escape_tags calls

implement escapeTags function

diff --git a/mod/admin.php b/mod/admin.php
index 0be43036be4b8c49cd1083fbfee64cff54c1a605..730d21984d0f7c90fd816f91b0f2bb6addd39a93 100644 (file)
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -2478,9 +2478,9 @@ function admin_page_viewlogs(App $a)
                                }
                                $seek = fseek($fp, 0 - $size, SEEK_END);
                                if ($seek === 0) {
-                                       $data = escape_tags(fread($fp, $size));
+                                       $data = Strings::escapeTags(fread($fp, $size));
                                        while (!feof($fp)) {
-                                               $data .= escape_tags(fread($fp, 4096));
+                                               $data .= Strings::escapeTags(fread($fp, 4096));
                                        }
                                }
                        }

diff --git a/mod/dirfind.php b/mod/dirfind.php
index df4bda72276e842e5a9a2faae626cc67308c09a3..cf58098ab96014a5a5d7e0cad307757b1f066270 100644 (file)
--- a/mod/dirfind.php
+++ b/mod/dirfind.php
@@ -126,8 +126,8 @@ function dirfind_content(App $a, $prefix = "") {
                                                (`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR
                                                `addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql",
                                        DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
-                                       DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
-                                       DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)));
+                                       DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)),
+                                       DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)));
 
                        $results = q("SELECT `nurl`
                                        FROM `gcontact`
@@ -138,8 +138,8 @@ function dirfind_content(App $a, $prefix = "") {
                                                GROUP BY `nurl`
                                                ORDER BY `updated` DESC LIMIT %d, %d",
                                        DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
-                                       DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
-                                       DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
+                                       DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)),
+                                       DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)),
                                        $pager->getStart(), $pager->getItemsPerPage());
                        $j = new stdClass();
                        $j->total = $count[0]["total"];

diff --git a/mod/events.php b/mod/events.php
index c9461a48ec3c12547bea6835f219234943e44088..540a5b1650abb6ce1cd31047c9bb175c12baca1e 100644 (file)
--- a/mod/events.php
+++ b/mod/events.php
@@ -19,6 +19,7 @@ use Friendica\Model\Item;
 use Friendica\Model\Profile;
 use Friendica\Module\Login;
 use Friendica\Util\DateTimeFormat;
+use Friendica\Util\Strings;
 use Friendica\Util\Temporal;
 
 require_once 'include/items.php';
@@ -59,8 +60,8 @@ function events_post(App $a)
        $cid = !empty($_POST['cid']) ? intval($_POST['cid']) : 0;
        $uid = local_user();
 
-       $start_text  = escape_tags(defaults($_REQUEST, 'start_text', ''));
-       $finish_text = escape_tags(defaults($_REQUEST, 'finish_text', ''));
+       $start_text  = Strings::escapeTags(defaults($_REQUEST, 'start_text', ''));
+       $finish_text = Strings::escapeTags(defaults($_REQUEST, 'finish_text', ''));
 
        $adjust   = intval(defaults($_POST, 'adjust', 0));
        $nofinish = intval(defaults($_POST, 'nofinish', 0));
@@ -96,9 +97,9 @@ function events_post(App $a)
        // and we'll waste a bunch of time responding to it. Time that
        // could've been spent doing something else.
 
-       $summary  = escape_tags(trim(defaults($_POST, 'summary', '')));
-       $desc     = escape_tags(trim(defaults($_POST, 'desc', '')));
-       $location = escape_tags(trim(defaults($_POST, 'location', '')));
+       $summary  = Strings::escapeTags(trim(defaults($_POST, 'summary', '')));
+       $desc     = Strings::escapeTags(trim(defaults($_POST, 'desc', '')));
+       $location = Strings::escapeTags(trim(defaults($_POST, 'location', '')));
        $type     = 'event';
 
