X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fwallmessage.php;h=ad8ca96675d638b5a3a80651843423af9339c9f3;hb=fd706cf9a7a0c4700838a1f00b12d8fd37323b7c;hp=371b82beede770bb0057ff69bb881b1f14fcb432;hpb=91facd2d0a2869e2c26a5943d8afe1849d3891f8;p=friendica.git diff --git a/mod/wallmessage.php b/mod/wallmessage.php index 371b82beed..ad8ca96675 100644 --- a/mod/wallmessage.php +++ b/mod/wallmessage.php @@ -10,6 +10,7 @@ use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Model\Mail; use Friendica\Model\Profile; +use Friendica\Util\Strings; function wallmessage_post(App $a) { @@ -19,10 +20,10 @@ function wallmessage_post(App $a) { return; } - $subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : ''); - $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : ''); + $subject = (!empty($_REQUEST['subject']) ? Strings::escapeTags(trim($_REQUEST['subject'])) : ''); + $body = (!empty($_REQUEST['body']) ? Strings::escapeHtml(trim($_REQUEST['body'])) : ''); - $recipient = (($a->argc > 1) ? notags($a->argv[1]) : ''); + $recipient = (($a->argc > 1) ? Strings::escapeTags($a->argv[1]) : ''); if ((! $recipient) || (! $body)) { return; } @@ -115,29 +116,29 @@ function wallmessage_content(App $a) { return; } - $tpl = get_markup_template('wallmsg-header.tpl'); + $tpl = Renderer::getMarkupTemplate('wallmsg-header.tpl'); $a->page['htmlhead'] .= Renderer::replaceMacros($tpl, [ '$baseurl' => System::baseUrl(true), '$nickname' => $user['nickname'], '$linkurl' => L10n::t('Please enter a link URL:') ]); - $tpl = get_markup_template('wallmessage.tpl'); + $tpl = Renderer::getMarkupTemplate('wallmessage.tpl'); $o = Renderer::replaceMacros($tpl, [ - '$header' => L10n::t('Send Private Message'), - '$subheader' => L10n::t('If you wish for %s to respond, please check that the privacy settings on your site allow private mail from unknown senders.', $user['username']), - '$to' => L10n::t('To:'), - '$subject' => L10n::t('Subject:'), - '$recipname' => $user['username'], - '$nickname' => $user['nickname'], - '$subjtxt' => ((x($_REQUEST, 'subject')) ? strip_tags($_REQUEST['subject']) : ''), - '$text' => ((x($_REQUEST, 'body')) ? escape_tags(htmlspecialchars($_REQUEST['body'])) : ''), - '$readonly' => '', - '$yourmessage' => L10n::t('Your message:'), - '$parent' => '', - '$upload' => L10n::t('Upload photo'), - '$insert' => L10n::t('Insert web link'), - '$wait' => L10n::t('Please wait') + '$header' => L10n::t('Send Private Message'), + '$subheader' => L10n::t('If you wish for %s to respond, please check that the privacy settings on your site allow private mail from unknown senders.', $user['username']), + '$to' => L10n::t('To:'), + '$subject' => L10n::t('Subject:'), + '$recipname' => $user['username'], + '$nickname' => $user['nickname'], + '$subjtxt' => $_REQUEST['subject'] ?? '', + '$text' => $_REQUEST['body'] ?? '', + '$readonly' => '', + '$yourmessage'=> L10n::t('Your message:'), + '$parent' => '', + '$upload' => L10n::t('Upload photo'), + '$insert' => L10n::t('Insert web link'), + '$wait' => L10n::t('Please wait') ]); return $o;