X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FObject%2FOEmbed.php;h=d787e2ee98e771e163026e1cc90e9a052ba1ddb8;hb=b543ee8ac78168328c7a7f2d725ee01bb333e941;hp=20f27ae0bf12dea38e948e06dd8fe7fc6930f73e;hpb=a6996601d5260e4dde621f4d04b35adbbc3c10e0;p=friendica.git

diff --git a/src/Object/OEmbed.php b/src/Object/OEmbed.php
index 20f27ae0bf..d787e2ee98 100644
--- a/src/Object/OEmbed.php
+++ b/src/Object/OEmbed.php
@@ -42,6 +42,19 @@ class OEmbed
 		}
 
 		foreach ($properties as $key => $value) {
+			if (in_array($key, ['thumbnail_width', 'thumbnail_height', 'width', 'height'])) {
+				// These values should be numbers, so ensure that they really are numbers.
+				$value = (int)$value;
+			} elseif (is_array($value)) {
+				// Ignoring arrays.
+			} elseif ($key != 'html') {
+				// Avoid being able to inject some ugly stuff through these fields.
+				$value = htmlentities($value);
+			} else {
+				/// @todo Add a way to sanitize the html as well, possibly with an <iframe>?
+				$value = mb_convert_encoding($value, 'HTML-ENTITIES', mb_detect_encoding($value));
+			}
+
 			if (property_exists(__CLASS__, $key)) {
 				$this->{$key} = $value;
 			}