        $action = ($event_id == '') ? 'new' : "event/" . $event_id;

diff --git a/mod/fsuggest.php b/mod/fsuggest.php
index f87046f6c9d9b667eccaa023d9bdff17774fda7a..7768c8cf8c72906786c49185831c6d4accb75ed1 100644 (file)
--- a/mod/fsuggest.php
+++ b/mod/fsuggest.php
@@ -37,7 +37,7 @@ function fsuggest_post(App $a)
 
        $hash = Strings::getRandomHex();
 
-       $note = escape_tags(trim(defaults($_POST, 'note', '')));
+       $note = Strings::escapeTags(trim(defaults($_POST, 'note', '')));
 
        if ($new_contact) {
                $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",

diff --git a/mod/item.php b/mod/item.php
index c2088c4542cac336227f1c8370a0a93fd537d6b4..c6f359cf4824bf3c3a52e19e3afba9431c7b4463 100644 (file)
--- a/mod/item.php
+++ b/mod/item.php
@@ -205,7 +205,7 @@ function item_post(App $a) {
                $app               = $orig_post['app'];
                $categories        = $orig_post['file'];
                $title             = Strings::removeTags(trim($_REQUEST['title']));
-               $body              = escape_tags(trim($_REQUEST['body']));
+               $body              = Strings::escapeTags(trim($_REQUEST['body']));
                $private           = $orig_post['private'];
                $pubmail_enabled   = $orig_post['pubmail'];
                $network           = $orig_post['network'];
@@ -236,14 +236,14 @@ function item_post(App $a) {
                        $str_contact_deny  = perms2str(defaults($_REQUEST, 'contact_deny', ''));
                }
 
-               $title             =      Strings::removeTags(trim(defaults($_REQUEST, 'title'   , '')));
-               $location          =      Strings::removeTags(trim(defaults($_REQUEST, 'location', '')));
-               $coord             =      Strings::removeTags(trim(defaults($_REQUEST, 'coord'   , '')));
-               $verb              =      Strings::removeTags(trim(defaults($_REQUEST, 'verb'    , '')));
-               $emailcc           =      Strings::removeTags(trim(defaults($_REQUEST, 'emailcc' , '')));
-               $body              = escape_tags(trim(defaults($_REQUEST, 'body'    , '')));
-               $network           =      Strings::removeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN)));
-               $guid              =      System::createUUID();
+               $title             = Strings::removeTags(trim(defaults($_REQUEST, 'title'   , '')));
+               $location          = Strings::removeTags(trim(defaults($_REQUEST, 'location', '')));
+               $coord             = Strings::removeTags(trim(defaults($_REQUEST, 'coord'   , '')));
+               $verb              = Strings::removeTags(trim(defaults($_REQUEST, 'verb'    , '')));
+               $emailcc           = Strings::removeTags(trim(defaults($_REQUEST, 'emailcc' , '')));
+               $body              = Strings::escapeTags(trim(defaults($_REQUEST, 'body'    , '')));
+               $network           = Strings::removeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN)));
+               $guid              = System::createUUID();
 
                $postopts = defaults($_REQUEST, 'postopts', '');
 

diff --git a/mod/message.php b/mod/message.php
index 959420bfe1501b85e861208f35ebbdeaaf3ec05c..afb3391474c116d8dabd47d8e7b35a5f18b4af49 100644 (file)
--- a/mod/message.php
+++ b/mod/message.php
@@ -61,7 +61,7 @@ function message_post(App $a)
 
        $replyto   = x($_REQUEST, 'replyto')   ? Strings::removeTags(trim($_REQUEST['replyto']))   : '';
        $subject   = x($_REQUEST, 'subject')   ? Strings::removeTags(trim($_REQUEST['subject']))   : '';
-       $body      = x($_REQUEST, 'body')      ? escape_tags(trim($_REQUEST['body'])) : '';
+       $body      = x($_REQUEST, 'body')      ? Strings::escapeTags(trim($_REQUEST['body'])) : '';
        $recipient = x($_REQUEST, 'messageto') ? intval($_REQUEST['messageto'])       : 0;
 
