use Friendica\Database\DBA;
use Friendica\Model\Item;
use Friendica\Util\Security;
+use Friendica\Util\Strings;
+use Friendica\Util\XML;
require_once 'include/items.php';
$activity = ACTIVITY_FOLLOW;
- $item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0);
+ $item_id = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : 0);
$condition = ["`parent` = ? OR `parent-uri` = ? AND `parent` = `id`", $item_id, $item_id];
$item = Item::selectFirst([], $condition);
$post_type = (($item['resource-id']) ? L10n::t('photo') : L10n::t('status'));
$objtype = (($item['resource-id']) ? ACTIVITY_OBJ_IMAGE : ACTIVITY_OBJ_NOTE );
- $link = xmlify('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n") ;
+ $link = XML::escape('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n");
$body = $item['body'];
$obj = <<< EOT