Rename removeTags to escapeTags

rename function and update calls.

diff --git a/include/conversation.php b/include/conversation.php
index e57033605406e7c1ab742a8bfceff195a99b0089..ee286ca98331eb6ec8c3d5460b8f8ddaaeb884bc 100644 (file)
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -483,7 +483,7 @@ function conversation(App $a, array $items, Pager $pager, $mode, $update, $previ
                if (!$update) {
                        $tab = 'posts';
                        if (x($_GET, 'tab')) {
-                               $tab = Strings::removeTags(trim($_GET['tab']));
+                               $tab = Strings::escapeTags(trim($_GET['tab']));
                        }
                        if ($tab === 'posts') {
                                /*

diff --git a/include/text.php b/include/text.php
index b4e8dbf1128aff15cdedfa4e991288a6b67cc5b4..ee83345c09954bc3cb351441ac6a3ff03e561149 100644 (file)
--- a/include/text.php
+++ b/include/text.php
@@ -62,7 +62,7 @@ function expand_acl($s) {
  */
 function sanitise_acl(&$item) {
        if (intval($item)) {
-               $item = '<' . intval(Strings::removeTags(trim($item))) . '>';
+               $item = '<' . intval(Strings::escapeTags(trim($item))) . '>';
        } else {
                unset($item);
        }

diff --git a/mod/acl.php b/mod/acl.php
index 266c2941787bc09208a65f4060fec46f4d524c84..cb378dc27cc3d6097e6a98f8565f1b350173cbfd 100644 (file)
--- a/mod/acl.php
+++ b/mod/acl.php
@@ -189,7 +189,7 @@ function acl_content(App $a)
                );
        } elseif ($type == 'x') {
                // autocomplete for global contact search (e.g. navbar search)
-               $search = Strings::removeTags(trim($_REQUEST['search']));
+               $search = Strings::escapeTags(trim($_REQUEST['search']));
                $mode = $_REQUEST['smode'];
 
                $r = ACL::contactAutocomplete($search, $mode);

diff --git a/mod/admin.php b/mod/admin.php
index d1b761c9806acf66906716396cebbc7ca87828e2..5adc8e9c47036b25b6cc5f859ca39cc9dbd74598 100644 (file)
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -417,8 +417,8 @@ function admin_page_blocklist_post(App $a)
                //  Add new item to blocklist
                $blocklist = Config::get('system', 'blocklist');
                $blocklist[] = [
-                       'domain' => Strings::removeTags(trim($_POST['newentry_domain'])),
-                       'reason' => Strings::removeTags(trim($_POST['newentry_reason']))
+                       'domain' => Strings::escapeTags(trim($_POST['newentry_domain'])),
+                       'reason' => Strings::escapeTags(trim($_POST['newentry_reason']))
                ];
                Config::set('system', 'blocklist', $blocklist);
                info(L10n::t('Server added to blocklist.') . EOL);
@@ -427,8 +427,8 @@ function admin_page_blocklist_post(App $a)
                $blocklist = [];
                foreach ($_POST['domain'] as $id => $domain) {
                        // Trimming whitespaces as well as any lingering slashes
-                       $domain = Strings::removeTags(trim($domain, "\x00..\x1F/"));
-                       $reason = Strings::removeTags(trim($_POST['reason'][$id]));
+                       $domain = Strings::escapeTags(trim($domain, "\x00..\x1F/"));
+                       $reason = Strings::escapeTags(trim($_POST['reason'][$id]));
                        if (!x($_POST['delete'][$id])) {
                                $blocklist[] = [
                                        'domain' => $domain,
@@ -566,7 +566,7 @@ function admin_page_deleteitem_post(App $a)
        BaseModule::checkFormSecurityTokenRedirectOnError('/admin/deleteitem/', 'admin_deleteitem');
 
        if (x($_POST['page_deleteitem_submit'])) {
-               $guid = trim(Strings::removeTags($_POST['deleteitemguid']));
+               $guid = trim(Strings::escapeTags($_POST['deleteitemguid']));
                // The GUID should not include a "/", so if there is one, we got an URL
                // and the last part of it is most likely the GUID.
                if (strpos($guid, '/')) {
@@ -1049,16 +1049,16 @@ function admin_page_site_post(App $a)
        }
        // end relocate
 
-       $sitename               =       ((x($_POST,'sitename'))                 ? Strings::removeTags(trim($_POST['sitename']))         : '');
-       $hostname               =       ((x($_POST,'hostname'))                 ? Strings::removeTags(trim($_POST['hostname']))         : '');
-       $sender_email           =       ((x($_POST,'sender_email'))             ? Strings::removeTags(trim($_POST['sender_email']))             : '');
+       $sitename               =       ((x($_POST,'sitename'))                 ? Strings::escapeTags(trim($_POST['sitename']))         : '');
+       $hostname               =       ((x($_POST,'hostname'))                 ? Strings::escapeTags(trim($_POST['hostname']))         : '');
+       $sender_email           =       ((x($_POST,'sender_email'))             ? Strings::escapeTags(trim($_POST['sender_email']))             : '');
        $banner                 =       ((x($_POST,'banner'))                   ? trim($_POST['banner'])                        : false);
-       $shortcut_icon          =       ((x($_POST,'shortcut_icon'))            ? Strings::removeTags(trim($_POST['shortcut_icon']))            : '');
-       $touch_icon             =       ((x($_POST,'touch_icon'))               ? Strings::removeTags(trim($_POST['touch_icon']))               : '');
+       $shortcut_icon          =       ((x($_POST,'shortcut_icon'))            ? Strings::escapeTags(trim($_POST['shortcut_icon']))            : '');
+       $touch_icon             =       ((x($_POST,'touch_icon'))               ? Strings::escapeTags(trim($_POST['touch_icon']))               : '');
        $info                   =       ((x($_POST,'info'))                     ? trim($_POST['info'])                          : false);
-       $language               =       ((x($_POST,'language'))                 ? Strings::removeTags(trim($_POST['language']))         : '');
-       $theme                  =       ((x($_POST,'theme'))                    ? Strings::removeTags(trim($_POST['theme']))                    : '');
-       $theme_mobile           =       ((x($_POST,'theme_mobile'))             ? Strings::removeTags(trim($_POST['theme_mobile']))             : '');
+       $language               =       ((x($_POST,'language'))                 ? Strings::escapeTags(trim($_POST['language']))         : '');
+       $theme                  =       ((x($_POST,'theme'))                    ? Strings::escapeTags(trim($_POST['theme']))                    : '');
+       $theme_mobile           =       ((x($_POST,'theme_mobile'))             ? Strings::escapeTags(trim($_POST['theme_mobile']))             : '');
        $maximagesize           =       ((x($_POST,'maximagesize'))             ? intval(trim($_POST['maximagesize']))          :  0);
        $maximagelength         =       ((x($_POST,'maximagelength'))           ? intval(trim($_POST['maximagelength']))        :  MAX_IMAGE_LENGTH);
        $jpegimagequality       =       ((x($_POST,'jpegimagequality'))         ? intval(trim($_POST['jpegimagequality']))      :  JPEG_QUALITY);
@@ -1070,14 +1070,14 @@ function admin_page_site_post(App $a)
 
        $register_text          =       ((x($_POST,'register_text'))            ? strip_tags(trim($_POST['register_text']))             : '');
 
-       $allowed_sites          =       ((x($_POST,'allowed_sites'))            ? Strings::removeTags(trim($_POST['allowed_sites']))            : '');
-       $allowed_email          =       ((x($_POST,'allowed_email'))            ? Strings::removeTags(trim($_POST['allowed_email']))            : '');
-       $forbidden_nicknames    =       ((x($_POST,'forbidden_nicknames'))      ? strtolower(Strings::removeTags(trim($_POST['forbidden_nicknames'])))          : '');
+       $allowed_sites          =       ((x($_POST,'allowed_sites'))            ? Strings::escapeTags(trim($_POST['allowed_sites']))            : '');
+       $allowed_email          =       ((x($_POST,'allowed_email'))            ? Strings::escapeTags(trim($_POST['allowed_email']))            : '');
+       $forbidden_nicknames    =       ((x($_POST,'forbidden_nicknames'))      ? strtolower(Strings::escapeTags(trim($_POST['forbidden_nicknames'])))          : '');
        $no_oembed_rich_content = x($_POST,'no_oembed_rich_content');
-       $allowed_oembed         =       ((x($_POST,'allowed_oembed'))           ? Strings::removeTags(trim($_POST['allowed_oembed']))           : '');
+       $allowed_oembed         =       ((x($_POST,'allowed_oembed'))           ? Strings::escapeTags(trim($_POST['allowed_oembed']))           : '');
        $block_public           =       ((x($_POST,'block_public'))             ? True                                          : False);
        $force_publish          =       ((x($_POST,'publish_all'))              ? True                                          : False);
-       $global_directory       =       ((x($_POST,'directory'))                ? Strings::removeTags(trim($_POST['directory']))                : '');
+       $global_directory       =       ((x($_POST,'directory'))                ? Strings::escapeTags(trim($_POST['directory']))                : '');
        $newuser_private                =       ((x($_POST,'newuser_private'))          ? True                                  : False);
        $enotify_no_content             =       ((x($_POST,'enotify_no_content'))       ? True                                  : False);
        $private_addons                 =       ((x($_POST,'private_addons'))           ? True                                  : False);
@@ -1092,8 +1092,8 @@ function admin_page_site_post(App $a)
        $max_author_posts_community_page        =       ((x($_POST,'max_author_posts_community_page'))  ? intval(trim($_POST['max_author_posts_community_page']))       : 0);
 
