acl lookup now works fine as well.

author Michael Vogel <icarus@dabo.de>

Fri, 9 Oct 2015 21:27:00 +0000 (23:27 +0200)

committer Michael Vogel <icarus@dabo.de>

Fri, 9 Oct 2015 21:27:00 +0000 (23:27 +0200)
author Michael Vogel <icarus@dabo.de>
Fri, 9 Oct 2015 21:27:00 +0000 (23:27 +0200)
committer Michael Vogel <icarus@dabo.de>
Fri, 9 Oct 2015 21:27:00 +0000 (23:27 +0200)
diff --git a/include/acl_selectors.php b/include/acl_selectors.php

index 05856bd21738955bd4e5f538ed44c3923b45a8ff..a1154399a713035c43a8f83751006cdcd8228989 100644 (file)
--- a/include/acl_selectors.php
+++ b/include/acl_selectors.php
@@ -392,7 +392,6 @@ function acl_lookup(&$a, $out_type = 'json') {
         if(!local_user())
                 return "";
  
-
         $start = (x($_REQUEST,'start')?$_REQUEST['start']:0);
         $count = (x($_REQUEST,'count')?$_REQUEST['count']:100);
         $search = (x($_REQUEST,'search')?$_REQUEST['search']:"");
@@ -492,7 +491,7 @@ function acl_lookup(&$a, $out_type = 'json') {
                         $groups[] = array(
                                 "type"  => "g",
                                 "photo" => "images/twopeople.png",
-                               "name"  => $g['name'],
+                               "name"  => htmlentities($g['name']),
                                 "id"    => intval($g['id']),
                                 "uids"  => array_map("intval", explode(",",$g['uids'])),
                                 "link"  => '',
@@ -547,7 +546,7 @@ function acl_lookup(&$a, $out_type = 'json') {
                         foreach($r as $g) {
                                 $x['photos'][] = proxy_url($g['micro'], false, PROXY_SIZE_MICRO);
                                 $x['links'][] = $g['url'];
-                               $x['suggestions'][] = $g['name'];
+                               $x['suggestions'][] = htmlentities($g['name']);
                                 $x['data'][] = intval($g['id']);
                         }
                 }
@@ -560,11 +559,11 @@ function acl_lookup(&$a, $out_type = 'json') {
                         $contacts[] = array(
                                 "type"  => "c",
                                 "photo" => proxy_url($g['micro'], false, PROXY_SIZE_MICRO),
-                               "name"  => $g['name'],
+                               "name"  => htmlentities($g['name']),
                                 "id"    => intval($g['id']),
                                 "network" => $g['network'],
                                 "link" => $g['url'],
-                               "nick" => ($g['attag']) ? $g['attag'] : $g['nick'],
+                               "nick" => htmlentities(($g['attag']) ? $g['attag'] : $g['nick']),
                                 "forum" => $g['forum']
                         );
                 }
@@ -605,11 +604,11 @@ function acl_lookup(&$a, $out_type = 'json') {
                                 $unknow_contacts[] = array(
                                         "type"  => "c",
                                         "photo" => proxy_url($row['author-avatar'], false, PROXY_SIZE_MICRO),
-                                       "name"  => $row['author-name'],
+                                       "name"  => htmlentities($row['author-name']),
                                         "id"    => '',
                                         "network" => "unknown",
                                         "link" => $row['author-link'],
-                                       "nick" => $nick,
+                                       "nick" => htmlentities($nick),
                                         "forum" => false
                                 );
                         }
author	Michael Vogel <icarus@dabo.de>
	Fri, 9 Oct 2015 21:27:00 +0000 (23:27 +0200)
committer	Michael Vogel <icarus@dabo.de>
	Fri, 9 Oct 2015 21:27:00 +0000 (23:27 +0200)