<?php
+/**
+ * @copyright Copyright (C) 2020, Friendica
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
namespace Friendica\Object;
}
foreach ($properties as $key => $value) {
+ if (in_array($key, ['thumbnail_width', 'thumbnail_height', 'width', 'height'])) {
+ // These values should be numbers, so ensure that they really are numbers.
+ $value = (int)$value;
+ } elseif (is_array($value)) {
+ // Ignoring arrays.
+ } elseif ($key != 'html') {
+ // Avoid being able to inject some ugly stuff through these fields.
+ $value = htmlentities($value);
+ } else {
+ /// @todo Add a way to sanitize the html as well, possibly with an <iframe>?
+ $value = mb_convert_encoding($value, 'HTML-ENTITIES', mb_detect_encoding($value));
+ }
+
if (property_exists(__CLASS__, $key)) {
$this->{$key} = $value;
}