b/mod/allfriends.php
index c32a05a2ce9c8d2ae58f9371f418153312c27f32..784dfb87711d6053386034d3482e2388dbc06e3e 100644 (file)
--- a/mod/allfriends.php
+++ b/mod/allfriends.php
@@ -21,19 +21,21 @@ function allfriends_content(&$a) {
        );
 
        $vcard_widget .= replace_macros(get_markup_template("vcard-widget.tpl"),array(
-                '$name' => $c[0]['name'],
-                '$photo' => $c[0]['photo'],
-                'url' => z_root() . '/contacts/' . $cid
-                ));
+               '$name'  => htmlentities($c[0]['name']),
+               '$photo' => $c[0]['photo'],
+               'url'    => z_root() . '/contacts/' . $cid
+       ));
 
-        if(! x($a->page,'aside'))
-                $a->page['aside'] = '';
-        $a->page['aside'] .= $vcard_widget;
+       if(! x($a->page,'aside'))
+               $a->page['aside'] = '';
+       $a->page['aside'] .= $vcard_widget;
 
        if(! count($c))
                return;
 
-       $o .= '<h2>' . sprintf( t('Friends of %s'), $c[0]['name']) . '</h2>';
+       $o .= replace_macros(get_markup_template("section_title.tpl"),array(
+               '$title' => sprintf( t('Friends of %s'), htmlentities($c[0]['name']))
+       ));
 
 
        $r = all_friends(local_user(),$cid);
@@ -46,10 +48,10 @@ function allfriends_content(&$a) {
        $tpl = get_markup_template('common_friends.tpl');
 
        foreach($r as $rr) {
-                       
+
                $o .= replace_macros($tpl,array(
                        '$url' => $rr['url'],
-                       '$name' => $rr['name'],
+                       '$name' => htmlentities($rr['name']),
                        '$photo' => $rr['photo'],
                        '$tags' => ''
                ));