X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Facl_selectors.php;h=a1154399a713035c43a8f83751006cdcd8228989;hb=c0e87b2beac1f326f97eac6e7f97f95e12498405;hp=f628b97309bf0b0742d3fa84d610aa9d3bfbd58f;hpb=de51cd5e652e81a5705582185aa757dd860a4ffc;p=friendica.git

diff --git a/include/acl_selectors.php b/include/acl_selectors.php
index f628b97309..a1154399a7 100644
--- a/include/acl_selectors.php
+++ b/include/acl_selectors.php
@@ -392,7 +392,6 @@ function acl_lookup(&$a, $out_type = 'json') {
 	if(!local_user())
 		return "";
 
-
 	$start = (x($_REQUEST,'start')?$_REQUEST['start']:0);
 	$count = (x($_REQUEST,'count')?$_REQUEST['count']:100);
 	$search = (x($_REQUEST,'search')?$_REQUEST['search']:"");
@@ -492,7 +491,7 @@ function acl_lookup(&$a, $out_type = 'json') {
 			$groups[] = array(
 				"type"  => "g",
 				"photo" => "images/twopeople.png",
-				"name"  => $g['name'],
+				"name"  => htmlentities($g['name']),
 				"id"	=> intval($g['id']),
 				"uids"  => array_map("intval", explode(",",$g['uids'])),
 				"link"  => '',
@@ -545,9 +544,9 @@ function acl_lookup(&$a, $out_type = 'json') {
 		$x['data'] = array();
 		if(count($r)) {
 			foreach($r as $g) {
-				$x['photos'][] = proxy_url($g['micro']);
+				$x['photos'][] = proxy_url($g['micro'], false, PROXY_SIZE_MICRO);
 				$x['links'][] = $g['url'];
-				$x['suggestions'][] = $g['name'];
+				$x['suggestions'][] = htmlentities($g['name']);
 				$x['data'][] = intval($g['id']);
 			}
 		}
@@ -559,12 +558,12 @@ function acl_lookup(&$a, $out_type = 'json') {
 		foreach($r as $g){
 			$contacts[] = array(
 				"type"  => "c",
-				"photo" => proxy_url($g['micro']),
-				"name"  => $g['name'],
+				"photo" => proxy_url($g['micro'], false, PROXY_SIZE_MICRO),
+				"name"  => htmlentities($g['name']),
 				"id"	=> intval($g['id']),
 				"network" => $g['network'],
 				"link" => $g['url'],
-				"nick" => ($g['attag']) ? $g['attag'] : $g['nick'],
+				"nick" => htmlentities(($g['attag']) ? $g['attag'] : $g['nick']),
 				"forum" => $g['forum']
 			);
 		}
@@ -604,12 +603,12 @@ function acl_lookup(&$a, $out_type = 'json') {
 				// /nickname
 				$unknow_contacts[] = array(
 					"type"  => "c",
-					"photo" => proxy_url($row['author-avatar']),
-					"name"  => $row['author-name'],
+					"photo" => proxy_url($row['author-avatar'], false, PROXY_SIZE_MICRO),
+					"name"  => htmlentities($row['author-name']),
 					"id"	=> '',
 					"network" => "unknown",
 					"link" => $row['author-link'],
-					"nick" => $nick,
+					"nick" => htmlentities($nick),
 					"forum" => false
 				);
 			}