        $verifyssl              =       ((x($_POST,'verifyssl'))                ? True                                          : False);
-       $proxyuser              =       ((x($_POST,'proxyuser'))                ? Strings::removeTags(trim($_POST['proxyuser']))                : '');
-       $proxy                  =       ((x($_POST,'proxy'))                    ? Strings::removeTags(trim($_POST['proxy']))                    : '');
+       $proxyuser              =       ((x($_POST,'proxyuser'))                ? Strings::escapeTags(trim($_POST['proxyuser']))                : '');
+       $proxy                  =       ((x($_POST,'proxy'))                    ? Strings::escapeTags(trim($_POST['proxy']))                    : '');
        $timeout                =       ((x($_POST,'timeout'))                  ? intval(trim($_POST['timeout']))               : 60);
        $maxloadavg             =       ((x($_POST,'maxloadavg'))               ? intval(trim($_POST['maxloadavg']))            : 50);
        $maxloadavg_frontend    =       ((x($_POST,'maxloadavg_frontend'))      ? intval(trim($_POST['maxloadavg_frontend']))   : 50);
@@ -1117,16 +1117,16 @@ function admin_page_site_post(App $a)
        $dbclean_expire_days    =       ((x($_POST,'dbclean_expire_days'))      ? intval($_POST['dbclean_expire_days'])         : 0);
        $dbclean_unclaimed      =       ((x($_POST,'dbclean_unclaimed'))        ? intval($_POST['dbclean_unclaimed'])           : 0);
        $suppress_tags          =       ((x($_POST,'suppress_tags'))            ? True                                          : False);
-       $itemcache              =       ((x($_POST,'itemcache'))                ? Strings::removeTags(trim($_POST['itemcache']))                : '');
+       $itemcache              =       ((x($_POST,'itemcache'))                ? Strings::escapeTags(trim($_POST['itemcache']))                : '');
        $itemcache_duration     =       ((x($_POST,'itemcache_duration'))       ? intval($_POST['itemcache_duration'])          : 0);
        $max_comments           =       ((x($_POST,'max_comments'))             ? intval($_POST['max_comments'])                : 0);
-       $temppath               =       ((x($_POST,'temppath'))                 ? Strings::removeTags(trim($_POST['temppath']))         : '');
-       $basepath               =       ((x($_POST,'basepath'))                 ? Strings::removeTags(trim($_POST['basepath']))         : '');
-       $singleuser             =       ((x($_POST,'singleuser'))               ? Strings::removeTags(trim($_POST['singleuser']))               : '');
+       $temppath               =       ((x($_POST,'temppath'))                 ? Strings::escapeTags(trim($_POST['temppath']))         : '');
+       $basepath               =       ((x($_POST,'basepath'))                 ? Strings::escapeTags(trim($_POST['basepath']))         : '');
+       $singleuser             =       ((x($_POST,'singleuser'))               ? Strings::escapeTags(trim($_POST['singleuser']))               : '');
        $proxy_disabled         =       ((x($_POST,'proxy_disabled'))           ? True                                          : False);
        $only_tag_search        =       ((x($_POST,'only_tag_search'))          ? True                                          : False);
        $rino                   =       ((x($_POST,'rino'))                     ? intval($_POST['rino'])                        : 0);
-       $check_new_version_url  =       ((x($_POST, 'check_new_version_url'))   ?       Strings::removeTags(trim($_POST['check_new_version_url']))      : 'none');
+       $check_new_version_url  =       ((x($_POST, 'check_new_version_url'))   ?       Strings::escapeTags(trim($_POST['check_new_version_url']))      : 'none');
 
        $worker_queues          =       ((x($_POST,'worker_queues'))            ? intval($_POST['worker_queues'])               : 10);
        $worker_dont_fork       =       ((x($_POST,'worker_dont_fork'))         ? True                                          : False);
@@ -1134,10 +1134,10 @@ function admin_page_site_post(App $a)
        $worker_frontend        =       ((x($_POST,'worker_frontend'))          ? True                                          : False);
 
        $relay_directly         =       ((x($_POST,'relay_directly'))           ? True                                          : False);
-       $relay_server           =       ((x($_POST,'relay_server'))             ? Strings::removeTags(trim($_POST['relay_server']))             : '');
+       $relay_server           =       ((x($_POST,'relay_server'))             ? Strings::escapeTags(trim($_POST['relay_server']))             : '');
        $relay_subscribe        =       ((x($_POST,'relay_subscribe'))          ? True                                          : False);
-       $relay_scope            =       ((x($_POST,'relay_scope'))              ? Strings::removeTags(trim($_POST['relay_scope']))              : '');
-       $relay_server_tags      =       ((x($_POST,'relay_server_tags'))        ? Strings::removeTags(trim($_POST['relay_server_tags']))        : '');
+       $relay_scope            =       ((x($_POST,'relay_scope'))              ? Strings::escapeTags(trim($_POST['relay_scope']))              : '');
+       $relay_server_tags      =       ((x($_POST,'relay_server_tags'))        ? Strings::escapeTags(trim($_POST['relay_server_tags']))        : '');
        $relay_user_tags        =       ((x($_POST,'relay_user_tags'))          ? True                                          : False);
 
        // Has the directory url changed? If yes, then resubmit the existing profiles there
@@ -2371,7 +2371,7 @@ function admin_page_logs_post(App $a)
        if (x($_POST, "page_logs")) {
                BaseModule::checkFormSecurityTokenRedirectOnError('/admin/logs', 'admin_logs');
 
-               $logfile   = ((x($_POST,'logfile'))   ? Strings::removeTags(trim($_POST['logfile']))  : '');
+               $logfile   = ((x($_POST,'logfile'))   ? Strings::escapeTags(trim($_POST['logfile']))  : '');
                $debugging = ((x($_POST,'debugging')) ? true                             : false);
                $loglevel  = ((x($_POST,'loglevel'))  ? intval(trim($_POST['loglevel'])) : 0);
 

diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index 8871e3e8a00727015cd5b96b7adb0db38d24dc36..48c8e32e5a431ff1a767c317f7cf1cc0f91b87f4 100644 (file)
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -85,7 +85,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
                        $cid      = 0;
                        $hidden   = intval(defaults($handsfree, 'hidden'  , 0));
                } else {
-                       $dfrn_id  = Strings::removeTags(trim(defaults($_POST, 'dfrn_id'   , '')));
+                       $dfrn_id  = Strings::escapeTags(trim(defaults($_POST, 'dfrn_id'   , '')));
                        $intro_id =      intval(defaults($_POST, 'intro_id'  , 0));
                        $duplex   =      intval(defaults($_POST, 'duplex'    , 0));
                        $cid      =      intval(defaults($_POST, 'contact_id', 0));

diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 90d3fb2b5d8a5917563f2309b3c3d25babb8a60f..63f53e0606a104365412a440150d26607a13577f 100644 (file)
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -39,15 +39,15 @@ function dfrn_notify_post(App $a) {
                }
        }
 
-       $dfrn_id      = ((x($_POST,'dfrn_id'))      ? Strings::removeTags(trim($_POST['dfrn_id']))   : '');
+       $dfrn_id      = ((x($_POST,'dfrn_id'))      ? Strings::escapeTags(trim($_POST['dfrn_id']))   : '');
        $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version']    : 2.0);
-       $challenge    = ((x($_POST,'challenge'))    ? Strings::removeTags(trim($_POST['challenge'])) : '');
+       $challenge    = ((x($_POST,'challenge'))    ? Strings::escapeTags(trim($_POST['challenge'])) : '');
        $data         = ((x($_POST,'data'))         ? $_POST['data']                    : '');
        $key          = ((x($_POST,'key'))          ? $_POST['key']                     : '');
        $rino_remote  = ((x($_POST,'rino'))         ? intval($_POST['rino'])            :  0);
        $dissolve     = ((x($_POST,'dissolve'))     ? intval($_POST['dissolve'])        :  0);
-       $perm         = ((x($_POST,'perm'))         ? Strings::removeTags(trim($_POST['perm']))      : 'r');
-       $ssl_policy   = ((x($_POST,'ssl_policy'))   ? Strings::removeTags(trim($_POST['ssl_policy'])): 'none');
+       $perm         = ((x($_POST,'perm'))         ? Strings::escapeTags(trim($_POST['perm']))      : 'r');
+       $ssl_policy   = ((x($_POST,'ssl_policy'))   ? Strings::escapeTags(trim($_POST['ssl_policy'])): 'none');
        $page         = ((x($_POST,'page'))         ? intval($_POST['page'])            :  0);
 
        $forum = (($page == 1) ? 1 : 0);
@@ -254,7 +254,7 @@ function dfrn_notify_content(App $a) {
                 * If this is a duplex communication, ours will be the opposite.
                 */
 
-               $dfrn_id = Strings::removeTags(trim($_GET['dfrn_id']));
+               $dfrn_id = Strings::escapeTags(trim($_GET['dfrn_id']));
                $dfrn_version = (float) $_GET['dfrn_version'];
                $rino_remote = ((x($_GET,'rino')) ? intval($_GET['rino']) : 0);
                $type = "";

diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 8548c67f19a01474d0729aac3b97716854511cb0..26d7efda5250c027b80a1fa469b6c2feade3d7f2 100644 (file)
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -76,7 +76,7 @@ function dfrn_request_post(App $a)
        if ((x($_POST, 'localconfirm')) && ($_POST['localconfirm'] == 1)) {
                // Ensure this is a valid request
                if (local_user() && ($a->user['nickname'] == $a->argv[1]) && (x($_POST, 'dfrn_url'))) {
-                       $dfrn_url = Strings::removeTags(trim($_POST['dfrn_url']));
+                       $dfrn_url = Strings::escapeTags(trim($_POST['dfrn_url']));
                        $aes_allow = (((x($_POST, 'aes_allow')) && ($_POST['aes_allow'] == 1)) ? 1 : 0);
                        $confirm_key = ((x($_POST, 'confirm_key')) ? $_POST['confirm_key'] : "");
                        $hidden = ((x($_POST, 'hidden-contact')) ? intval($_POST['hidden-contact']) : 0);
@@ -270,7 +270,7 @@ function dfrn_request_post(App $a)
                        }
                }
 
-               $real_name = x($_POST, 'realname') ? Strings::removeTags(trim($_POST['realname'])) : '';
+               $real_name = x($_POST, 'realname') ? Strings::escapeTags(trim($_POST['realname'])) : '';
 
                $url = trim($_POST['dfrn_url']);
                if (!strlen($url)) {
@@ -424,7 +424,7 @@ function dfrn_request_post(App $a)
                                        intval($uid),
                                        intval($contact_record['id']),
                                        ((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0),
-                                       DBA::escape(Strings::removeTags(trim(defaults($_POST, 'dfrn-request-message', '')))),
+                                       DBA::escape(Strings::escapeTags(trim(defaults($_POST, 'dfrn-request-message', '')))),
                                        DBA::escape($hash),
                                        DBA::escape(DateTimeFormat::utcNow())
                                );
@@ -498,7 +498,7 @@ function dfrn_request_content(App $a)
                        return Login::form();
                }
 
-               $dfrn_url = Strings::removeTags(trim(hex2bin($_GET['dfrn_url'])));
+               $dfrn_url = Strings::escapeTags(trim(hex2bin($_GET['dfrn_url'])));
                $aes_allow = x($_GET, 'aes_allow') && $_GET['aes_allow'] == 1 ? 1 : 0;
                $confirm_key = x($_GET, 'confirm_key') ? $_GET['confirm_key'] : "";
 

diff --git a/mod/directory.php b/mod/directory.php
index 122fd1aa558403e441c55dedaf7b122a201ab368..e59cf7b820a796a2f2a1beeed2e063316c6db2a8 100644 (file)
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -48,9 +48,9 @@ function directory_content(App $a)
        Nav::setSelected('directory');
 
        if (x($a->data, 'search')) {
-               $search = Strings::removeTags(trim($a->data['search']));
+               $search = Strings::escapeTags(trim($a->data['search']));
        } else {
-               $search = ((x($_GET, 'search')) ? Strings::removeTags(trim(rawurldecode($_GET['search']))) : '');
+               $search = ((x($_GET, 'search')) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : '');
        }
 
        $gdirpath = '';

diff --git a/mod/dirfind.php b/mod/dirfind.php
index 7b603a742755de70105354926424aca161a5cc2c..d3298b64db4a3201aff15fe498ae49dda59429c1 100644 (file)
--- a/mod/dirfind.php
+++ b/mod/dirfind.php
@@ -46,7 +46,7 @@ function dirfind_content(App $a, $prefix = "") {
 
        $local = Config::get('system','poco_local_search');
 