        $ret = Mail::send($recipient, $body, $subject, $replyto);
@@ -254,7 +254,7 @@ function message_content(App $a)
                        '$preid' => $preid,
                        '$subject' => L10n::t('Subject:'),
                        '$subjtxt' => x($_REQUEST, 'subject') ? strip_tags($_REQUEST['subject']) : '',
-                       '$text' => x($_REQUEST, 'body') ? escape_tags(htmlspecialchars($_REQUEST['body'])) : '',
+                       '$text' => x($_REQUEST, 'body') ? Strings::escapeTags(htmlspecialchars($_REQUEST['body'])) : '',
                        '$readonly' => '',
                        '$yourmessage' => L10n::t('Your message:'),
                        '$select' => $select,

diff --git a/mod/network.php b/mod/network.php
index 5e5f095db115f160569a6a6b0535a2c9bb3383e0..e1c077b6c58d1a12ed995def836e17e7dfb11b34 100644 (file)
--- a/mod/network.php
+++ b/mod/network.php
@@ -42,7 +42,7 @@ function network_init(App $a)
 
        Hook::add('head', __FILE__, 'network_infinite_scroll_head');
 
-       $search = (x($_GET, 'search') ? escape_tags($_GET['search']) : '');
+       $search = (x($_GET, 'search') ? Strings::escapeTags($_GET['search']) : '');
 
        if (($search != '') && !empty($_GET['submit'])) {
                $a->internalRedirect('search?search=' . urlencode($search));
@@ -519,9 +519,9 @@ function networkThreadedView(App $a, $update, $parent)
                for ($x = 1; $x < $a->argc; $x ++) {
                        if (is_a_date_arg($a->argv[$x])) {
                                if ($datequery) {
-                                       $datequery2 = escape_tags($a->argv[$x]);
+                                       $datequery2 = Strings::escapeTags($a->argv[$x]);
                                } else {
-                                       $datequery = escape_tags($a->argv[$x]);
+                                       $datequery = Strings::escapeTags($a->argv[$x]);
                                        $_GET['order'] = 'post';
                                }
                        } elseif (intval($a->argv[$x])) {

diff --git a/mod/profile.php b/mod/profile.php
index a006c886828c3e2f151a0982e188625d12437fd0..d07631dced8c592512e8898364476eecd221530b 100644 (file)
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -115,9 +115,9 @@ function profile_content(App $a, $update = 0)
                for ($x = 2; $x < $a->argc; $x ++) {
                        if (is_a_date_arg($a->argv[$x])) {
                                if ($datequery) {
-                                       $datequery2 = escape_tags($a->argv[$x]);
+                                       $datequery2 = Strings::escapeTags($a->argv[$x]);
                                } else {
-                                       $datequery = escape_tags($a->argv[$x]);
+                                       $datequery = Strings::escapeTags($a->argv[$x]);
                                }
                        } else {
                                $category = $a->argv[$x];

diff --git a/mod/profiles.php b/mod/profiles.php
index d6faadd44a6c4a3e315d3ca9078c011568afa35e..00fdc6a29cc097a684fb06fdf244a62935be42dd 100644 (file)
--- a/mod/profiles.php
+++ b/mod/profiles.php
@@ -208,7 +208,7 @@ function profiles_post(App $a) {
                        return;
                }
 
-               $dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00';
+               $dob = $_POST['dob'] ? Strings::escapeTags(trim($_POST['dob'])) : '0000-00-00';
 
                $y = substr($dob, 0, 4);
                if ((! ctype_digit($y)) || ($y < 1900)) {
@@ -323,19 +323,19 @@ function profiles_post(App $a) {
                $politic = Strings::removeTags(trim($_POST['politic']));
                $religion = Strings::removeTags(trim($_POST['religion']));
 
