Merge pull request #6434 from AndyHee/2019.01-rc

[friendica.git] / mod / subthread.php

diff --git a/mod/subthread.php b/mod/subthread.php
index e3cfe39e6e73b58ff203333abc1f1b9c3cfdf42a..bd7fee534e81b1fb80dfda60405da38f60f40055 100644 (file)
--- a/mod/subthread.php
+++ b/mod/subthread.php
@@ -11,8 +11,7 @@ use Friendica\Database\DBA;
 use Friendica\Model\Item;
 use Friendica\Util\Security;
 use Friendica\Util\Strings;
-
-require_once 'include/items.php';
+use Friendica\Util\XML;
 
 function subthread_content(App $a) {
 
@@ -22,7 +21,7 @@ function subthread_content(App $a) {
 
        $activity = ACTIVITY_FOLLOW;
 
-       $item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0);
+       $item_id = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : 0);
 
        $condition = ["`parent` = ? OR `parent-uri` = ? AND `parent` = `id`", $item_id, $item_id];
        $item = Item::selectFirst([], $condition);
@@ -88,7 +87,7 @@ function subthread_content(App $a) {
 
        $post_type = (($item['resource-id']) ? L10n::t('photo') : L10n::t('status'));
        $objtype = (($item['resource-id']) ? ACTIVITY_OBJ_IMAGE : ACTIVITY_OBJ_NOTE );
-       $link = Strings::escape('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n") ;
+       $link = XML::escape('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n");
        $body = $item['body'];
 
        $obj = <<< EOT