-       $search = $prefix.Strings::removeTags(trim(defaults($_REQUEST, 'search', '')));
+       $search = $prefix.Strings::escapeTags(trim(defaults($_REQUEST, 'search', '')));
 
        $header = '';
 

diff --git a/mod/follow.php b/mod/follow.php
index 47b66430a4c2a4252abac355c5ec4931539b893e..08f664d39301e23e0ecf09218d837cb63296e47e 100644 (file)
--- a/mod/follow.php
+++ b/mod/follow.php
@@ -26,7 +26,7 @@ function follow_post(App $a)
        }
 
        $uid = local_user();
-       $url = Strings::removeTags(trim($_REQUEST['url']));
+       $url = Strings::escapeTags(trim($_REQUEST['url']));
        $return_path = 'contacts';
 
        // Makes the connection request for friendica contacts easier
@@ -61,7 +61,7 @@ function follow_content(App $a)
        }
 
        $uid = local_user();
-       $url = Strings::removeTags(trim($_REQUEST['url']));
+       $url = Strings::escapeTags(trim($_REQUEST['url']));
 
        $submit = L10n::t('Submit Request');
 

diff --git a/mod/group.php b/mod/group.php
index 970fbba299e0a1703aeb65c25bee7962522f19e6..51fa2493e4ae2d6cf07a1049c1dede1ab193ca80 100644 (file)
--- a/mod/group.php
+++ b/mod/group.php
@@ -34,7 +34,7 @@ function group_post(App $a) {
        if (($a->argc == 2) && ($a->argv[1] === 'new')) {
                BaseModule::checkFormSecurityTokenRedirectOnError('/group/new', 'group_edit');
 
-               $name = Strings::removeTags(trim($_POST['groupname']));
+               $name = Strings::escapeTags(trim($_POST['groupname']));
                $r = Model\Group::create(local_user(), $name);
                if ($r) {
                        info(L10n::t('Group created.') . EOL);
@@ -62,7 +62,7 @@ function group_post(App $a) {
                        return; // NOTREACHED
                }
                $group = $r[0];
-               $groupname = Strings::removeTags(trim($_POST['groupname']));
+               $groupname = Strings::escapeTags(trim($_POST['groupname']));
                if (strlen($groupname) && ($groupname != $group['name'])) {
                        $r = q("UPDATE `group` SET `name` = '%s' WHERE `uid` = %d AND `id` = %d",
                                DBA::escape($groupname),

diff --git a/mod/help.php b/mod/help.php
index 83c2aa5ff3c0c0811dc3f5b6270723b577de8c61..3a21695b090f05ee4f4170620ae22be8078f70d0 100644 (file)
--- a/mod/help.php
+++ b/mod/help.php
@@ -48,7 +48,7 @@ function help_content(App $a)
                $title = basename($path);
                $filename = $path;
                $text = load_doc_file('doc/' . $path . '.md');
-               $a->page['title'] = L10n::t('Help:') . ' ' . str_replace('-', ' ', Strings::removeTags($title));
+               $a->page['title'] = L10n::t('Help:') . ' ' . str_replace('-', ' ', Strings::escapeTags($title));
        }
 
        $home = load_doc_file('doc/Home.md');

diff --git a/mod/invite.php b/mod/invite.php
index e0c73aa344266fdd5f106d80583226ead621821f..460a3461d3c2953774c8a516b3d99c93d0df92bb 100644 (file)
--- a/mod/invite.php
+++ b/mod/invite.php
@@ -41,7 +41,7 @@ function invite_post(App $a)
 
 
        $recipients  = !empty($_POST['recipients']) ? explode("\n", $_POST['recipients']) : [];
-       $message     = !empty($_POST['message'])    ? Strings::removeTags(trim($_POST['message']))     : '';
+       $message     = !empty($_POST['message'])    ? Strings::escapeTags(trim($_POST['message']))     : '';
 
        $total = 0;
 

diff --git a/mod/item.php b/mod/item.php
index 0473c74c5234ed97cfc215a25cee1e5fbc117d51..507185e7c264ee04580818ad8977dde1541e36b2 100644 (file)
--- a/mod/item.php
+++ b/mod/item.php
@@ -204,7 +204,7 @@ function item_post(App $a) {
                $objecttype        = $orig_post['object-type'];
                $app               = $orig_post['app'];
                $categories        = $orig_post['file'];
-               $title             = Strings::removeTags(trim($_REQUEST['title']));
+               $title             = Strings::escapeTags(trim($_REQUEST['title']));
                $body              = Strings::escapeHtml(trim($_REQUEST['body']));
                $private           = $orig_post['private'];
                $pubmail_enabled   = $orig_post['pubmail'];
@@ -236,13 +236,13 @@ function item_post(App $a) {
                        $str_contact_deny  = perms2str(defaults($_REQUEST, 'contact_deny', ''));
                }
 
-               $title             = Strings::removeTags(trim(defaults($_REQUEST, 'title'   , '')));
-               $location          = Strings::removeTags(trim(defaults($_REQUEST, 'location', '')));
-               $coord             = Strings::removeTags(trim(defaults($_REQUEST, 'coord'   , '')));
-               $verb              = Strings::removeTags(trim(defaults($_REQUEST, 'verb'    , '')));
-               $emailcc           = Strings::removeTags(trim(defaults($_REQUEST, 'emailcc' , '')));
+               $title             = Strings::escapeTags(trim(defaults($_REQUEST, 'title'   , '')));
+               $location          = Strings::escapeTags(trim(defaults($_REQUEST, 'location', '')));
+               $coord             = Strings::escapeTags(trim(defaults($_REQUEST, 'coord'   , '')));
+               $verb              = Strings::escapeTags(trim(defaults($_REQUEST, 'verb'    , '')));
+               $emailcc           = Strings::escapeTags(trim(defaults($_REQUEST, 'emailcc' , '')));
                $body              = Strings::escapeHtml(trim(defaults($_REQUEST, 'body'    , '')));
-               $network           = Strings::removeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN)));
+               $network           = Strings::escapeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN)));
                $guid              = System::createUUID();
 
                $postopts = defaults($_REQUEST, 'postopts', '');

diff --git a/mod/like.php b/mod/like.php
index b8de3ff6a1fe9f98dc5845c0bdc14d9ffdabd8a9..97eaca163be125d9e24f3e30da6fe02172e7808d 100644 (file)
--- a/mod/like.php
+++ b/mod/like.php
@@ -13,13 +13,13 @@ function like_content(App $a) {
        }
 
 
-       $verb = Strings::removeTags(trim($_GET['verb']));
+       $verb = Strings::escapeTags(trim($_GET['verb']));
 
        if (!$verb) {
                $verb = 'like';
        }
 
-       $item_id = (($a->argc > 1) ? Strings::removeTags(trim($a->argv[1])) : 0);
+       $item_id = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : 0);
 
        $r = Item::performLike($item_id, $verb);
        if (!$r) {

diff --git a/mod/lostpass.php b/mod/lostpass.php
index 57f3d89b4222da07f0454be6073ee0f9970e39c0..42a1764bf93a4561cbcb7e1d266b31fa858d0314 100644 (file)
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -19,7 +19,7 @@ require_once 'include/text.php';
 
 function lostpass_post(App $a)
 {
-       $loginame = Strings::removeTags(trim($_POST['login-name']));
+       $loginame = Strings::escapeTags(trim($_POST['login-name']));
        if (!$loginame) {
                $a->internalRedirect();
        }

diff --git a/mod/message.php b/mod/message.php
index 3a9480f2f2bbc321a2d1d2f285b6e9b75cf62a54..7491cd1bcc63cd461ed0f50134d3726924141899 100644 (file)
--- a/mod/message.php
+++ b/mod/message.php
@@ -59,8 +59,8 @@ function message_post(App $a)
                return;
        }
 
-       $replyto   = x($_REQUEST, 'replyto')   ? Strings::removeTags(trim($_REQUEST['replyto']))   : '';
-       $subject   = x($_REQUEST, 'subject')   ? Strings::removeTags(trim($_REQUEST['subject']))   : '';
+       $replyto   = x($_REQUEST, 'replyto')   ? Strings::escapeTags(trim($_REQUEST['replyto']))   : '';
+       $subject   = x($_REQUEST, 'subject')   ? Strings::escapeTags(trim($_REQUEST['subject']))   : '';
        $body      = x($_REQUEST, 'body')      ? Strings::escapeHtml(trim($_REQUEST['body'])) : '';
        $recipient = x($_REQUEST, 'messageto') ? intval($_REQUEST['messageto'])       : 0;
 

diff --git a/mod/network.php b/mod/network.php
index ff20f04d4ea1f189eabbc2de8efee1dc90249410..81a2f2b2ba63e8514b634664d50191099d10e03b 100644 (file)
--- a/mod/network.php
+++ b/mod/network.php
@@ -537,7 +537,7 @@ function networkThreadedView(App $a, $update, $parent)
        $star  = intval(defaults($_GET, 'star' , 0));
        $bmark = intval(defaults($_GET, 'bmark', 0));
        $conv  = intval(defaults($_GET, 'conv' , 0));
-       $order = Strings::removeTags(defaults($_GET, 'order', 'comment'));
+       $order = Strings::escapeTags(defaults($_GET, 'order', 'comment'));
        $nets  =        defaults($_GET, 'nets' , '');
 
        if ($cid) {

diff --git a/mod/oexchange.php b/mod/oexchange.php
index f66dee8f00118ddc91dfd2db996330cd59c05b6d..62d0bba078ef9fe00e9ddcb82a59e07bbb4f3b30 100644 (file)
--- a/mod/oexchange.php
+++ b/mod/oexchange.php
@@ -34,13 +34,13 @@ function oexchange_content(App $a) {
        }
 
        $url = ((x($_REQUEST,'url') && strlen($_REQUEST['url']))
-               ? urlencode(Strings::removeTags(trim($_REQUEST['url']))) : '');
+               ? urlencode(Strings::escapeTags(trim($_REQUEST['url']))) : '');
        $title = ((x($_REQUEST,'title') && strlen($_REQUEST['title']))
-               ? '&title=' . urlencode(Strings::removeTags(trim($_REQUEST['title']))) : '');
+               ? '&title=' . urlencode(Strings::escapeTags(trim($_REQUEST['title']))) : '');
        $description = ((x($_REQUEST,'description') && strlen($_REQUEST['description']))
-               ? '&description=' . urlencode(Strings::removeTags(trim($_REQUEST['description']))) : '');
+               ? '&description=' . urlencode(Strings::escapeTags(trim($_REQUEST['description']))) : '');
        $tags = ((x($_REQUEST,'tags') && strlen($_REQUEST['tags']))
-               ? '&tags=' . urlencode(Strings::removeTags(trim($_REQUEST['tags']))) : '');
+               ? '&tags=' . urlencode(Strings::escapeTags(trim($_REQUEST['tags']))) : '');
 