-               $likes = escape_tags(trim($_POST['likes']));
-               $dislikes = escape_tags(trim($_POST['dislikes']));
-
-               $about = escape_tags(trim($_POST['about']));
-               $interest = escape_tags(trim($_POST['interest']));
-               $contact = escape_tags(trim($_POST['contact']));
-               $music = escape_tags(trim($_POST['music']));
-               $book = escape_tags(trim($_POST['book']));
-               $tv = escape_tags(trim($_POST['tv']));
-               $film = escape_tags(trim($_POST['film']));
-               $romance = escape_tags(trim($_POST['romance']));
-               $work = escape_tags(trim($_POST['work']));
-               $education = escape_tags(trim($_POST['education']));
+               $likes = Strings::escapeTags(trim($_POST['likes']));
+               $dislikes = Strings::escapeTags(trim($_POST['dislikes']));
+
+               $about = Strings::escapeTags(trim($_POST['about']));
+               $interest = Strings::escapeTags(trim($_POST['interest']));
+               $contact = Strings::escapeTags(trim($_POST['contact']));
+               $music = Strings::escapeTags(trim($_POST['music']));
+               $book = Strings::escapeTags(trim($_POST['book']));
+               $tv = Strings::escapeTags(trim($_POST['tv']));
+               $film = Strings::escapeTags(trim($_POST['film']));
+               $romance = Strings::escapeTags(trim($_POST['romance']));
+               $work = Strings::escapeTags(trim($_POST['work']));
+               $education = Strings::escapeTags(trim($_POST['education']));
 
                $hide_friends = (($_POST['hide-friends'] == 1) ? 1: 0);
 

diff --git a/mod/wallmessage.php b/mod/wallmessage.php
index aa5186452d87e303c1c4710b46ce12b56840a4a3..f2fb04442cc19711a67790a19a20772a4b868260 100644 (file)
--- a/mod/wallmessage.php
+++ b/mod/wallmessage.php
@@ -21,7 +21,7 @@ function wallmessage_post(App $a) {
        }
 
        $subject   = ((x($_REQUEST,'subject'))   ? Strings::removeTags(trim($_REQUEST['subject']))   : '');
-       $body      = ((x($_REQUEST,'body'))      ? escape_tags(trim($_REQUEST['body'])) : '');
+       $body      = ((x($_REQUEST,'body'))      ? Strings::escapeTags(trim($_REQUEST['body'])) : '');
 
        $recipient = (($a->argc > 1) ? Strings::removeTags($a->argv[1]) : '');
        if ((! $recipient) || (! $body)) {
@@ -132,7 +132,7 @@ function wallmessage_content(App $a) {
                '$recipname' => $user['username'],
                '$nickname' => $user['nickname'],
                '$subjtxt' => ((x($_REQUEST, 'subject')) ? strip_tags($_REQUEST['subject']) : ''),
-               '$text' => ((x($_REQUEST, 'body')) ? escape_tags(htmlspecialchars($_REQUEST['body'])) : ''),
+               '$text' => ((x($_REQUEST, 'body')) ? Strings::escapeTags(htmlspecialchars($_REQUEST['body'])) : ''),
                '$readonly' => '',
                '$yourmessage' => L10n::t('Your message:'),
                '$parent' => '',

diff --git a/src/Model/Item.php b/src/Model/Item.php
index 4790f9f6d7b4f2ebb829a197a4ddea8ddc6e6113..c2238c1c45bcc239237d2ac67038b43836cb71c4 100644 (file)
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -3447,7 +3447,7 @@ class Item extends BaseObject
                                $filesubtype = 'unkn';
                        }
 
-                       $title = escape_tags(trim(!empty($mtch[4]) ? $mtch[4] : $mtch[1]));
+                       $title = Strings::escapeTags(trim(!empty($mtch[4]) ? $mtch[4] : $mtch[1]));
                        $title .= ' ' . $mtch[2] . ' ' . L10n::t('bytes');
 
