Merge pull request #6311 from annando/issue-6308

[friendica.git] / mod / xrd.php

diff --git a/mod/xrd.php b/mod/xrd.php
index 83f069d14a85bdcd04e6475b2c94d3307b31c2cc..4b9b0ee8fb4e1931848b799cb07d5a86ec6b2dc7 100644 (file)
--- a/mod/xrd.php
+++ b/mod/xrd.php
@@ -9,6 +9,7 @@ use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Database\DBA;
 use Friendica\Protocol\Salmon;
+use Friendica\Util\Strings;
 
 function xrd_init(App $a)
 {
@@ -17,7 +18,7 @@ function xrd_init(App $a)
                        System::httpExit(404);
                }
 
-               $uri = urldecode(notags(trim($_GET['uri'])));
+               $uri = urldecode(Strings::escapeTags(trim($_GET['uri'])));
                if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/jrd+json') {
                        $mode = 'json';
                } else {
@@ -28,7 +29,7 @@ function xrd_init(App $a)
                        System::httpExit(404);
                }
 
-               $uri = urldecode(notags(trim($_GET['resource'])));
+               $uri = urldecode(Strings::escapeTags(trim($_GET['resource'])));
                if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/xrd+xml') {
                        $mode = 'xml';
                } else {