        $s = Network::fetchUrl(System::baseUrl() . '/parse_url?f=&url=' . $url . $title . $description . $tags);
 

diff --git a/mod/openid.php b/mod/openid.php
index 287b12781fbdf3e8bdb238b0bdad70a9a0d6d012..209960ee58b44968bd0c65d010e3824631f41856 100644 (file)
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -75,16 +75,16 @@ function openid_content(App $a) {
                        if (is_array($attr) && count($attr)) {
                                foreach ($attr as $k => $v) {
                                        if ($k === 'namePerson/friendly') {
-                                               $nick = Strings::removeTags(trim($v));
+                                               $nick = Strings::escapeTags(trim($v));
                                        }
                                        if($k === 'namePerson/first') {
-                                               $first = Strings::removeTags(trim($v));
+                                               $first = Strings::escapeTags(trim($v));
                                        }
                                        if($k === 'namePerson') {
-                                               $args .= '&username=' . urlencode(Strings::removeTags(trim($v)));
+                                               $args .= '&username=' . urlencode(Strings::escapeTags(trim($v)));
                                        }
                                        if ($k === 'contact/email') {
-                                               $args .= '&email=' . urlencode(Strings::removeTags(trim($v)));
+                                               $args .= '&email=' . urlencode(Strings::escapeTags(trim($v)));
                                        }
                                        if ($k === 'media/image/aspect11') {
                                                $photosq = bin2hex(trim($v));
@@ -108,7 +108,7 @@ function openid_content(App $a) {
                                $args .= '&photo=' . urlencode($photo);
                        }
 
-                       $args .= '&openid_url=' . urlencode(Strings::removeTags(trim($authid)));
+                       $args .= '&openid_url=' . urlencode(Strings::escapeTags(trim($authid)));
 
                        $a->internalRedirect('register?' . $args);
 

diff --git a/mod/photos.php b/mod/photos.php
index 8b11e72421cf878e87c3f6c462c1b94c97136e3f..f07815c2582583d4be1c025ee0f02e586a8ed3f4 100644 (file)
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -223,7 +223,7 @@ function photos_post(App $a)
                }
 
                // RENAME photo album
-               $newalbum = Strings::removeTags(trim($_POST['albumname']));
+               $newalbum = Strings::escapeTags(trim($_POST['albumname']));
                if ($newalbum != $album) {
                        q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
                                DBA::escape($newalbum),
@@ -366,11 +366,11 @@ function photos_post(App $a)
        }
 
        if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || !empty($_POST['albname']) !== false)) {
-               $desc        = !empty($_POST['desc'])      ? Strings::removeTags(trim($_POST['desc']))      : '';
-               $rawtags     = !empty($_POST['newtag'])    ? Strings::removeTags(trim($_POST['newtag']))    : '';
+               $desc        = !empty($_POST['desc'])      ? Strings::escapeTags(trim($_POST['desc']))      : '';
+               $rawtags     = !empty($_POST['newtag'])    ? Strings::escapeTags(trim($_POST['newtag']))    : '';
                $item_id     = !empty($_POST['item_id'])   ? intval($_POST['item_id'])         : 0;
-               $albname     = !empty($_POST['albname'])   ? Strings::removeTags(trim($_POST['albname']))   : '';
-               $origaname   = !empty($_POST['origaname']) ? Strings::removeTags(trim($_POST['origaname'])) : '';
+               $albname     = !empty($_POST['albname'])   ? Strings::escapeTags(trim($_POST['albname']))   : '';
+               $origaname   = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : '';
 
                $str_group_allow   = !empty($_POST['group_allow'])   ? perms2str($_POST['group_allow'])   : '';
                $str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
@@ -708,8 +708,8 @@ function photos_post(App $a)
        Addon::callHooks('photo_post_init', $_POST);
 
        // Determine the album to use
-       $album    = !empty($_REQUEST['album'])    ? Strings::removeTags(trim($_REQUEST['album']))    : '';
-       $newalbum = !empty($_REQUEST['newalbum']) ? Strings::removeTags(trim($_REQUEST['newalbum'])) : '';
+       $album    = !empty($_REQUEST['album'])    ? Strings::escapeTags(trim($_REQUEST['album']))    : '';
+       $newalbum = !empty($_REQUEST['newalbum']) ? Strings::escapeTags(trim($_REQUEST['newalbum'])) : '';
 
        Logger::log('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum , Logger::DEBUG);
 

diff --git a/mod/poco.php b/mod/poco.php
index 0a369502d319a64441e8aae52a289ac4845f3816..cc2493c0864338418d412320e9ac5e56a40854f8 100644 (file)
--- a/mod/poco.php
+++ b/mod/poco.php
@@ -26,7 +26,7 @@ function poco_init(App $a) {
        }
 
        if ($a->argc > 1) {
-               $user = Strings::removeTags(trim($a->argv[1]));
+               $user = Strings::escapeTags(trim($a->argv[1]));
        }
        if (empty($user)) {
                $c = q("SELECT * FROM `pconfig` WHERE `cat` = 'system' AND `k` = 'suggestme' AND `v` = 1");

diff --git a/mod/poke.php b/mod/poke.php
index 615e244e549582759cf0878146ddca3d3d68316a..6f09b348cc51d7b645252a1df180ab1c8c37c84f 100644 (file)
--- a/mod/poke.php
+++ b/mod/poke.php
@@ -39,7 +39,7 @@ function poke_init(App $a)
                return;
        }
 
-       $verb = Strings::removeTags(trim($_GET['verb']));
+       $verb = Strings::escapeTags(trim($_GET['verb']));
 
        $verbs = L10n::getPokeVerbs();
 

diff --git a/mod/profile.php b/mod/profile.php
index f17888368ad6413cc033eaa8b6974c3fbd79fb02..59f3bb5ae483866c9aa8028ac8a57c39722b4642 100644 (file)
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -194,7 +194,7 @@ function profile_content(App $a, $update = 0)
        if (!$update) {
                $tab = false;
                if (!empty($_GET['tab'])) {
-                       $tab = Strings::removeTags(trim($_GET['tab']));
+                       $tab = Strings::escapeTags(trim($_GET['tab']));
                }
 
                $o .= Profile::getTabs($a, $is_owner, $a->profile['nickname']);

diff --git a/mod/profiles.php b/mod/profiles.php
index 83febcc717f88ca19e697f4e81c46aadfe06fd47..459a1c5e75a73fc1e0030933fe2d051499b6d0f9 100644 (file)
--- a/mod/profiles.php
+++ b/mod/profiles.php
@@ -202,7 +202,7 @@ function profiles_post(App $a) {
 
                $is_default = (($orig[0]['is-default']) ? 1 : 0);
 
-               $profile_name = Strings::removeTags(trim($_POST['profile_name']));
+               $profile_name = Strings::escapeTags(trim($_POST['profile_name']));
                if (! strlen($profile_name)) {
                        notice(L10n::t('Profile Name is required.') . EOL);
                        return;
@@ -229,7 +229,7 @@ function profiles_post(App $a) {
                        }
                }
 
-               $name = Strings::removeTags(trim($_POST['name']));
+               $name = Strings::escapeTags(trim($_POST['name']));
 
                if (! strlen($name)) {
                        $name = '[No Name]';
@@ -239,19 +239,19 @@ function profiles_post(App $a) {
                        $namechanged = true;
                }
 
-               $pdesc = Strings::removeTags(trim($_POST['pdesc']));
-               $gender = Strings::removeTags(trim($_POST['gender']));
-               $address = Strings::removeTags(trim($_POST['address']));
-               $locality = Strings::removeTags(trim($_POST['locality']));
-               $region = Strings::removeTags(trim($_POST['region']));
-               $postal_code = Strings::removeTags(trim($_POST['postal_code']));
-               $country_name = Strings::removeTags(trim($_POST['country_name']));
-               $pub_keywords = profile_clean_keywords(Strings::removeTags(trim($_POST['pub_keywords'])));
-               $prv_keywords = profile_clean_keywords(Strings::removeTags(trim($_POST['prv_keywords'])));
-               $marital = Strings::removeTags(trim($_POST['marital']));
-               $howlong = Strings::removeTags(trim($_POST['howlong']));
+               $pdesc = Strings::escapeTags(trim($_POST['pdesc']));
+               $gender = Strings::escapeTags(trim($_POST['gender']));
+               $address = Strings::escapeTags(trim($_POST['address']));
+               $locality = Strings::escapeTags(trim($_POST['locality']));
+               $region = Strings::escapeTags(trim($_POST['region']));
+               $postal_code = Strings::escapeTags(trim($_POST['postal_code']));
+               $country_name = Strings::escapeTags(trim($_POST['country_name']));
+               $pub_keywords = profile_clean_keywords(Strings::escapeTags(trim($_POST['pub_keywords'])));
+               $prv_keywords = profile_clean_keywords(Strings::escapeTags(trim($_POST['prv_keywords'])));
+               $marital = Strings::escapeTags(trim($_POST['marital']));
+               $howlong = Strings::escapeTags(trim($_POST['howlong']));
 
-               $with = ((x($_POST,'with')) ? Strings::removeTags(trim($_POST['with'])) : '');
+               $with = ((x($_POST,'with')) ? Strings::escapeTags(trim($_POST['with'])) : '');
 
                if (! strlen($howlong)) {
                        $howlong = DBA::NULL_DATETIME;
@@ -312,16 +312,16 @@ function profiles_post(App $a) {
                }
 
                /// @TODO Not flexible enough for later expansion, let's have more OOP here
-               $sexual = Strings::removeTags(trim($_POST['sexual']));
-               $xmpp = Strings::removeTags(trim($_POST['xmpp']));
-               $homepage = Strings::removeTags(trim($_POST['homepage']));
+               $sexual = Strings::escapeTags(trim($_POST['sexual']));
+               $xmpp = Strings::escapeTags(trim($_POST['xmpp']));
+               $homepage = Strings::escapeTags(trim($_POST['homepage']));
                if ((strpos($homepage, 'http') !== 0) && (strlen($homepage))) {
                        // neither http nor https in URL, add them
                        $homepage = 'http://'.$homepage;
                }
-               $hometown = Strings::removeTags(trim($_POST['hometown']));
-               $politic = Strings::removeTags(trim($_POST['politic']));
-               $religion = Strings::removeTags(trim($_POST['religion']));
+               $hometown = Strings::escapeTags(trim($_POST['hometown']));
+               $politic = Strings::escapeTags(trim($_POST['politic']));
+               $religion = Strings::escapeTags(trim($_POST['religion']));
 
                $likes = Strings::escapeHtml(trim($_POST['likes']));
                $dislikes = Strings::escapeHtml(trim($_POST['dislikes']));

diff --git a/mod/pubsub.php b/mod/pubsub.php
index 06ebacbe3273487659503e1c4e29ae361743b1fc..f0a8d463c4517999d29773112e2aff9b45a4df13 100644 (file)
--- a/mod/pubsub.php
+++ b/mod/pubsub.php
@@ -31,15 +31,15 @@ function hub_post_return()
 
 function pubsub_init(App $a)
 {
-       $nick       = (($a->argc > 1) ? Strings::removeTags(trim($a->argv[1])) : '');
+       $nick       = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : '');
        $contact_id = (($a->argc > 2) ? intval($a->argv[2])       : 0 );
 
        if ($_SERVER['REQUEST_METHOD'] === 'GET') {
-               $hub_mode      = Strings::removeTags(trim(defaults($_GET, 'hub_mode', '')));
-               $hub_topic     = Strings::removeTags(trim(defaults($_GET, 'hub_topic', '')));
-               $hub_challenge = Strings::removeTags(trim(defaults($_GET, 'hub_challenge', '')));
-               $hub_lease     = Strings::removeTags(trim(defaults($_GET, 'hub_lease_seconds', '')));
-               $hub_verify    = Strings::removeTags(trim(defaults($_GET, 'hub_verify_token', '')));
+               $hub_mode      = Strings::escapeTags(trim(defaults($_GET, 'hub_mode', '')));
+               $hub_topic     = Strings::escapeTags(trim(defaults($_GET, 'hub_topic', '')));
+               $hub_challenge = Strings::escapeTags(trim(defaults($_GET, 'hub_challenge', '')));
+               $hub_lease     = Strings::escapeTags(trim(defaults($_GET, 'hub_lease_seconds', '')));
+               $hub_verify    = Strings::escapeTags(trim(defaults($_GET, 'hub_verify_token', '')));
 
