]> git.mxchange.org Git - friendica.git/commitdiff
projects / friendica.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0e809b9)
don't allow tags in app source
authorFriendika <info@friendika.com>
Thu, 23 Jun 2011 22:58:43 +0000 (15:58 -0700)
committerFriendika <info@friendika.com>
Thu, 23 Jun 2011 22:58:43 +0000 (15:58 -0700)
addon/facebook/facebook.php patch | blob | history
include/items.php patch | blob | history
mod/item.php patch | blob | history

diff --git a/addon/facebook/facebook.php b/addon/facebook/facebook.php
index 4265ce80174f5d40ca05b53872cd6262566c166c..e9290b10e6aec3d1f4459e23d37b9963a520af7e 100644 (file)
--- a/addon/facebook/facebook.php
+++ b/addon/facebook/facebook.php
@@ -821,7 +821,7 @@ function fb_consume_stream($uid,$j,$wall = false) {
                                $datarray['owner-avatar'] = $self[0]['thumb'];
                        }
                        if(isset($entry->application) && isset($entry->application->name) && strlen($entry->application->name))
-                               $datarray['app'] = $entry->application->name;
+                               $datarray['app'] = strip_tags($entry->application->name);
                        else
                                $datarray['app'] = 'facebook';
                        $datarray['author-name'] = $from->name;
diff --git a/include/items.php b/include/items.php
index 5bcdaef9988c8e1e83497dee03d9936727f13590..3901927fcd673f801a156a2b7f2204db1ddefdc3 100644 (file)
--- a/include/items.php
+++ b/include/items.php
@@ -338,7 +338,7 @@ function get_atom_elements($feed,$item) {
 
        $apps = $item->get_item_tags(NAMESPACE_STATUSNET,'notice_info');
        if($apps && $apps[0]['attribs']['']['source']) {
-               $res['app'] = $apps[0]['attribs']['']['source'];
+               $res['app'] = strip_tags(unxmlify($apps[0]['attribs']['']['source']));
                if($res['app'] === 'web')
                        $res['app'] = 'OStatus';
        }                  
diff --git a/mod/item.php b/mod/item.php
index 9d7b954a84465a41d505a8b27d2d82c514817f2d..22eba7b3f5d3848d656edd4c68bc55ec66dc64f8 100644 (file)
--- a/mod/item.php
+++ b/mod/item.php
@@ -61,7 +61,7 @@ function item_post(&$a) {
 
        $profile_uid = ((x($_POST,'profile_uid')) ? intval($_POST['profile_uid']) : 0);
        $post_id     = ((x($_POST['post_id']))    ? intval($_POST['post_id'])     : 0);
-       $app         = ((x($_POST['source']))     ? notags($_POST['source'])      : '');
+       $app         = ((x($_POST['source']))     ? strip_tags($_POST['source'])  : '');
 
        if(! can_write_wall($a,$profile_uid)) {
                notice( t('Permission denied.') . EOL) ;
Unnamed repository; edit this file 'description' to name the repository.