X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fitem.php;h=cc801df57c1b62ce0d0878332807c3449c9109b2;hb=3fc5c1ad840f98926319478a855dab3686a0ace3;hp=bf8c5f7217170b9451dff977e785eb5d4f2cb004;hpb=5276c28a78e188eb4ec8dcbf87a4dd1ac193c8d7;p=friendica.git diff --git a/mod/item.php b/mod/item.php index bf8c5f7217..cc801df57c 100644 --- a/mod/item.php +++ b/mod/item.php @@ -166,7 +166,7 @@ function item_post(App $a) { // Now check that valid personal details have been provided if (!Security::canWriteToUserWall($profile_uid) && !$allow_comment) { - notice(L10n::t('Permission denied.') . EOL) ; + notice(L10n::t('Permission denied.') . EOL); if (!empty($_REQUEST['return'])) { $a->internalRedirect($return_path); @@ -204,8 +204,8 @@ function item_post(App $a) { $objecttype = $orig_post['object-type']; $app = $orig_post['app']; $categories = $orig_post['file']; - $title = Strings::removeTags(trim($_REQUEST['title'])); - $body = Strings::escapeTags(trim($_REQUEST['body'])); + $title = Strings::escapeTags(trim($_REQUEST['title'])); + $body = Strings::escapeHtml(trim($_REQUEST['body'])); $private = $orig_post['private']; $pubmail_enabled = $orig_post['pubmail']; $network = $orig_post['network']; @@ -236,13 +236,13 @@ function item_post(App $a) { $str_contact_deny = perms2str(defaults($_REQUEST, 'contact_deny', '')); } - $title = Strings::removeTags(trim(defaults($_REQUEST, 'title' , ''))); - $location = Strings::removeTags(trim(defaults($_REQUEST, 'location', ''))); - $coord = Strings::removeTags(trim(defaults($_REQUEST, 'coord' , ''))); - $verb = Strings::removeTags(trim(defaults($_REQUEST, 'verb' , ''))); - $emailcc = Strings::removeTags(trim(defaults($_REQUEST, 'emailcc' , ''))); - $body = Strings::escapeTags(trim(defaults($_REQUEST, 'body' , ''))); - $network = Strings::removeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN))); + $title = Strings::escapeTags(trim(defaults($_REQUEST, 'title' , ''))); + $location = Strings::escapeTags(trim(defaults($_REQUEST, 'location', ''))); + $coord = Strings::escapeTags(trim(defaults($_REQUEST, 'coord' , ''))); + $verb = Strings::escapeTags(trim(defaults($_REQUEST, 'verb' , ''))); + $emailcc = Strings::escapeTags(trim(defaults($_REQUEST, 'emailcc' , ''))); + $body = Strings::escapeHtml(trim(defaults($_REQUEST, 'body' , ''))); + $network = Strings::escapeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN))); $guid = System::createUUID(); $postopts = defaults($_REQUEST, 'postopts', ''); @@ -348,7 +348,7 @@ function item_post(App $a) { $str_tags = ''; $inform = ''; - $tags = Strings::getTags($body); + $tags = BBCode::getTags($body); // Add a tag if the parent contact is from ActivityPub or OStatus (This will notify them) if ($parent && in_array($thr_parent_contact['network'], [Protocol::OSTATUS, Protocol::ACTIVITYPUB])) { @@ -468,7 +468,7 @@ function item_post(App $a) { $fields = ['allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow, 'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny]; - $condition = ['resource-id' => $image_uri, 'uid' => $profile_uid, 'album' => L10n::t('Wall Photos')]; + $condition = ['resource-id' => $image_uri, 'uid' => $profile_uid]; DBA::update('photo', $fields, $condition); } } @@ -690,7 +690,7 @@ function item_post(App $a) { } $json = ['cancel' => 1]; - if (!empty($_REQUEST['jsreload']) && strlen($_REQUEST['jsreload'])) { + if (!empty($_REQUEST['jsreload'])) { $json['reload'] = System::baseUrl() . '/' . $_REQUEST['jsreload']; } @@ -869,7 +869,7 @@ function item_post_return($baseurl, $api_source, $return_path) } $json = ['success' => 1]; - if (!empty($_REQUEST['jsreload']) && strlen($_REQUEST['jsreload'])) { + if (!empty($_REQUEST['jsreload'])) { $json['reload'] = $baseurl . '/' . $_REQUEST['jsreload']; }