                Logger::log('Subscription from ' . $_SERVER['REMOTE_ADDR'] . ' Mode: ' . $hub_mode . ' Nick: ' . $nick);
                Logger::log('Data: ' . print_r($_GET,true), Logger::DATA);
@@ -92,7 +92,7 @@ function pubsub_post(App $a)
        Logger::log('Feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' .  $a->cmd . ' with user-agent: ' . $_SERVER['HTTP_USER_AGENT']);
        Logger::log('Data: ' . $xml, Logger::DATA);
 
-       $nick       = (($a->argc > 1) ? Strings::removeTags(trim($a->argv[1])) : '');
+       $nick       = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : '');
        $contact_id = (($a->argc > 2) ? intval($a->argv[2])       : 0 );
 
        $importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);

diff --git a/mod/pubsubhubbub.php b/mod/pubsubhubbub.php
index b0557782701ce9a563f91df48cb86ef307fb48ce..d38cbe227d5eac6e935d08e05ce6ffcc5936f733 100644 (file)
--- a/mod/pubsubhubbub.php
+++ b/mod/pubsubhubbub.php
@@ -10,7 +10,7 @@ use Friendica\Util\Network;
 use Friendica\Util\Strings;
 
 function post_var($name) {
-       return (x($_POST, $name)) ? Strings::removeTags(trim($_POST[$name])) : '';
+       return (x($_POST, $name)) ? Strings::escapeTags(trim($_POST[$name])) : '';
 }
 
 function pubsubhubbub_init(App $a) {

diff --git a/mod/register.php b/mod/register.php
index 74e6bcf699845bdf2ce27b2990b93257a141f338..2b0d87ca9921c651c6921dc88f1f191f9acfa061 100644 (file)
--- a/mod/register.php
+++ b/mod/register.php
@@ -84,7 +84,7 @@ function register_post(App $a)
 
        $using_invites = Config::get('system', 'invitation_only');
        $num_invites   = Config::get('system', 'number_invites');
-       $invite_id = ((x($_POST, 'invite_id')) ? Strings::removeTags(trim($_POST['invite_id'])) : '');
+       $invite_id = ((x($_POST, 'invite_id')) ? Strings::escapeTags(trim($_POST['invite_id'])) : '');
 
        if (intval(Config::get('config', 'register_policy')) === REGISTER_OPEN) {
                if ($using_invites && $invite_id) {

diff --git a/mod/salmon.php b/mod/salmon.php
index 5c8fc9fda7471715e70afe3524e219dadc251f26..02339c7779fb07643d48104bf4130cf1e73a67bb 100644 (file)
--- a/mod/salmon.php
+++ b/mod/salmon.php
@@ -24,7 +24,7 @@ function salmon_post(App $a, $xml = '') {
 
        Logger::log('new salmon ' . $xml, Logger::DATA);
 
-       $nick       = (($a->argc > 1) ? Strings::removeTags(trim($a->argv[1])) : '');
+       $nick       = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : '');
        $mentions   = (($a->argc > 2 && $a->argv[2] === 'mention') ? true : false);
 
        $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 AND `account_removed` = 0 LIMIT 1",

diff --git a/mod/search.php b/mod/search.php
index 9824c489a6a00ebb1c9e1d06fd4230f6cece6b79..f552ad43c77236ed2142d260dce8eeed8ca08d11 100644 (file)
--- a/mod/search.php
+++ b/mod/search.php
@@ -24,7 +24,7 @@ require_once 'mod/dirfind.php';
 function search_saved_searches() {
 
        $o = '';
-       $search = ((x($_GET,'search')) ? Strings::removeTags(trim(rawurldecode($_GET['search']))) : '');
+       $search = ((x($_GET,'search')) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : '');
 
        if (!Feature::isEnabled(local_user(),'savedsearch'))
                return $o;
@@ -63,7 +63,7 @@ function search_saved_searches() {
 
 function search_init(App $a) {
 
-       $search = ((x($_GET,'search')) ? Strings::removeTags(trim(rawurldecode($_GET['search']))) : '');
+       $search = ((x($_GET,'search')) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : '');
 
        if (local_user()) {
                if (x($_GET,'save') && $search) {
@@ -150,14 +150,14 @@ function search_content(App $a) {
 
        $search = '';
        if (x($a->data,'search'))
-               $search = Strings::removeTags(trim($a->data['search']));
+               $search = Strings::escapeTags(trim($a->data['search']));
        else
-               $search = ((x($_GET,'search')) ? Strings::removeTags(trim(rawurldecode($_GET['search']))) : '');
+               $search = ((x($_GET,'search')) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : '');
 
        $tag = false;
        if (x($_GET,'tag')) {
                $tag = true;
-               $search = (x($_GET,'tag') ? '#' . Strings::removeTags(trim(rawurldecode($_GET['tag']))) : '');
+               $search = (x($_GET,'tag') ? '#' . Strings::escapeTags(trim(rawurldecode($_GET['tag']))) : '');
        }
 
        // contruct a wrapper for the search header

diff --git a/mod/settings.php b/mod/settings.php
index e9dd023f9d04b35afa333b46ed5d84ab58ea29d1..857012048086679e9fcd8d534948888040c9e27f 100644 (file)
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -315,8 +315,8 @@ function settings_post(App $a)
        if (($a->argc > 1) && ($a->argv[1] === 'display')) {
                BaseModule::checkFormSecurityTokenRedirectOnError('/settings/display', 'settings_display');
 
-               $theme             = x($_POST, 'theme')             ? Strings::removeTags(trim($_POST['theme']))        : $a->user['theme'];
-               $mobile_theme      = x($_POST, 'mobile_theme')      ? Strings::removeTags(trim($_POST['mobile_theme'])) : '';
+               $theme             = x($_POST, 'theme')             ? Strings::escapeTags(trim($_POST['theme']))        : $a->user['theme'];
+               $mobile_theme      = x($_POST, 'mobile_theme')      ? Strings::escapeTags(trim($_POST['mobile_theme'])) : '';
                $nosmile           = x($_POST, 'nosmile')           ? intval($_POST['nosmile'])            : 0;
                $first_day_of_week = x($_POST, 'first_day_of_week') ? intval($_POST['first_day_of_week'])  : 0;
                $noinfo            = x($_POST, 'noinfo')            ? intval($_POST['noinfo'])             : 0;
@@ -423,13 +423,13 @@ function settings_post(App $a)
                }
        }
 
-       $username         = ((x($_POST, 'username'))   ? Strings::removeTags(trim($_POST['username']))     : '');
-       $email            = ((x($_POST, 'email'))      ? Strings::removeTags(trim($_POST['email']))        : '');
-       $timezone         = ((x($_POST, 'timezone'))   ? Strings::removeTags(trim($_POST['timezone']))     : '');
-       $language         = ((x($_POST, 'language'))   ? Strings::removeTags(trim($_POST['language']))     : '');
+       $username         = ((x($_POST, 'username'))   ? Strings::escapeTags(trim($_POST['username']))     : '');
+       $email            = ((x($_POST, 'email'))      ? Strings::escapeTags(trim($_POST['email']))        : '');
+       $timezone         = ((x($_POST, 'timezone'))   ? Strings::escapeTags(trim($_POST['timezone']))     : '');
+       $language         = ((x($_POST, 'language'))   ? Strings::escapeTags(trim($_POST['language']))     : '');
 
-       $defloc           = ((x($_POST, 'defloc'))     ? Strings::removeTags(trim($_POST['defloc']))       : '');
-       $openid           = ((x($_POST, 'openid_url')) ? Strings::removeTags(trim($_POST['openid_url']))   : '');
+       $defloc           = ((x($_POST, 'defloc'))     ? Strings::escapeTags(trim($_POST['defloc']))       : '');
+       $openid           = ((x($_POST, 'openid_url')) ? Strings::escapeTags(trim($_POST['openid_url']))   : '');
        $maxreq           = ((x($_POST, 'maxreq'))     ? intval($_POST['maxreq'])             : 0);
        $expire           = ((x($_POST, 'expire'))     ? intval($_POST['expire'])             : 0);
        $def_gid          = ((x($_POST, 'group-selection')) ? intval($_POST['group-selection']) : 0);

diff --git a/mod/subthread.php b/mod/subthread.php
index 68fa0e7ea3216bb98c559c11c9032014180587bd..b287957b23ea0bbe82133e4a1630e162dbeb76c0 100644 (file)
--- a/mod/subthread.php
+++ b/mod/subthread.php
@@ -23,7 +23,7 @@ function subthread_content(App $a) {
 
        $activity = ACTIVITY_FOLLOW;
 
-       $item_id = (($a->argc > 1) ? Strings::removeTags(trim($a->argv[1])) : 0);
+       $item_id = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : 0);
 
        $condition = ["`parent` = ? OR `parent-uri` = ? AND `parent` = `id`", $item_id, $item_id];
        $item = Item::selectFirst([], $condition);

diff --git a/mod/tagger.php b/mod/tagger.php
index c0eeb684ce7f360e8c268e2ddf3235c855bc98fc..6c3c6157a548fb133eb83fac8525f784a6cf089c 100644 (file)
--- a/mod/tagger.php
+++ b/mod/tagger.php
@@ -21,7 +21,7 @@ function tagger_content(App $a) {
                return;
        }
 
-       $term = Strings::removeTags(trim($_GET['term']));
+       $term = Strings::escapeTags(trim($_GET['term']));
        // no commas allowed
        $term = str_replace([',',' '],['','_'],$term);
 
@@ -29,7 +29,7 @@ function tagger_content(App $a) {
                return;
        }
 
-       $item_id = (($a->argc > 1) ? Strings::removeTags(trim($a->argv[1])) : 0);
+       $item_id = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : 0);
 
        Logger::log('tagger: tag ' . $term . ' item ' . $item_id);
 

diff --git a/mod/tagrm.php b/mod/tagrm.php
index 266dbfa3c8fa5dbd96b7076836a9a2675c50e73b..3785d8750a1922ca510557d2d7c3fe5034c06919 100644 (file)
--- a/mod/tagrm.php
+++ b/mod/tagrm.php
@@ -23,7 +23,7 @@ function tagrm_post(App $a)
 