                        $icon = '<div class="attachtype icon s22 type-' . $filetype . ' subtype-' . $filesubtype . '"></div>';

diff --git a/src/Module/Contact.php b/src/Module/Contact.php
index c25665f247433e3b135912aad15be1155d03f1a0..75e2af7b2769000d5e91da246025fcda2d93139a 100644 (file)
--- a/src/Module/Contact.php
+++ b/src/Module/Contact.php
@@ -214,14 +214,14 @@ class Contact extends BaseModule
 
                $fetch_further_information = intval(defaults($_POST, 'fetch_further_information', 0));
 
-               $ffi_keyword_blacklist = escape_tags(trim(defaults($_POST, 'ffi_keyword_blacklist', '')));
+               $ffi_keyword_blacklist = Strings::escapeTags(trim(defaults($_POST, 'ffi_keyword_blacklist', '')));
 
                $priority = intval(defaults($_POST, 'poll', 0));
                if ($priority > 5 || $priority < 0) {
                        $priority = 0;
                }
 
-               $info = escape_tags(trim($_POST['info']));
+               $info = Strings::escapeTags(trim($_POST['info']));
 
                $r = DBA::update('contact', [
                        'profile-id' => $profile_id,

diff --git a/src/Module/Hashtag.php b/src/Module/Hashtag.php
index bfe1eee7de3eb79e1a7142564470af1d9249b17a..b016b4da407ccf3dd3f5b0e40c9d8c0ca8062933 100644 (file)
--- a/src/Module/Hashtag.php
+++ b/src/Module/Hashtag.php
@@ -7,6 +7,7 @@ namespace Friendica\Module;
 use Friendica\BaseModule;
 use Friendica\Core\System;
 use Friendica\Database\DBA;
+use Friendica\Util\Strings;
 
 require_once 'include/dba.php';
 require_once 'include/text.php';
@@ -21,7 +22,7 @@ class Hashtag extends BaseModule
        {
                $result = [];
 
-               $t = escape_tags($_REQUEST['t']);
+               $t = Strings::escapeTags($_REQUEST['t']);
                if (empty($t)) {
                        System::jsonExit($result);
                }

diff --git a/src/Util/Strings.php b/src/Util/Strings.php
index f536e60a1217b7f279cd4f4748cabda9e25bd7bf..bf31f62fa0af5921773b27093765aec0d3e4fcfd 100644 (file)
--- a/src/Util/Strings.php
+++ b/src/Util/Strings.php
@@ -56,7 +56,7 @@ class Strings
      * 
      * @return string
      */
-    public static function escapeTags($string) // escape_tags()
+    public static function escapeTags($string)
     {
         return htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false);
     }

diff --git a/src/Worker/OnePoll.php b/src/Worker/OnePoll.php
index 5de6df174f14e849f5229c1d26800176323f85d3..f9ff0b1a6a6cf2802fe5669d163bc1ed1245b7b8 100644 (file)
--- a/src/Worker/OnePoll.php
+++ b/src/Worker/OnePoll.php
@@ -507,7 +507,7 @@ class OnePoll
                                                                Logger::log("Mail: can't fetch msg ".$msg_uid." for ".$mailconf['user']);
                                                                continue;
                                                        }
-                                                       $datarray['body'] = escape_tags($r['body']);
+                                                       $datarray['body'] = Strings::escapeTags($r['body']);
                                                        $datarray['body'] = BBCode::limitBodySize($datarray['body']);
 
                                                        Logger::log("Mail: Importing ".$msg_uid." for ".$mailconf['user']);

diff --git a/tests/include/TextTest.php b/tests/include/TextTest.php
index 89e1dfcbdb7defb6e87d77d30c386318451ab446..d4c9c1ec471588bbfb97840b82522da5a9a3bcfc 100644 (file)
--- a/tests/include/TextTest.php
+++ b/tests/include/TextTest.php
@@ -240,7 +240,7 @@ class TextTest extends TestCase
                $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
 
                $validstring = Friendica\Util\Strings::removeTags($invalidstring);
-               $escapedString=escape_tags($invalidstring);
+               $escapedString = Friendica\Util\Strings::escapeTags($invalidstring);
 
                $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
                $this->assertEquals(