introducing html_sprintf for easier sprintf'ing with htmlspecialchars

diff --git a/lib/util.php b/lib/util.php
index 1ff5b13b938b0bff8cb61d482119ba275b8523e5..66847a435004815c1569deb0ee3fdc137ecf0eaf 100644 (file)
--- a/lib/util.php
+++ b/lib/util.php
@@ -2429,3 +2429,12 @@ function common_strip_html($html, $trim=true, $save_whitespace=false)
     $text = html_entity_decode(strip_tags($html), ENT_QUOTES, 'UTF-8');
     return $trim ? trim($text) : $text;
 }
+
+function html_sprintf()
+{
+    $args = func_get_args();
+    for ($i=1; $i<count($args); $i++) {
+        $args[$i] = htmlspecialchars($args[$i]);
+    }
+    return call_user_func_array('sprintf', $args);
+}

diff --git a/plugins/Activity/ActivityPlugin.php b/plugins/Activity/ActivityPlugin.php
index 5144eb46662f3f86a4c1c25969b008aef3da4c99..d8f3c6c50228b2480befa3cc7efeb59ca80dd2a8 100644 (file)
--- a/plugins/Activity/ActivityPlugin.php
+++ b/plugins/Activity/ActivityPlugin.php
@@ -72,7 +72,7 @@ class ActivityPlugin extends Plugin
         // TRANS: Text for "started following" item in activity plugin.
         // TRANS: %1$s is a profile URL, %2$s is a profile name,
         // TRANS: %3$s is a profile URL, %4$s is a profile name.
-        $rendered = sprintf(_m('<a href="%1$s">%2$s</a> started following <a href="%3$s">%4$s</a>.'),
+        $rendered = html_sprintf(_m('<a href="%1$s">%2$s</a> started following <a href="%3$s">%4$s</a>.'),
                             $profile->getUrl(),
                             $profile->getBestName(),
                             $other->getUrl(),
@@ -110,7 +110,7 @@ class ActivityPlugin extends Plugin
         // TRANS: Text for "stopped following" item in activity plugin.
         // TRANS: %1$s is a profile URL, %2$s is a profile name,
         // TRANS: %3$s is a profile URL, %4$s is a profile name.
-        $rendered = sprintf(_m('<a href="%1$s">%2$s</a> stopped following <a href="%3$s">%4$s</a>.'),
+        $rendered = html_sprintf(_m('<a href="%1$s">%2$s</a> stopped following <a href="%3$s">%4$s</a>.'),
                             $profile->getUrl(),
                             $profile->getBestName(),
                             $other->getUrl(),
@@ -155,7 +155,7 @@ class ActivityPlugin extends Plugin
         // TRANS: Text for "stopped liking" item in activity plugin.
         // TRANS: %1$s is a profile URL, %2$s is a profile name,
         // TRANS: %3$s is a notice URL, %4$s is an author name.
-        $rendered = sprintf(_m('<a href="%1$s">%2$s</a> stopped liking <a href="%3$s">%4$s\'s update</a>.'),
+        $rendered = html_sprintf(_m('<a href="%1$s">%2$s</a> stopped liking <a href="%3$s">%4$s\'s update</a>.'),
                             $profile->getUrl(),
                             $profile->getBestName(),
                             $notice->getUrl(),
@@ -200,7 +200,7 @@ class ActivityPlugin extends Plugin
         // TRANS: Text for "joined group" item in activity plugin.
         // TRANS: %1$s is a profile URL, %2$s is a profile name,
         // TRANS: %3$s is a group URL, %4$s is a group name.
-        $rendered = sprintf(_m('<a href="%1$s">%2$s</a> joined the group <a href="%3$s">%4$s</a>.'),
+        $rendered = html_sprintf(_m('<a href="%1$s">%2$s</a> joined the group <a href="%3$s">%4$s</a>.'),
                             $profile->getUrl(),
                             $profile->getBestName(),
                             $group->homeUrl(),
@@ -241,7 +241,7 @@ class ActivityPlugin extends Plugin
         // TRANS: Text for "left group" item in activity plugin.
         // TRANS: %1$s is a profile URL, %2$s is a profile name,
         // TRANS: %3$s is a group URL, %4$s is a group name.
-        $rendered = sprintf(_m('<a href="%1$s">%2$s</a> left the group <a href="%3$s">%4$s</a>.'),
+        $rendered = html_sprintf(_m('<a href="%1$s">%2$s</a> left the group <a href="%3$s">%4$s</a>.'),
                             $profile->getUrl(),
                             $profile->getBestName(),
                             $group->homeUrl(),