        $tags = [];
        foreach (defaults($_POST, 'tag', []) as $tag) {
-               $tags[] = hex2bin(Strings::removeTags(trim($tag)));
+               $tags[] = hex2bin(Strings::escapeTags(trim($tag)));
        }
 
        $item_id = defaults($_POST,'item', 0);
@@ -74,7 +74,7 @@ function tagrm_content(App $a)
        }
 
        if ($a->argc == 3) {
-               update_tags($a->argv[1], [Strings::removeTags(trim(hex2bin($a->argv[2])))]);
+               update_tags($a->argv[1], [Strings::escapeTags(trim(hex2bin($a->argv[2])))]);
                $a->internalRedirect($_SESSION['photo_return']);
        }
 

diff --git a/mod/unfollow.php b/mod/unfollow.php
index 9ca965bfd08fccf369c35b43ebb800b039d15e7d..9b1049286b8ed6e2b7b3fcdcf07aa8e062dcb29f 100644 (file)
--- a/mod/unfollow.php
+++ b/mod/unfollow.php
@@ -25,7 +25,7 @@ function unfollow_post(App $a)
        }
 
        $uid = local_user();
-       $url = Strings::removeTags(trim(defaults($_REQUEST, 'url', '')));
+       $url = Strings::escapeTags(trim(defaults($_REQUEST, 'url', '')));
 
        $condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)",
                $uid, Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url),
@@ -80,7 +80,7 @@ function unfollow_content(App $a)
        }
 
        $uid = local_user();
-       $url = Strings::removeTags(trim($_REQUEST['url']));
+       $url = Strings::escapeTags(trim($_REQUEST['url']));
 
        $condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)",
                local_user(), Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url),

diff --git a/mod/wall_upload.php b/mod/wall_upload.php
index 0322c6606654c6cc1b7d510f2be85d683004a58a..3358433da12450fd2b39a321f173d1ddcb83c547 100644 (file)
--- a/mod/wall_upload.php
+++ b/mod/wall_upload.php
@@ -24,7 +24,7 @@ function wall_upload_post(App $a, $desktopmode = true)
        Logger::log("wall upload: starting new upload", Logger::DEBUG);
 
        $r_json = (x($_GET, 'response') && $_GET['response'] == 'json');
-       $album = (x($_GET, 'album') ? Strings::removeTags(trim($_GET['album'])) : '');
+       $album = (x($_GET, 'album') ? Strings::escapeTags(trim($_GET['album'])) : '');
 
        if ($a->argc > 1) {
                if (!x($_FILES, 'media')) {

diff --git a/mod/wallmessage.php b/mod/wallmessage.php
index 06b3720f730c12783b17d2ac6250bf1705ec56db..b7a62b3ad426f8d9554a5e864be5dd3295e25ebc 100644 (file)
--- a/mod/wallmessage.php
+++ b/mod/wallmessage.php
@@ -20,10 +20,10 @@ function wallmessage_post(App $a) {
                return;
        }
 
-       $subject   = ((x($_REQUEST,'subject'))   ? Strings::removeTags(trim($_REQUEST['subject']))   : '');
+       $subject   = ((x($_REQUEST,'subject'))   ? Strings::escapeTags(trim($_REQUEST['subject']))   : '');
        $body      = ((x($_REQUEST,'body'))      ? Strings::escapeHtml(trim($_REQUEST['body'])) : '');
 
-       $recipient = (($a->argc > 1) ? Strings::removeTags($a->argv[1]) : '');
+       $recipient = (($a->argc > 1) ? Strings::escapeTags($a->argv[1]) : '');
        if ((! $recipient) || (! $body)) {
                return;
        }

diff --git a/mod/xrd.php b/mod/xrd.php
index 657a0f0ca95f6bf22fa340895ad1b02b1d52ae6f..4b9b0ee8fb4e1931848b799cb07d5a86ec6b2dc7 100644 (file)
--- a/mod/xrd.php
+++ b/mod/xrd.php
@@ -18,7 +18,7 @@ function xrd_init(App $a)
                        System::httpExit(404);
                }
 
-               $uri = urldecode(Strings::removeTags(trim($_GET['uri'])));
+               $uri = urldecode(Strings::escapeTags(trim($_GET['uri'])));
                if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/jrd+json') {
                        $mode = 'json';
                } else {
@@ -29,7 +29,7 @@ function xrd_init(App $a)
                        System::httpExit(404);
                }
 
-               $uri = urldecode(Strings::removeTags(trim($_GET['resource'])));
+               $uri = urldecode(Strings::escapeTags(trim($_GET['resource'])));
                if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/xrd+xml') {
                        $mode = 'xml';
                } else {

diff --git a/src/Model/Item.php b/src/Model/Item.php
index c088685e8df421ccdfff3c8a8e1b8e5494b3e6cf..30c29e1518b18cea736de93613f6a9c9657abd3a 100644 (file)
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -1150,7 +1150,7 @@ class Item extends BaseObject
        private static function guid($item, $notify)
        {
                if (!empty($item['guid'])) {
-                       return Strings::removeTags(trim($item['guid']));
+                       return Strings::escapeTags(trim($item['guid']));
                }
 
                if ($notify) {
@@ -1265,7 +1265,7 @@ class Item extends BaseObject
                }
 
                $item['guid'] = self::guid($item, $notify);
-               $item['uri'] = Strings::removeTags(trim(defaults($item, 'uri', self::newURI($item['uid'], $item['guid']))));
+               $item['uri'] = Strings::escapeTags(trim(defaults($item, 'uri', self::newURI($item['uid'], $item['guid']))));
 
                // Store URI data
                $item['uri-id'] = ItemURI::insert(['uri' => $item['uri'], 'guid' => $item['guid']]);

diff --git a/src/Model/Profile.php b/src/Model/Profile.php
index b6a7546022c297421d62f10fa4a9431522f433ef..c45bcdb84bd6fa75e6322386724cc5225310d8fa 100644 (file)
--- a/src/Model/Profile.php
+++ b/src/Model/Profile.php
@@ -882,7 +882,7 @@ class Profile
 
                $tab = false;
                if (x($_GET, 'tab')) {
-                       $tab = Strings::removeTags(trim($_GET['tab']));
+                       $tab = Strings::escapeTags(trim($_GET['tab']));
                }
 
                $url = System::baseUrl() . '/profile/' . $nickname;

diff --git a/src/Model/User.php b/src/Model/User.php
index e03bf1c395f57d46178ce97452795ccc7cace80b..0f397aadc2f8f5d4fca0b4c4ccc1a1f7cee506bf 100644 (file)
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -402,18 +402,18 @@ class User
                $using_invites = Config::get('system', 'invitation_only');
                $num_invites   = Config::get('system', 'number_invites');
 
-               $invite_id  = !empty($data['invite_id'])  ? Strings::removeTags(trim($data['invite_id']))  : '';
-               $username   = !empty($data['username'])   ? Strings::removeTags(trim($data['username']))   : '';
-               $nickname   = !empty($data['nickname'])   ? Strings::removeTags(trim($data['nickname']))   : '';
-               $email      = !empty($data['email'])      ? Strings::removeTags(trim($data['email']))      : '';
-               $openid_url = !empty($data['openid_url']) ? Strings::removeTags(trim($data['openid_url'])) : '';
-               $photo      = !empty($data['photo'])      ? Strings::removeTags(trim($data['photo']))      : '';
+               $invite_id  = !empty($data['invite_id'])  ? Strings::escapeTags(trim($data['invite_id']))  : '';
+               $username   = !empty($data['username'])   ? Strings::escapeTags(trim($data['username']))   : '';
+               $nickname   = !empty($data['nickname'])   ? Strings::escapeTags(trim($data['nickname']))   : '';
+               $email      = !empty($data['email'])      ? Strings::escapeTags(trim($data['email']))      : '';
+               $openid_url = !empty($data['openid_url']) ? Strings::escapeTags(trim($data['openid_url'])) : '';
+               $photo      = !empty($data['photo'])      ? Strings::escapeTags(trim($data['photo']))      : '';
                $password   = !empty($data['password'])   ? trim($data['password'])           : '';
                $password1  = !empty($data['password1'])  ? trim($data['password1'])          : '';
                $confirm    = !empty($data['confirm'])    ? trim($data['confirm'])            : '';
                $blocked    = !empty($data['blocked'])    ? intval($data['blocked'])          : 0;
                $verified   = !empty($data['verified'])   ? intval($data['verified'])         : 0;
-               $language   = !empty($data['language'])   ? Strings::removeTags(trim($data['language']))   : 'en';
+               $language   = !empty($data['language'])   ? Strings::escapeTags(trim($data['language']))   : 'en';
 
                $publish = !empty($data['profile_publish_reg']) && intval($data['profile_publish_reg']) ? 1 : 0;
                $netpublish = strlen(Config::get('system', 'directory')) ? $publish : 0;

diff --git a/src/Module/Contact.php b/src/Module/Contact.php
index 998787188006a978c00151ab2732c96d8871e619..b7e182dc1461d2ef3caac612fb87ad5143afe905 100644 (file)
--- a/src/Module/Contact.php
+++ b/src/Module/Contact.php
@@ -602,7 +602,7 @@ class Contact extends BaseModule
                                '$lbl_vis2'       => L10n::t('Please choose the profile you would like to display to %s when viewing your profile securely.', $contact['name']),
                                '$lbl_info1'      => $lbl_info1,
                                '$lbl_info2'      => L10n::t('Their personal note'),
-                               '$reason'         => trim(Strings::removeTags($contact['reason'])),
+                               '$reason'         => trim(Strings::escapeTags($contact['reason'])),
                                '$infedit'        => L10n::t('Edit contact notes'),
                                '$common_link'    => 'common/loc/' . local_user() . '/' . $contact['id'],
                                '$relation_text'  => $relation_text,
@@ -695,8 +695,8 @@ class Contact extends BaseModule
 
                $sql_extra .= sprintf(" AND `network` != '%s' ", Protocol::PHANTOM);
 
-               $search = Strings::removeTags(trim(defaults($_GET, 'search', '')));
-               $nets   = Strings::removeTags(trim(defaults($_GET, 'nets'  , '')));
+               $search = Strings::escapeTags(trim(defaults($_GET, 'search', '')));
+               $nets   = Strings::escapeTags(trim(defaults($_GET, 'nets'  , '')));
 
                $tabs = [
                        [

diff --git a/src/Module/Install.php b/src/Module/Install.php
index f6e5fc6c5f9c32e20ed38b29c272f5d5e43bae7a..2e0f16c4e9b2260afb5a73bbf156f325652fe8cc 100644 (file)
--- a/src/Module/Install.php
+++ b/src/Module/Install.php
@@ -71,10 +71,10 @@ class Install extends BaseModule
                                break;
 
                        case self::SITE_SETTINGS:
-                               $dbhost  = Strings::removeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
-                               $dbuser  = Strings::removeTags(trim(defaults($_POST, 'dbuser', '')));
-                               $dbpass  = Strings::removeTags(trim(defaults($_POST, 'dbpass', '')));
-                               $dbdata  = Strings::removeTags(trim(defaults($_POST, 'dbdata', '')));
+                               $dbhost  = Strings::escapeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
+                               $dbuser  = Strings::escapeTags(trim(defaults($_POST, 'dbuser', '')));
+                               $dbpass  = Strings::escapeTags(trim(defaults($_POST, 'dbpass', '')));
+                               $dbdata  = Strings::escapeTags(trim(defaults($_POST, 'dbdata', '')));
 
