"share" - now the attribut value for the "author" is escaped

diff --git a/include/bbcode.php b/include/bbcode.php
index f3c4e360d5abc22a2a9c817c7e19c987b6444741..384fd5ebd90a8aa1b156908143cc5e720705858a 100644 (file)
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -221,7 +221,7 @@ function bb_ShareAttributes($match) {
         $author = "";
         preg_match("/author='(.*?)'/ism", $attributes, $matches);
         if ($matches[1] != "")
-                $author = $matches[1];
+                $author = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8');
 
         preg_match('/author="(.*?)"/ism', $attributes, $matches);
         if ($matches[1] != "")

diff --git a/include/diaspora.php b/include/diaspora.php
index 5fd4a4d3fddc1dc5a20e711a4b00b45c02258aa4..dcbe0fadaa9d141fe58349cb572d50e08df69320 100755 (executable)
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -1025,7 +1025,7 @@ function diaspora_reshare($importer,$xml,$msg) {
        $datarray['owner-link'] = $contact['url'];
        $datarray['owner-avatar'] = ((x($contact,'thumb')) ? $contact['thumb'] : $contact['photo']);
        if (intval(get_config('system','new_share'))) {
-               $prefix = "[share author='".$person['name'].
+               $prefix = "[share author='".str_replace("'", "'",$person['name']).
                                "' profile='".$person['url'].
                                "' avatar='".((x($person,'thumb')) ? $person['thumb'] : $person['photo']).
                                "' link='".$orig_url."']";

diff --git a/include/items.php b/include/items.php
index 65c04f0a2f3ee238e7554c7475174c37d3a71d2a..cd25b5665e4627a264d4c83e605a6ca2ace061a5 100755 (executable)
--- a/include/items.php
+++ b/include/items.php
@@ -809,7 +809,7 @@ function get_atom_elements($feed,$item) {
                        logger('get_atom_elements: fixing sender of repeated message.');
 
                        if (intval(get_config('system','new_share'))) {
-                               $prefix = "[share author='".$name.
+                               $prefix = "[share author='".str_replace("'", "'",$name).
                                                "' profile='".$uri.
                                                "' avatar='".$avatar.
                                                "' link='".$orig_uri."']";

diff --git a/mod/share.php b/mod/share.php
index e372031bbf6b55d90bc70949bfe8ffc69e7e1a57..e307294a6db8aa5fe5e8ff8dd23da4a862c7ae91 100644 (file)
--- a/mod/share.php
+++ b/mod/share.php
@@ -23,7 +23,7 @@ function share_init(&$a) {
                        $pos = strpos($r[0]['body'], "[share");
                        $o = substr($r[0]['body'], $pos);
                } else {
-                       $o = "[share author='".$r[0]['author-name'].
+                       $o = "[share author='".str_replace("'", "'",$r[0]['author-name']).
                                "' profile='".$r[0]['author-link'].
                                "' avatar='".$r[0]['author-avatar'].
                                "' link='".$r[0]['plink']."']\n";

diff --git a/view/theme/vier/style.css b/view/theme/vier/style.css
index 425beb2bfb636021d06d1e32cad5b0d1584ef6ef..44e01a2b27b565984946398951edcb13e19b6f0d 100644 (file)
--- a/view/theme/vier/style.css
+++ b/view/theme/vier/style.css
@@ -1689,8 +1689,7 @@ ul.tabs a, #jot-preview-link, .comment-edit-submit-wrapper .fakelink {
     background: linear-gradient(top, #ffffff 0%,#ececf2 100%);
 }
 
-ul.tabs li .active, ul.tabs a:hover, #jot-preview-link:hover, .comment-edit-submit-wrapper .fakelink:hover, {
-
+ul.tabs li .active, ul.tabs a:hover, #jot-preview-link:hover, .comment-edit-submit-wrapper .fakelink:hover {
     color: #fff;
     text-shadow: 0px 1px 0px rgba(0, 0, 0, 0.5);
     border: 1px solid #ececf2;