                                // If we cannot connect to the database, return to the previous step
                                if (!self::$installer->checkDB($dbhost, $dbuser, $dbpass, $dbdata)) {
@@ -85,13 +85,13 @@ class Install extends BaseModule
 
                        case self::FINISHED:
                                $urlpath   = $a->getURLPath();
-                               $dbhost    = Strings::removeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
-                               $dbuser    = Strings::removeTags(trim(defaults($_POST, 'dbuser', '')));
-                               $dbpass    = Strings::removeTags(trim(defaults($_POST, 'dbpass', '')));
-                               $dbdata    = Strings::removeTags(trim(defaults($_POST, 'dbdata', '')));
-                               $timezone  = Strings::removeTags(trim(defaults($_POST, 'timezone', Core\Installer::DEFAULT_TZ)));
-                               $language  = Strings::removeTags(trim(defaults($_POST, 'language', Core\Installer::DEFAULT_LANG)));
-                               $adminmail = Strings::removeTags(trim(defaults($_POST, 'adminmail', '')));
+                               $dbhost    = Strings::escapeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
+                               $dbuser    = Strings::escapeTags(trim(defaults($_POST, 'dbuser', '')));
+                               $dbpass    = Strings::escapeTags(trim(defaults($_POST, 'dbpass', '')));
+                               $dbdata    = Strings::escapeTags(trim(defaults($_POST, 'dbdata', '')));
+                               $timezone  = Strings::escapeTags(trim(defaults($_POST, 'timezone', Core\Installer::DEFAULT_TZ)));
+                               $language  = Strings::escapeTags(trim(defaults($_POST, 'language', Core\Installer::DEFAULT_LANG)));
+                               $adminmail = Strings::escapeTags(trim(defaults($_POST, 'adminmail', '')));
 
                                // If we cannot connect to the database, return to the Database config wizard
                                if (!self::$installer->checkDB($dbhost, $dbuser, $dbpass, $dbdata)) {
@@ -140,12 +140,12 @@ class Install extends BaseModule
                                break;
 
                        case self::DATABASE_CONFIG:
-                               $dbhost    = Strings::removeTags(trim(defaults($_POST, 'dbhost'   , Core\Installer::DEFAULT_HOST)));
-                               $dbuser    = Strings::removeTags(trim(defaults($_POST, 'dbuser'   , ''                          )));
-                               $dbpass    = Strings::removeTags(trim(defaults($_POST, 'dbpass'   , ''                          )));
-                               $dbdata    = Strings::removeTags(trim(defaults($_POST, 'dbdata'   , ''                          )));
-                               $phpath    = Strings::removeTags(trim(defaults($_POST, 'phpath'   , ''                          )));
-                               $adminmail = Strings::removeTags(trim(defaults($_POST, 'adminmail', ''                          )));
+                               $dbhost    = Strings::escapeTags(trim(defaults($_POST, 'dbhost'   , Core\Installer::DEFAULT_HOST)));
+                               $dbuser    = Strings::escapeTags(trim(defaults($_POST, 'dbuser'   , ''                          )));
+                               $dbpass    = Strings::escapeTags(trim(defaults($_POST, 'dbpass'   , ''                          )));
+                               $dbdata    = Strings::escapeTags(trim(defaults($_POST, 'dbdata'   , ''                          )));
+                               $phpath    = Strings::escapeTags(trim(defaults($_POST, 'phpath'   , ''                          )));
+                               $adminmail = Strings::escapeTags(trim(defaults($_POST, 'adminmail', ''                          )));
 
                                $tpl = Renderer::getMarkupTemplate('install_db.tpl');
                                $output .= Renderer::replaceMacros($tpl, [
@@ -191,13 +191,13 @@ class Install extends BaseModule
                                break;
 
                        case self::SITE_SETTINGS:
-                               $dbhost = Strings::removeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
-                               $dbuser = Strings::removeTags(trim(defaults($_POST, 'dbuser', ''                          )));
-                               $dbpass = Strings::removeTags(trim(defaults($_POST, 'dbpass', ''                          )));
-                               $dbdata = Strings::removeTags(trim(defaults($_POST, 'dbdata', ''                          )));
-                               $phpath = Strings::removeTags(trim(defaults($_POST, 'phpath', ''                          )));
+                               $dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
+                               $dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser', ''                          )));
+                               $dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass', ''                          )));
+                               $dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata', ''                          )));
+                               $phpath = Strings::escapeTags(trim(defaults($_POST, 'phpath', ''                          )));
 
-                               $adminmail = Strings::removeTags(trim(defaults($_POST, 'adminmail', '')));
+                               $adminmail = Strings::escapeTags(trim(defaults($_POST, 'adminmail', '')));
 
                                $timezone = defaults($_POST, 'timezone', Core\Installer::DEFAULT_TZ);
                                /* Installed langs */

diff --git a/src/Module/Login.php b/src/Module/Login.php
index 7cf1bd8787c0239c7532fb05d8a736d082e2ccbe..0cc65c3c32846b2b44cac98a67b849e63c3c6445 100644 (file)
--- a/src/Module/Login.php
+++ b/src/Module/Login.php
@@ -149,7 +149,7 @@ class Login extends BaseModule
                                );
                        }
                } catch (Exception $e) {
-                       Logger::log('authenticate: failed login attempt: ' . Strings::removeTags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
+                       Logger::log('authenticate: failed login attempt: ' . Strings::escapeTags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
                        info('Login failed. Please check your credentials.' . EOL);
                        $a->internalRedirect();
                }

diff --git a/src/Network/Probe.php b/src/Network/Probe.php
index 60250a5a00f782214593a73f3e9af4d7006d19ee..d870e06f9711f1e90a6bf01aa21bdfe418cfd2f7 100644 (file)
--- a/src/Network/Probe.php
+++ b/src/Network/Probe.php
@@ -1674,7 +1674,7 @@ class Probe
                                                }
                                        }
 
-                                       $data["name"] = Strings::removeTags($data["name"]);
+                                       $data["name"] = Strings::escapeTags($data["name"]);
                                }
                        }
                }

diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php
index a430b26468787b50b966bd03b13c05ba56c987a9..ff50811838e9883b37b1fc3ea5ae9697c02bb2f8 100644 (file)
--- a/src/Protocol/DFRN.php
+++ b/src/Protocol/DFRN.php
@@ -2494,7 +2494,7 @@ class DFRN
                $item["body"] = XML::getFirstNodeValue($xpath, "dfrn:env/text()", $entry);
                $item["body"] = str_replace([' ',"\t","\r","\n"], ['','','',''], $item["body"]);
                // make sure nobody is trying to sneak some html tags by us
-               $item["body"] = Strings::removeTags(Strings::base64UrlDecode($item["body"]));
+               $item["body"] = Strings::escapeTags(Strings::base64UrlDecode($item["body"]));
 
                $item["body"] = BBCode::limitBodySize($item["body"]);
 

diff --git a/src/Protocol/Diaspora.php b/src/Protocol/Diaspora.php
index 0434dcef65b1b53727bd2a915ca4b767ed02a9cd..d59eb7a0ad268c302b510eb341011d37b9313a2d 100644 (file)
--- a/src/Protocol/Diaspora.php
+++ b/src/Protocol/Diaspora.php
@@ -1506,9 +1506,9 @@ class Diaspora
         */
        private static function receiveAccountMigration(array $importer, $data)
        {
-               $old_handle = Strings::removeTags(XML::unescape($data->author));
-               $new_handle = Strings::removeTags(XML::unescape($data->profile->author));
-               $signature = Strings::removeTags(XML::unescape($data->signature));
+               $old_handle = Strings::escapeTags(XML::unescape($data->author));
+               $new_handle = Strings::escapeTags(XML::unescape($data->profile->author));
+               $signature = Strings::escapeTags(XML::unescape($data->signature));
 
                $contact = self::contactByHandle($importer["uid"], $old_handle);
                if (!$contact) {
@@ -1566,7 +1566,7 @@ class Diaspora
         */
        private static function receiveAccountDeletion($data)
        {
-               $author = Strings::removeTags(XML::unescape($data->author));
+               $author = Strings::escapeTags(XML::unescape($data->author));
 
                $contacts = DBA::select('contact', ['id'], ['addr' => $author]);
                while ($contact = DBA::fetch($contacts)) {
@@ -1657,19 +1657,19 @@ class Diaspora
         */
        private static function receiveComment(array $importer, $sender, $data, $xml)
        {
-               $author = Strings::removeTags(XML::unescape($data->author));
-               $guid = Strings::removeTags(XML::unescape($data->guid));
-               $parent_guid = Strings::removeTags(XML::unescape($data->parent_guid));
+               $author = Strings::escapeTags(XML::unescape($data->author));
+               $guid = Strings::escapeTags(XML::unescape($data->guid));
+               $parent_guid = Strings::escapeTags(XML::unescape($data->parent_guid));
                $text = XML::unescape($data->text);
 
                if (isset($data->created_at)) {
-                       $created_at = DateTimeFormat::utc(Strings::removeTags(XML::unescape($data->created_at)));
+                       $created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
                } else {
                        $created_at = DateTimeFormat::utcNow();
                }
 
                if (isset($data->thread_parent_guid)) {
-                       $thread_parent_guid = Strings::removeTags(XML::unescape($data->thread_parent_guid));
+                       $thread_parent_guid = Strings::escapeTags(XML::unescape($data->thread_parent_guid));
                        $thr_uri = self::getUriFromGuid("", $thread_parent_guid, true);
                } else {
                        $thr_uri = "";
@@ -1774,24 +1774,24 @@ class Diaspora
         */
        private static function receiveConversationMessage(array $importer, array $contact, $data, $msg, $mesg, $conversation)
        {
-               $author = Strings::removeTags(XML::unescape($data->author));
-               $guid = Strings::removeTags(XML::unescape($data->guid));
-               $subject = Strings::removeTags(XML::unescape($data->subject));
+               $author = Strings::escapeTags(XML::unescape($data->author));
+               $guid = Strings::escapeTags(XML::unescape($data->guid));
+               $subject = Strings::escapeTags(XML::unescape($data->subject));
 
                // "diaspora_handle" is the element name from the old version
                // "author" is the element name from the new version
                if ($mesg->author) {
-                       $msg_author = Strings::removeTags(XML::unescape($mesg->author));
+                       $msg_author = Strings::escapeTags(XML::unescape($mesg->author));
                } elseif ($mesg->diaspora_handle) {
-                       $msg_author = Strings::removeTags(XML::unescape($mesg->diaspora_handle));
+                       $msg_author = Strings::escapeTags(XML::unescape($mesg->diaspora_handle));
                } else {
                        return false;
                }
 
-               $msg_guid = Strings::removeTags(XML::unescape($mesg->guid));
-               $msg_conversation_guid = Strings::removeTags(XML::unescape($mesg->conversation_guid));
+               $msg_guid = Strings::escapeTags(XML::unescape($mesg->guid));
+               $msg_conversation_guid = Strings::escapeTags(XML::unescape($mesg->conversation_guid));
                $msg_text = XML::unescape($mesg->text);
-               $msg_created_at = DateTimeFormat::utc(Strings::removeTags(XML::unescape($mesg->created_at)));
+               $msg_created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($mesg->created_at)));
 
                if ($msg_conversation_guid != $guid) {
                        Logger::log("message conversation guid does not belong to the current conversation.");
@@ -1862,11 +1862,11 @@ class Diaspora
         */
        private static function receiveConversation(array $importer, $msg, $data)
        {
-               $author = Strings::removeTags(XML::unescape($data->author));
-               $guid = Strings::removeTags(XML::unescape($data->guid));
-               $subject = Strings::removeTags(XML::unescape($data->subject));
-               $created_at = DateTimeFormat::utc(Strings::removeTags(XML::unescape($data->created_at)));
-               $participants = Strings::removeTags(XML::unescape($data->participants));
+               $author = Strings::escapeTags(XML::unescape($data->author));
+               $guid = Strings::escapeTags(XML::unescape($data->guid));
+               $subject = Strings::escapeTags(XML::unescape($data->subject));
+               $created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
+               $participants = Strings::escapeTags(XML::unescape($data->participants));
 
                $messages = $data->message;
 
@@ -1920,11 +1920,11 @@ class Diaspora
         */
        private static function receiveLike(array $importer, $sender, $data)
        {
-               $author = Strings::removeTags(XML::unescape($data->author));
-               $guid = Strings::removeTags(XML::unescape($data->guid));
-               $parent_guid = Strings::removeTags(XML::unescape($data->parent_guid));
-               $parent_type = Strings::removeTags(XML::unescape($data->parent_type));
-               $positive = Strings::removeTags(XML::unescape($data->positive));
+               $author = Strings::escapeTags(XML::unescape($data->author));
+               $guid = Strings::escapeTags(XML::unescape($data->guid));
+               $parent_guid = Strings::escapeTags(XML::unescape($data->parent_guid));
+               $parent_type = Strings::escapeTags(XML::unescape($data->parent_type));
+               $positive = Strings::escapeTags(XML::unescape($data->positive));
 
                // likes on comments aren't supported by Diaspora - only on posts
                // But maybe this will be supported in the future, so we will accept it.
@@ -2029,11 +2029,11 @@ class Diaspora
         */
        private static function receiveMessage(array $importer, $data)
        {
-               $author = Strings::removeTags(XML::unescape($data->author));
-               $guid = Strings::removeTags(XML::unescape($data->guid));
-               $conversation_guid = Strings::removeTags(XML::unescape($data->conversation_guid));
+               $author = Strings::escapeTags(XML::unescape($data->author));
+               $guid = Strings::escapeTags(XML::unescape($data->guid));
+               $conversation_guid = Strings::escapeTags(XML::unescape($data->conversation_guid));
                $text = XML::unescape($data->text);
-               $created_at = DateTimeFormat::utc(Strings::removeTags(XML::unescape($data->created_at)));
+               $created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
 
                $contact = self::allowedContactByHandle($importer, $author, true);
                if (!$contact) {
@@ -2104,8 +2104,8 @@ class Diaspora
         */
        private static function receiveParticipation(array $importer, $data)
        {
-               $author = strtolower(Strings::removeTags(XML::unescape($data->author)));
-               $parent_guid = Strings::removeTags(XML::unescape($data->parent_guid));
+               $author = strtolower(Strings::escapeTags(XML::unescape($data->author)));
+               $parent_guid = Strings::escapeTags(XML::unescape($data->parent_guid));
 
                $contact_id = Contact::getIdForURL($author);
                if (!$contact_id) {
@@ -2197,7 +2197,7 @@ class Diaspora
         */
        private static function receiveProfile(array $importer, $data)
        {
-               $author = strtolower(Strings::removeTags(XML::unescape($data->author)));
+               $author = strtolower(Strings::escapeTags(XML::unescape($data->author)));
 
                $contact = self::contactByHandle($importer["uid"], $author);
                if (!$contact) {
@@ -2574,13 +2574,13 @@ class Diaspora
         */
        private static function receiveReshare(array $importer, $data, $xml)
        {
-               $author = Strings::removeTags(XML::unescape($data->author));
-               $guid = Strings::removeTags(XML::unescape($data->guid));
-               $created_at = DateTimeFormat::utc(Strings::removeTags(XML::unescape($data->created_at)));
-               $root_author = Strings::removeTags(XML::unescape($data->root_author));
-               $root_guid = Strings::removeTags(XML::unescape($data->root_guid));
+               $author = Strings::escapeTags(XML::unescape($data->author));
+               $guid = Strings::escapeTags(XML::unescape($data->guid));
+               $created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
+               $root_author = Strings::escapeTags(XML::unescape($data->root_author));
+               $root_guid = Strings::escapeTags(XML::unescape($data->root_guid));
                /// @todo handle unprocessed property "provider_display_name"
-               $public = Strings::removeTags(XML::unescape($data->public));
+               $public = Strings::escapeTags(XML::unescape($data->public));
 
                $contact = self::allowedContactByHandle($importer, $author, false);
                if (!$contact) {
@@ -2666,9 +2666,9 @@ class Diaspora
         */
        private static function itemRetraction(array $importer, array $contact, $data)
        {
-               $author = Strings::removeTags(XML::unescape($data->author));
-               $target_guid = Strings::removeTags(XML::unescape($data->target_guid));
-               $target_type = Strings::removeTags(XML::unescape($data->target_type));
+               $author = Strings::escapeTags(XML::unescape($data->author));
+               $target_guid = Strings::escapeTags(XML::unescape($data->target_guid));
+               $target_type = Strings::escapeTags(XML::unescape($data->target_type));
 
                $person = self::personByHandle($author);
                if (!is_array($person)) {
@@ -2730,7 +2730,7 @@ class Diaspora
         */
        private static function receiveRetraction(array $importer, $sender, $data)
        {
-               $target_type = Strings::removeTags(XML::unescape($data->target_type));
+               $target_type = Strings::escapeTags(XML::unescape($data->target_type));
 
                $contact = self::contactByHandle($importer["uid"], $sender);
                if (!$contact && (in_array($target_type, ["Contact", "Person"]))) {
@@ -2775,12 +2775,12 @@ class Diaspora
         */
        private static function receiveStatusMessage(array $importer, SimpleXMLElement $data, $xml)
        {
-               $author = Strings::removeTags(XML::unescape($data->author));
-               $guid = Strings::removeTags(XML::unescape($data->guid));
-               $created_at = DateTimeFormat::utc(Strings::removeTags(XML::unescape($data->created_at)));
-               $public = Strings::removeTags(XML::unescape($data->public));
+               $author = Strings::escapeTags(XML::unescape($data->author));
+               $guid = Strings::escapeTags(XML::unescape($data->guid));
+               $created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
+               $public = Strings::escapeTags(XML::unescape($data->public));
                $text = XML::unescape($data->text);
-               $provider_display_name = Strings::removeTags(XML::unescape($data->provider_display_name));
+               $provider_display_name = Strings::escapeTags(XML::unescape($data->provider_display_name));
 
                $contact = self::allowedContactByHandle($importer, $author, false);
                if (!$contact) {
@@ -2795,7 +2795,7 @@ class Diaspora
                $address = [];
                if ($data->location) {
                        foreach ($data->location->children() as $fieldname => $data) {
-                               $address[$fieldname] = Strings::removeTags(XML::unescape($data));
+                               $address[$fieldname] = Strings::escapeTags(XML::unescape($data));
                        }
                }
 

diff --git a/src/Util/Strings.php b/src/Util/Strings.php
index 7acf1c9ef27d8ce8949a57d272ddf050985d4056..48e580d67892587ab648f2f0960c8a5193094caf 100644 (file)
--- a/src/Util/Strings.php
+++ b/src/Util/Strings.php
@@ -31,14 +31,7 @@ class Strings
     }
 
     /**
-     * This is our primary input filter.
-     *
-     * The high bit hack only involved some old IE browser, forget which (IE5/Mac?)
-     * that had an XSS attack vector due to stripping the high-bit on an 8-bit character
-     * after cleansing, and angle chars with the high bit set could get through as markup.
-     *
-     * This is now disabled because it was interfering with some legitimate unicode sequences
-     * and hopefully there aren't a lot of those browsers left.
+     * @brief This is our primary input filter.
      *
      * Use this on any text input where angle chars are not valid or permitted
      * They will be replaced with safer brackets. This may be filtered further
@@ -47,7 +40,7 @@ class Strings
      * @param string $string Input string
      * @return string Filtered string
      */
-    public static function removeTags($string)
+    public static function escapeTags($string)
     {
         return str_replace(["<", ">"], ['[', ']'], $string);
     }

diff --git a/src/Worker/OnePoll.php b/src/Worker/OnePoll.php
index fcbcabd70994718940f9c27c5fc8f8f72c513efa..22fbf700a2d49f36a364b056cbb251f9649571eb 100644 (file)
--- a/src/Worker/OnePoll.php
+++ b/src/Worker/OnePoll.php
@@ -475,9 +475,9 @@ class OnePoll
                                                                        $datarray['title'] .= $subpart->text;
                                                                }
                                                        }
-                                                       $datarray['title'] = Strings::removeTags(trim($datarray['title']));
+                                                       $datarray['title'] = Strings::escapeTags(trim($datarray['title']));
 
-                                                       //$datarray['title'] = Strings::removeTags(trim($meta->subject));
+                                                       //$datarray['title'] = Strings::escapeTags(trim($meta->subject));
                                                        $datarray['created'] = DateTimeFormat::utc($meta->date);
 
                                                        // Is it a reply?

diff --git a/tests/src/Util/StringsTest.php b/tests/src/Util/StringsTest.php
index 352fe3089b52f97e71102e756bc1f5ae7112e60f..21349c848317d6d7657565e17de00734c7349335 100644 (file)
--- a/tests/src/Util/StringsTest.php
+++ b/tests/src/Util/StringsTest.php
@@ -73,7 +73,7 @@ class StringsTest extends TestCase
        {
                $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
 
-               $validstring = Strings::removeTags($invalidstring);
+               $validstring = Strings::escapeTags($invalidstring);
                $escapedString = Strings::escapeHtml($invalidstring);
 
                $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);

diff --git a/view/theme/frio/theme.php b/view/theme/frio/theme.php
index 6621fd554004146cbbce99d18dc82f3ffbfe4481..aa59081d91969cad9eebec4e9541466c78ef8486 100644 (file)
--- a/view/theme/frio/theme.php
+++ b/view/theme/frio/theme.php
@@ -301,7 +301,7 @@ function frio_remote_nav($a, &$nav)
  */
 function frio_acl_lookup(App $a, &$results)
 {
-       $nets = x($_GET, 'nets') ? Strings::removeTags(trim($_GET['nets'])) : '';
+       $nets = x($_GET, 'nets') ? Strings::escapeTags(trim($_GET['nets'])) : '';
 
        // we introduce a new search type, r should do the same query like it's
        // done in /src/Module/Contact.php for connections